Understanding Connectivity Logging
Applies to: Exchange Server 2010 SP3, Exchange Server 2010 SP2
Connectivity logging records the connection activity of the outbound message delivery queues that exist on computers running Microsoft Exchange Server 2010 that have the Hub Transport server role or the Edge Transport server role installed. The connectivity log tracks the connection activity from the sending queue to the destination Mailbox server, smart host, or domain. It isn't intended to track the transmission of individual e-mail messages. The following list describes the type of information recorded in the connectivity log:
Source queue, which can be the remote delivery queue or mailbox delivery queue
Destination Mailbox server, smart host, or domain
Domain Name System (DNS) resolution information
Detailed information about connection failures
Number of messages and bytes transmitted
You use the Set-TransportServer cmdlet in the Exchange Management Shell to perform all connectivity log configuration tasks. The following options are available for the connectivity logs on an Edge Transport server or Hub Transport server:
Enable or disable connectivity logging. The default is disabled.
Specify the location of the connectivity log files.
Specify a maximum size for the individual connectivity log files. The default size is 10 megabytes (MB).
Specify a maximum size for the directory that contains connectivity log files. The default size is 250 MB.
Specify a maximum age for the connectivity log files. The default age is 30 days.
By default, the Exchange 2010 server uses circular logging to limit the connectivity logs based on file size and file age to help control the hard disk space used by the connectivity log files.
Looking for management tasks related to connectivity logging? See Managing Transport Servers.
Structure of the Connectivity Log Files
By default, the connectivity log files exist in C:\Program Files\Microsoft\Exchange Server\V14\TransportRoles\Logs\Connectivity.
The naming convention for the connectivity log files is CONNECTLOGyyymmdd-nnnn.log. The placeholders represent the following information:
The placeholder yyyymmdd is the Coordinated Universal Time (UTC) date that the log file was created. The placeholder yyyy = year, mm = month, and dd = day.
The placeholder nnnn is an instance number that starts at the value of 1 for each day.
Information is written to the log file until the file size reaches its maximum specified value, and a new log file that has an incremented instance number is opened. This process is repeated throughout the day. Circular logging deletes the oldest log files when the connectivity log directory reaches its maximum specified size, or when a log file reaches its maximum specified age.
The connectivity log files are text files that contain data in the comma-separated value file (CSV) format. Each connectivity log file has a header that contains the following information:
#Software Name of the software that created the connectivity log file. Typically, the value is Microsoft Exchange Server.
#Version Version number of the software that created the connectivity log file. Currently, the value is 8.0.0.0.
#Log-Type Log type value, which is Transport Connectivity Log.
#Date UTC date-time when the log file was created. The UTC date-time is represented in the ISO 8601 date-time format: yyyy-mm-ddThh:mm:ss.fffZ, where yyyy = year, mm = month, dd = day, hh = hour, mm = minute, ss = second, fff = fractions of a second, and Z signifies Zulu, which is another way to denote UTC.
#Fields Comma delimited field names used in the connectivity log files.
Information Written to the Connectivity Log
The connectivity log stores each outbound queue connection event on a single line in the connectivity log. The information stored on each line is organized by fields. These fields are separated by commas. The following table describes the fields used to classify each outgoing queue event.
Fields used to classify each connection event
Field name | Description |
---|---|
date-time |
UTC date-time of the connection event, which is represented in the ISO 8601 format. The value is formatted as yyyy-mm-ddThh:mm:ss.fffZ, where yyyy = year, mm = month, dd = day, hh = hour, mm = minute, ss = second, fff = fractions of a second, and Z signifies Zulu, which is another way to denote UTC. |
session |
GUID that's unique for each SMTP session but is the same for each event associated with that SMTP session. For MAPI sessions, the session field is blank. |
source |
Value of SMTP for connections from the remote delivery queue, or the value of MAPI for connections from the mailbox delivery queue. |
Destination |
Name of the destination Mailbox server, smart host, or domain. |
direction |
Single character that represents the start, middle, or end of the connection. The possible values for the direction field are as follows:
|
description |
Text information associated with the connection event. The following values are examples of values for the description field:
|
When an outbound delivery queue establishes a connection to a destination Mailbox server, smart host, or domain, the queue may be prepared to send one message or several messages. The connection and message transmission processes generate multiple events written on multiple lines in the connectivity log. Simultaneous connections to different destinations create connectivity log entries related to different destinations that are interlaced. However, you can use the date-time, session, source, and direction fields to arrange the connectivity log entries for each separate connection from start to finish.
© 2010 Microsoft Corporation. All rights reserved.