Each event created by Exchange Server has a value for writing, based on which values the log information will be displayed in the application log in Event Viewer. The following table will introduce you to the Logging level and the numbers related to them:
Write level
Registryvalue
Exchange 2007 value
Describe
None
0
The shortest
Only errors and serious events are recorded, events with zero write level
Minimum
first
Low
Events with a record level of 1 or lower will be recorded
Medium
3
medium
Events with a level of 3 or lower will be recorded
Maximum
5
High
Events with a level equal to 5 or lower
Expert
7
Highest
Events with a level equal to 7 or lower
Table 01
Based on changes in the logging level in Exchange System Manager, the registry settings will receive some values related to the logging level, all Exchange components are placed in the registry path below:
There is also a public folder called Diagnostics and under that key are all the items of the service listed, the values shown in the table above can be configured.
The registry path and Diagnostics key are shown in Figure 02, this path can be used in both Exchange Server 2003 and Exchange Server 2007.
Managing log files of Exchange Server 2007 - Part 1 Picture 2 Figure 02
As you know, debugging needs to be used during troubleshooting. If you don't deal with your problems, you can set a level to minimize the value and purpose of increasing Exchange server performance.
Although there is no graphical user interface to manage Diagnostics logging levels in Exchange Server 2007, we can manage it by using Exchange Management Shell with the following two commands: Get-EventLogLevel and Set-EventLogLevel .
The Get-EventLogLevel command will list all components and configure the level of their respective items. The output of this command is shown in Figure 03.
Managing log files of Exchange Server 2007 - Part 1 Picture 3 Figure 03
By default, the Get-EventLogLevel command will run on the local server, in the later part of this series we will use it to retrieve information from the remote server.
Collect debugging information from the Exchange Management Shell
We have seen how to view the current Event Level of all components in Exchange Server 2007, now use some of the functions of PowerShell to improve management issues to have. get debug level for specific components.
It is possible to get debugging information from a specific component using the Identity column shown in Figure 3. Suppose that we can validate the debug level for the MSExchange Cluster item and the component Move, then use the following command:
Get-EventLogLevel 'MSExchange ClusterMove'
Another possible way to do this is to use only the name component or use the symbol to narrow the results. To use the name component, the string must be specified before the first slash (). Assuming that we want to check the debug level for Active Directory Access and its components, use the following command:
Get-EventLogLevel 'MSExchange ADAccess'
The second option gives the same result by using the notation shown in Figure 4.
Managing log files of Exchange Server 2007 - Part 1 Picture 4 Figure 04
Now that we know the symbol used with the Get-EventLogLevel command, we can use it to filter the results to a different level. You can search all categories based on a string or you can use categories and symbols to narrow down the search results easily. In Figure 5, there is an example pair that uses a symbol character, in the first symbol we will see the 'Transport' string in all the current server categories and in the second part we only have The components start with the letter 'C' under the MSExchange ADAccess component.
Managing log files of Exchange Server 2007 - Part 1 Picture 5 Figure 05
We are doing the first column filtering, Identity column , but we can also use EventLevel. Suppose that we want to validate all components with an average EventLevel, in this case, you can use the following command:
Since we know that the Medium level (Medium) corresponds to level 3 in the registry and this command will retrieve this information, we can list all items with Medium or higher values such as the command down here:
Get-EventLogLevel |where {$ _. EventLevel –ge 3}
Configure debugging levels
Now that we know how to list their items and Event levels, you can now start managing them using Set-EventLogLevel. To change the Logging level logging level, the following syntax can be used, in this example we will change the Topology child component of Microsoft Exchange Active Directory Access (MSExchange ADAccess) as the following command:
The level parameter may be one of the options listed in Table 1 (Exchange 2007 column), you can use the same principle as used in the previous command to define an average for multiple components. is using notation, for example:
Get-EventLogLevel 'MSExchange ADAccess * |Set-EventLogLevel –Level: Medium
See troubleshooting information
As mentioned above, we can view debugging information using Event Viewer (Figure 06) or use the Exchange Management Shell.
Managing log files of Exchange Server 2007 - Part 1 Picture 6 Figure 06
We can use Exchange Management Shell to retrieve information from the Event Viewer Application section, using the following command:
Get-EventLog Application
The above command will show the information stored in the Application section, although we can also use the same concept as used above to filter the results obtained. Assuming we want to list only the information related to MSExchangeFDS, use the following command:
The result of this command will only display entries that consider MSExchangeFDS as the source, if you want to read the information of the events, consider using '| At the end of the previous command, FL 'will show you details about each entry of the application log.
Add some examples
We have seen how to manage debugging information, but there are still many things we can do to manage the debug configuration in Exchange Server 2007. There are some common questions that users have. That is:
How can I see debugging information from the remote server? By default, the Get-EventLogLevel command returns information from the internal server, but you can use the –Server or Identity switch to specify a specific server, such as: Get-EventLogLevel –Server Get-EventLogLevel 'MSExchange ADAccess'
How can I list debugging levels for all components from the organization's Exchange server? You need to use an extension to get such information. This is the syntax: Get-ExchangeServer |ForEach {Get-EventLogLevel -Server $ _. Name}
How can I list all components that have a value greater than 3 in servers? Use the same principle of the previous question: Get-ExchangeServer |ForEach {Get-EventLogLevel -Server $ _. Name |where { $_.EventLevel -ge 3} }where {$ _. EventLevel -ge 3}}
How can the debugging level of items with specified levels be changed? You just need to make sure that the query is giving the right results and then adding a '|' and the Set-EventLogLevel command at the end with the new value you want. In this example, all items with an average debug level are changed to low. Get-EventLogLevel |where-object {$ _. EventLevel -eq 3} |Set-EventLogLevel -Level 1
Is it possible to do the same as the previous questions for network servers in a certain step? This is possible. In this example, we will find items with debug levels greater than 3 and they will be configured to be low (value 1), and this is the command to execute: Get-ExchangeServer |ForEach {Get-EventLogLevel -Server $ _. Name |where { $_.EventLevel -ge 3} } |where {$ _. EventLevel -ge 3}} |Set-EventLogLevel -Level 1
Conclude
In this article, I have shown you how to manage debug level configuration in Exchange Server 2007, and also introduced some examples so that you can manage multiple servers at the same time using the command line.