Managing log files of Exchange Server 2007 - Part 1

In this article we will take a closer look at the troubleshooting process in Exchange Server 2007.
Anderson Patricio

Network Management - In this article, I will take a closer look at the troubleshooting process in Exchange Server 2007.

Manage debug levels in Exchange Server 2007

If you have ever done debugging in Exchange Server 2003, then you will definitely remember the Diagnostic Loggings tab in Exchange Server 2003, as shown in Figure 1 below. This is a very useful tab because you can see the main components on the rest, and for each component you can have one or more items to set different levels of logging, including sub-items. its.

Managing log files of Exchange Server 2007 - Part 1 Picture 1Managing log files of Exchange Server 2007 - Part 1 Picture 1
Figure 01

Each event created by Exchange Server has a value for writing, based on which values ​​the log information will be displayed in the application log in Event Viewer. The following table will introduce you to the Logging level and the numbers related to them:


Write level

Registry value

Exchange 2007 value

Describe

None

0

The shortest

Only errors and serious events are recorded, events with zero write level

Minimum

first

Low

Events with a record level of 1 or lower will be recorded

Medium

3

medium

Events with a level of 3 or lower will be recorded

Maximum

5

High

Events with a level equal to 5 or lower

Expert

7

Highest

Events with a level equal to 7 or lower

Table 01

Based on changes in the logging level in Exchange System Manager, the registry settings will receive some values ​​related to the logging level, all Exchange components are placed in the registry path below:

HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesDiagnostics

There is also a public folder called Diagnostics and under that key are all the items of the service listed, the values ​​shown in the table above can be configured.

The registry path and Diagnostics key are shown in Figure 02, this path can be used in both Exchange Server 2003 and Exchange Server 2007.

Managing log files of Exchange Server 2007 - Part 1 Picture 2Managing log files of Exchange Server 2007 - Part 1 Picture 2
Figure 02

As you know, debugging needs to be used during troubleshooting. If you don't deal with your problems, you can set a level to minimize the value and purpose of increasing Exchange server performance.

Although there is no graphical user interface to manage Diagnostics logging levels in Exchange Server 2007, we can manage it by using Exchange Management Shell with the following two commands: Get-EventLogLevel and Set-EventLogLevel .

The Get-EventLogLevel command will list all components and configure the level of their respective items. The output of this command is shown in Figure 03.

Managing log files of Exchange Server 2007 - Part 1 Picture 3Managing log files of Exchange Server 2007 - Part 1 Picture 3
Figure 03

By default, the Get-EventLogLevel command will run on the local server, in the later part of this series we will use it to retrieve information from the remote server.

Collect debugging information from the Exchange Management Shell

We have seen how to view the current Event Level of all components in Exchange Server 2007, now use some of the functions of PowerShell to improve management issues to have. get debug level for specific components.

It is possible to get debugging information from a specific component using the Identity column shown in Figure 3. Suppose that we can validate the debug level for the MSExchange Cluster item and the component Move, then use the following command:

Get-EventLogLevel 'MSExchange ClusterMove'

Another possible way to do this is to use only the name component or use the symbol to narrow the results. To use the name component, the string must be specified before the first slash (). Assuming that we want to check the debug level for Active Directory Access and its components, use the following command:

Get-EventLogLevel 'MSExchange ADAccess'

The second option gives the same result by using the notation shown in Figure 4.

Managing log files of Exchange Server 2007 - Part 1 Picture 4Managing log files of Exchange Server 2007 - Part 1 Picture 4
Figure 04

Now that we know the symbol used with the Get-EventLogLevel command, we can use it to filter the results to a different level. You can search all categories based on a string or you can use categories and symbols to narrow down the search results easily. In Figure 5, there is an example pair that uses a symbol character, in the first symbol we will see the 'Transport' string in all the current server categories and in the second part we only have The components start with the letter 'C' under the MSExchange ADAccess component.

