Export (0) Print
Expand All

Understanding Connectivity Logging

Exchange 2010
 

Applies to: Exchange Server 2010 SP3, Exchange Server 2010 SP2

Topic Last Modified: 2009-11-18

Connectivity logging records the connection activity of the outbound message delivery queues that exist on computers running Microsoft Exchange Server 2010 that have the Hub Transport server role or the Edge Transport server role installed. The connectivity log tracks the connection activity from the sending queue to the destination Mailbox server, smart host, or domain. It isn't intended to track the transmission of individual e-mail messages. The following list describes the type of information recorded in the connectivity log:

  • Source queue, which can be the remote delivery queue or mailbox delivery queue

  • Destination Mailbox server, smart host, or domain

  • Domain Name System (DNS) resolution information

  • Detailed information about connection failures

  • Number of messages and bytes transmitted

You use the Set-TransportServer cmdlet in the Exchange Management Shell to perform all connectivity log configuration tasks. The following options are available for the connectivity logs on an Edge Transport server or Hub Transport server:

  • Enable or disable connectivity logging. The default is disabled.

  • Specify the location of the connectivity log files.

  • Specify a maximum size for the individual connectivity log files. The default size is 10 megabytes (MB).

  • Specify a maximum size for the directory that contains connectivity log files. The default size is 250 MB.

  • Specify a maximum age for the connectivity log files. The default age is 30 days.

By default, the Exchange 2010 server uses circular logging to limit the connectivity logs based on file size and file age to help control the hard disk space used by the connectivity log files.

Looking for management tasks related to connectivity logging? See Managing Transport Servers.

By default, the connectivity log files exist in C:\Program Files\Microsoft\Exchange Server\V14\TransportRoles\Logs\Connectivity.

The naming convention for the connectivity log files is CONNECTLOGyyymmdd-nnnn.log. The placeholders represent the following information:

  • The placeholder yyyymmdd is the Coordinated Universal Time (UTC) date that the log file was created. The placeholder yyyy = year, mm = month, and dd = day.

  • The placeholder nnnn is an instance number that starts at the value of 1 for each day.

Information is written to the log file until the file size reaches its maximum specified value, and a new log file that has an incremented instance number is opened. This process is repeated throughout the day. Circular logging deletes the oldest log files when the connectivity log directory reaches its maximum specified size, or when a log file reaches its maximum specified age.

The connectivity log files are text files that contain data in the comma-separated value file (CSV) format. Each connectivity log file has a header that contains the following information:

  • #Software   Name of the software that created the connectivity log file. Typically, the value is Microsoft Exchange Server.

  • #Version   Version number of the software that created the connectivity log file. Currently, the value is 8.0.0.0.

  • #Log-Type   Log type value, which is Transport Connectivity Log.

  • #Date   UTC date-time when the log file was created. The UTC date-time is represented in the ISO 8601 date-time format: yyyy-mm-ddThh:mm:ss.fffZ, where yyyy = year, mm = month, dd = day, hh = hour, mm = minute, ss = second, fff = fractions of a second, and Z signifies Zulu, which is another way to denote UTC.

  • #Fields   Comma delimited field names used in the connectivity log files.

The connectivity log stores each outbound queue connection event on a single line in the connectivity log. The information stored on each line is organized by fields. These fields are separated by commas. The following table describes the fields used to classify each outgoing queue event.

Fields used to classify each connection event

Field name Description

date-time

UTC date-time of the connection event, which is represented in the ISO 8601 format. The value is formatted as yyyy-mm-ddThh:mm:ss.fffZ, where yyyy = year, mm = month, dd = day, hh = hour, mm = minute, ss = second, fff = fractions of a second, and Z signifies Zulu, which is another way to denote UTC.

session

GUID that's unique for each SMTP session but is the same for each event associated with that SMTP session. For MAPI sessions, the session field is blank.

source

Value of SMTP for connections from the remote delivery queue, or the value of MAPI for connections from the mailbox delivery queue.

Destination

Name of the destination Mailbox server, smart host, or domain.

direction

Single character that represents the start, middle, or end of the connection. The possible values for the direction field are as follows:

  • +   Connect

  • -   Disconnect

  • >   Send

description

Text information associated with the connection event. The following values are examples of values for the description field:

  • Number and size of messages that were transmitted

  • DNS MX resource record resolution information for destination domains

  • DNS resolution information for destination Mailbox servers

  • Connection establishment messages

  • Connection failure messages

When an outbound delivery queue establishes a connection to a destination Mailbox server, smart host, or domain, the queue may be prepared to send one message or several messages. The connection and message transmission processes generate multiple events written on multiple lines in the connectivity log. Simultaneous connections to different destinations create connectivity log entries related to different destinations that are interlaced. However, you can use the date-time, session, source, and direction fields to arrange the connectivity log entries for each separate connection from start to finish.

 © 2010 Microsoft Corporation. All rights reserved.
Was this page helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft