Agent logging records the actions performed by specific Exchange anti-spam agents. The information written to the agent log depends on the agent, the SMTP event, and the action performed on the message.
What do you need to know before you begin?
Estimated time to complete: 15 minutes
You need to be assigned permissions before you can perform this procedure or procedures. To see what permissions you need, see the "Transport Service" and "Edge Transport server" entries in the Mail flow permissions topic.
By default, anti-spam features aren't enabled in the Transport service on a Mailbox server. Typically, you only enable the anti-spam features on a Mailbox server if your Exchange organization doesn't do any prior anti-spam filtering before accepting incoming messages. For more information, see Enable anti-spam functionality on Mailbox servers.
You can only use the Shell to perform this procedure.
If you set the AgentLogPath parameter to the value $null, you effectively disable agent logging. However, if you set AgentLogPath to $null when the value of the AgentLogEnabled parameter is $true, event log errors are generated. The preferred method to disable agent logging is to set AgentLogEnabled to $false.
Setting the AgentLogMaxAge parameter to the value 00:00:00 prevents the automatic removal of agent log files because of their age.
For detailed syntax and parameter information, see the AgentLog parameters in Set-TransportService.
How do you know this worked?
To verify that you have successfully configured anti-spam agent logging, do the following:
This module examines how to manage Safe Attachments in your Microsoft 365 tenant by creating and configuring policies and using transport rules to disable a policy from taking effect in certain scenarios. MS-102