Exchange 2007 - Transaction Log Analysis
Here is a brief description of my issue. We are running Exchange Server 2007 with Enterprise Vault which archives e-mail during off hours 5 days a week. 3 of the 5 days a "random" storage group on one of our multiple mailboxes generates
30-40 GB worth of logs during the archival period. It is always the same storage group and mailbox and almost always the same amount of transaction logs generated.
I have copied off these logs and would like to analyze them to determine if they are associated with a particular mailbox/user or multiple mailboxes/users. The eseutil /mh command does not provide this type of information. Is there a way and/or free
tool I can use to do this? What I am really trying to do is determine if there is a corrupt item/mailbox on this storage group. Our queues are empty and when I use the message tracking log there are not a TON of e-mail being sent out that raise
red flags during this period.
Thanks in advance for the help.
December 16th, 2010 10:21am
Hi,
Please check the event log and post the error relating to this problem here for further research.Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. Thanks Gen Lin-MSFT
Free Windows Admin Tool Kit Click here and download it now
December 21st, 2010 1:30am
I really don't see any errors in the app logs that point to anything related to this.
I tried pulling a backup of the DB from last night to run a eseutil /ml and eseutil /g in hopes that it would shed some light on potential DB corruption but it came back with no errors.
Is there a good tool I can use to monitor the SG during the hours this is happening to determine what users mailbox this is linking to? If it can shed some light on any looped email that would help as well.
December 23rd, 2010 12:52pm
Here's a sample script that does some statistical analysis of message tracking logs. This is just a sample to show the methodology, and I don't know if the fields I chose for the examle will zero in on the problem or not (or if it will even help).
$int_msgid = @{}
$evt_id = @{}
$recpts = @{}
get-messagetrackinglog -server <servername> -resultsize unlimited -start "12/23/2010" |% {
$int_msgid[$_.internalmessageid] += 1
$evt_id[$_.eventid] += 1
if ($_.eventid -eq "deliver"){$_.recipients |% {$recpts[$_] += 1}}
}
Write-Host "`nEventID counts"
$evt_id.getenumerator() | sort -desc
Write-host "`nTop 10 message ids"
$int_msgid.getenumerator() | sort value -desc | select -first 10
Write-Host "`nTop 10 recipients"
$recpts.getenumerator() | sort value -desc | select -first 10[string](0..33|%{[char][int](46+("686552495351636652556262185355647068516270555358646562655775 0645570").substring(($_*2),2))})-replace " "
Free Windows Admin Tool Kit Click here and download it now
December 23rd, 2010 1:31pm