Managing log files of Exchange Server 2007 - Part 1 Picture 5Managing log files of Exchange Server 2007 - Part 1 Picture 5
Figure 05

We are doing the first column filtering, Identity column , but we can also use EventLevel. Suppose that we want to validate all components with an average EventLevel, in this case, you can use the following command:

Get-EventLogLevel | where {$ _. EventLevel -eq "Medium"}

Since we know that the Medium level (Medium) corresponds to level 3 in the registry and this command will retrieve this information, we can list all items with Medium or higher values ​​such as the command down here:

Get-EventLogLevel | where {$ _. EventLevel –ge 3}

Configure debugging levels

Now that we know how to list their items and Event levels, you can now start managing them using Set-EventLogLevel. To change the Logging level logging level, the following syntax can be used, in this example we will change the Topology child component of Microsoft Exchange Active Directory Access (MSExchange ADAccess) as the following command:

Set-EventLogLevel 'MSExchange ADAccessGeneral' –Level Expert

The level parameter may be one of the options listed in Table 1 (Exchange 2007 column), you can use the same principle as used in the previous command to define an average for multiple components. is using notation, for example:

Get-EventLogLevel 'MSExchange ADAccess * | Set-EventLogLevel –Level: Medium

See troubleshooting information

As mentioned above, we can view debugging information using Event Viewer (Figure 06) or use the Exchange Management Shell.

Managing log files of Exchange Server 2007 - Part 1 Picture 6Managing log files of Exchange Server 2007 - Part 1 Picture 6
Figure 06

We can use Exchange Management Shell to retrieve information from the Event Viewer Application section, using the following command:

Get-EventLog Application

The above command will show the information stored in the Application section, although we can also use the same concept as used above to filter the results obtained. Assuming we want to list only the information related to MSExchangeFDS, use the following command:

Get-EventLog application | where {$ _. Source -eq "MSExchangeFDS"}

The result of this command will only display entries that consider MSExchangeFDS as the source, if you want to read the information of the events, consider using '| At the end of the previous command, FL 'will show you details about each entry of the application log.

Add some examples

We have seen how to manage debugging information, but there are still many things we can do to manage the debug configuration in Exchange Server 2007. There are some common questions that users have. That is:

  1. How can I see debugging information from the remote server?
    By default, the Get-EventLogLevel command returns information from the internal server, but you can use the –Server or Identity switch to specify a specific server, such as:
    Get-EventLogLevel –Server
    Get-EventLogLevel 'MSExchange ADAccess'
  2. How can I list debugging levels for all components from the organization's Exchange server?
    You need to use an extension to get such information. This is the syntax:
    Get-ExchangeServer | ForEach {Get-EventLogLevel -Server $ _. Name}
  3. How can I list all components that have a value greater than 3 in servers?
    Use the same principle of the previous question:
    Get-ExchangeServer | ForEach {Get-EventLogLevel -Server $ _. Name | where { $_.EventLevel -ge 3} } where {$ _. EventLevel -ge 3}}
  4. How can the debugging level of items with specified levels be changed?
    You just need to make sure that the query is giving the right results and then adding a '|' and the Set-EventLogLevel command at the end with the new value you want. In this example, all items with an average debug level are changed to low.
    Get-EventLogLevel | where-object {$ _. EventLevel -eq 3} | Set-EventLogLevel -Level 1
  5. Is it possible to do the same as the previous questions for network servers in a certain step?
    This is possible. In this example, we will find items with debug levels greater than 3 and they will be configured to be low (value 1), and this is the command to execute:
    Get-ExchangeServer | ForEach {Get-EventLogLevel -Server $ _. Name | where { $_.EventLevel -ge 3} } | where {$ _. EventLevel -ge 3}} | Set-EventLogLevel -Level 1

Conclude

In this article, I have shown you how to manage debug level configuration in Exchange Server 2007, and also introduced some examples so that you can manage multiple servers at the same time using the command line.

5 ★ | 1 Vote