Protocol logging for POP3 and IMAP4
Applies to: Exchange Server 2013
You can use protocol logging to review the POP3 and IMAP4 connections in your Exchange environment. This can be useful if you're troubleshooting issues related to POP3 or IMAP4 performance.
Enabling POP3 and IMAP4 protocol logging
You can enable, disable, or change protocol logging using the Exchange Management Shell. If you enable protocol logging using the Shell, the default protocol logging settings will be used. In most cases, the default settings will be sufficient.
Alternatively, you can enable, disable, and modify protocol logging options by editing the Microsoft.Exchange.Pop3.exe.config and Microsoft.Exchange.Imap4.exe.config configuration files located on your Microsoft Exchange Server 2013 Client Access server. For more information about how to manage POP3 and IMAP4 protocol settings, see Configure protocol logging for POP3 and IMAP4.
Reviewing the protocol log
The protocol log files are text files that contain data in the comma-separated value (CSV) file format. The protocol log stores each protocol event on a single line. The information stored on each line is organized by fields. These fields are separated by commas. The following table describes the fields that are used to classify each protocol event.
Fields used to classify each protocol event
| Field name | Description |
|---|---|
| date-time | The date and time of the protocol event. The value is formatted as yyyy-mm-ddhh:mm:ss.fffZ, where yyyy = year, mm = month, dd = day, hh = hour, mm = minute, ss = second, fff = fractions of a second, and Z signifies Zulu, which is another way to indicate Coordinated Universal Time (UTC). |
| connector-id | This field isn't used for POP3 and IMAP4 protocol logging. |
| session-id | A GUID that uniquely identifies the SMTP session that is associated with a protocol event. |
| sequence-number | A counter that starts at 0 and is incremented for each event in the same session. |
| local-endpoint | The local endpoint of a POP3 or IMAP4 session. This consists of an IP address and TCP port number, formatted as follows: <IP address>:<port>. |
| remote-endpoint | The remote endpoint of a POP3 or IMAP4 session. This consists of an IP address and TCP port number, formatted as follows: <IP address>:<port>. |
| event | A single character that represents the protocol event. The possible values for the event are as follows:
|
| data | Text information that's associated with the POP3 or IMAP4 event. |
| context | This field isn't used for POP3 and IMAP4 protocol logging. |