Read time: 5 minutes

Summary: Maintaining transaction logs meticulously is vital for system stability. This post discusses some significant practices to manage Exchange Server logging. You can learn these and use them in your Exchange environment to prevent any backlogs or downtime. The post also mentions Kernel for Exchange Server, which is a professional tool when it comes to data backup, restoration, and recovery.

Free Download 100% Secure

Logging is a process of recording activities, events, and transactions going on in the Microsoft Exchange environment. Maintaining logs is the primary method to monitor, troubleshoot, and maintain the health of the server. Transaction logs function as a sequential record keeper between the database and a user. Data remains in this temporary storage until it is written into the Exchange database.

If transaction logs become missing or corrupt, the system will face interruptions, dirty shutdowns, or data loss. It is, therefore, essential to be cautious while managing transaction logs. Reading this article will help you learn ‘Exchange Server Logging Best Practices’ to keep and maintain logs in the Exchange 2016, 2019, and SE (Subscription Edition) versions.

Types of logging in Exchange Server

In Exchange 2019 and later versions, you’ll encounter diverse types of logging to execute a specific function. We’re mentioning a selection of those here to provide a better understanding of how logging helps.

  1. Admin Audit Logging: Allows tracing changes and activities done by the administrator in the Exchange Server configuration and also records every cmdlet that the admin execute.
  2. Event Logging: Record information about critical errors and warnings about server that the Windows Event Viewer notices. It helps to monitor the overall health of the Exchange Server.
  3. Diagnostic Logging: Store information about specific components of the server. Admins use the information for troubleshooting and server analysis.
  4. Protocol Logging: Provide info about the SMTP conversation between the messaging server and the clients. Use protocol logs to analyze the mail flow in the Exchange Server.
  5. Connectivity Logging: Find records for message transmission done using the Transport service in the outbound settings.
  6. Message Tracking Logging: Show details of messages sent to or from a mailbox in the Exchange environment.

What are the benefits of Exchange Server logging?

In an Exchange Server, the logs are classified into diverse categories, and each one of them has a significant role to play. The logs help identify potential issues causing inefficiency in the Exchange environment and find a way to resolve them. Given are a couple of the reasons that explain the need to keep logs in a server.

  1. System Monitoring: Logging helps in keeping a record of system activities to monitor the health and performance of the Exchange Server.
  2. Quickly Find Error: It is easy to pinpoint the root of the issues and then implement appropriate solutions when you have logs with you.
  3. Performance Tuning: Logs store information about the performance metrics that the admin can check and tune the metrics to deliver the best performance.
  4. Enhanced Security: Admin uses the audit logs to perform security monitoring. Failed login attempts and unauthorized accesses are easy to detect and administer.
  5. Details of Mail Flow: Learn about the mail flow and get information about a message, such as sender, recipient, and delivery status.
  6. Data Recovery: Transaction logs store a backup of committed data. This helps in cases when you have to repair EDB files without zero data loss.

What are Exchange Server logging best practices?

To make sure your Exchange Server keeps a reliable record of all the logs, admins follow these practices.

  • Audit logging

    Audit logging is a crucial feature that allows recording any changes made on the server. It also helps to diagnose and detect if any issue arises and then find appropriate measures to rectify it.

  • Event logs monitoring

    In a server with audit logs enabled, the log files accumulate very quickly and in substantial numbers. It can consume unnecessary disk space. Make sure to export the data and get rid of it using some scripting or monitoring tool to restrict it from occupying unnecessary space. The tool will notify if there is any glitch in the Exchange server, so that it is processed just in time.

  • Circular logging

    Circular logging helps clear unnecessary storage. It overwrites the old transaction logs after the data is committed to database. With circular logging, it is easier to circulate the transaction logs. However, it limits data recovery to the most recent backup only. You can configure circular logging using the following command:

    • Set-MailboxDatabase -Identity “DatabaseName” -CircularLoggingEnabled $true

    In addition to circular logging, you can also use an EDB to PST converter to free up space in case you have multiple large obsolete mailboxes of old employees.

  • Log files security

    Sensitive data (like sender/recipient metadata) is stored in the log files created in the Exchange Server. Therefore, it’s crucial to secure the log files so that only authorized individuals have access to them. Admins also have the right to manage and restrict access to it.

  • Move log files to a dedicated drive

    It is advisable to store transaction logs on a separate drive from the mailbox database. It helps in improving the performance and speed of writing to and reading from the disk without delays.

    Separate databases and logs from the boot drive and keep them separate, even at the hardware level. Use ‘Move-DatabasePath’ in PowerShell to move the database log. Don’t forget to verify that there is enough space in both paths (existing and new ones). Execute it when the maintenance window is running, as it will unmount the database momentarily.

  • Regular backup

    Taking regular backups of the database and transaction logs prevents any data loss. The habit of taking backups helps in creating enough space in the disk by truncating the transaction logs.

  • Regular updates

    Regularly updating your Exchange Server as per the recent releases and patches is a good practice. The Exchange server updates can include making upgrades to logging and addressing known issues.

  • Track log files

    Maintain your database (DB) and mailboxes regularly. When you have DB and mailbox in large sizes, it leads to an increase in the number of log files. You can archive, backup, or even defragment your database so that it does not acquire massive space on the disk.

To take backups or defragment the database, administrators often utilize specialized tools like Kernel for Exchange Server recovery software. The tool allows creating multiple or a single PST files, which you can store to use whenever needed. In addition to creating a backup of a complete EDB file, the software makes it easy to restore deleted or corrupted files and mailboxes just by following a few simple steps, which means it’s a win-win situation for the admin.

Common Issues & Solutions to Exchange Server Logging

When you enable logging, you can experience a few troubles. A few of them with resolution are:

Problem Solution
Logs remain after a successful backup. No automatic log truncation Verify VSS writer status. If it is in a failed state, restart the Information Store or MSExchangeRepl services. Also make sure backup is set to “Full,” not “Copy.”
Log files are rapidly growing in the drive. Use Get-StoreUsageStatistics to quickly find the mailbox that is rapidly creating the log files. If possible, block in temporarily and move the log files to another disk.
Logs are not truncating due to a passive Check the log replication health using the Get-MailboxDatabaseCopyStatus. If you find a failed passive
database copy out of sync issue. copy, try to resume it or remove it to allow the active server to truncate logs.
Database not mounting due to missing logs or giving the Dirty Shutdown error. In such a case, you can perform a soft recovery with Eseutil /r. If logs are permanently lost, you must use a professional Exchange data recovery tool to restore data or restore from the latest backup.
Free Download 100% Secure

Conclusion

Logging is essential to keep track of activities going on in the Exchange Server. Reading this article will help you learn a handful of the Exchange Server logging best practices. It will make it easy for your organization’s administrator to maintain logs, improve performance, and identify issues (if any). It’s also advisable to have tools like Kernel for Exchange Server by your side to avoid any unforeseen circumstances, such as data loss or corruption.

Frequently Asked Questions

Q. How to recover a database with missing log files?

Ans. If you are using the native Exchange tool, eseutil, you will need all the logs for a successful recovery. In case the logs are missing, you must use a specialized Exchange Server recovery tool that can restore data from the EDB file directly.

Q. Why is my C drive filling up fast even after using a separate drive for logs?

Ans. This could be due to Managed Availability and other diagnostics logs, which are by default stored in the installation folder on your C drive. You can resolve it by manually moving these logs to another location.

Q. Can I delete the log files manually to free up the disk space?

Ans. No, don’t do it. Manually deleting the log files can lead to issues like Dirty Shutdown or data loss. When your disk is full, you must either move them to a large disk or perform a full backup with safe log truncation.

Kernel for Exchange Server
Related Posts
How to mail-enable/disable Public Folders in Exchange?
How to mail-enable/disable Public Folders in Exchange?
How to fix “Exchange database consistency check failed” issue?
How to fix “Exchange database consistency check failed” issue?
How to Repair a Corrupt Exchange Database?
How to Repair a Corrupt Exchange Database?