My private collection of articles found on the net, i dont own them but they helped me.: Managing Diagnostic Logging Powershell Exchange Server 2007

Personal collection of useful articles found on the web, NOT for public use, just for MY quick reference. Just in case you created one.
   Specializing in Office Communications Server, Exchange, Active Directory ,TMG 2010, ISA 2006,System Center Operations Manager and Powershell

Managing Diagnostic Logging Powershell Exchange Server 2007

For those familiar with the GUI interface for Exchange Server 2003 diagnostic logging the new Exchange Server 2007 diagnostic logging cmdlets might seem a little daunting at first.. But with a little PowerShell understanding they become much easier to manage. Lets take a look at a few examples.

First of all the two shell cmdlets we are going to use are Get-EventLogLevel and Set-EventLogLevel. Each does what the name suggests, and can be combined to manage multiple diagnostic logging items quickly and easily. The -Level parameter of each cmdlet determines what level of diagnostic logging is displayed. The levels you can choose are 0 (Lowest), 1 (Low), 3 (Medium), 5 (High), and 7 (Expert). Usually level 5 (High) is adequate but sometimes you will want level 7 (Expert). The default level is 0 (Lowest) and should always be reset once your troubleshooting is complete.

Running Get-EventLogLevel on its own will output a long list of diagnostic logging items.

[PS] C:\>Get-EventLogLevel

Identity                                                             EventLevel

--------                                                             ----------

MSExchange ActiveSync\Requests                                       Lowest

MSExchange ActiveSync\Configuration                                  Lowest

MSExchange Antispam\General                                          Lowest

MSExchange Autodiscover\Core                                         Lowest

MSExchange Autodiscover\Web                                          Lowest

...

To change the diagnostic logging level for one of these items we use Set-EventLogLevel.

[PS] C:\>Set-EventLogLevel "MSExchange ActiveSync\Requests" -Level 5

You can see the outcome of this by running Get-EventLogLevel again.

[PS] C:\>Get-EventLogLevel

Identity                                                             EventLevel

--------                                                             ----------

MSExchange ActiveSync\Requests                                       High

MSExchange ActiveSync\Configuration                                  Lowest

MSExchange Antispam\General                                          Lowest

MSExchange Autodiscover\Core                                         Lowest

....

Changing the level back is the same command with a different -Level value used.

[PS] C:\>Set-EventLogLevel "MSExchange ActiveSync\Requests" -Level 0

Now lets say you are troubleshooting a Public Folder issue and want to turn up all of the diagnostic logging items for Public Folders. You could run the Set-EventLogLevel cmdlet for each of the Public Folder logging items but that would be quite tedious as there are quite a few.

MSExchangeIS\9001 Public\Transport General                           Lowest

MSExchangeIS\9001 Public\General                                     Lowest

MSExchangeIS\9001 Public\Replication DS Updates                      Lowest

MSExchangeIS\9001 Public\Replication Incoming Messages               Lowest

MSExchangeIS\9001 Public\Replication Outgoing Messages               Lowest

MSExchangeIS\9001 Public\Replication NDRs                            Lowest

MSExchangeIS\9001 Public\Transport Sending                           Lowest

MSExchangeIS\9001 Public\Transport Delivering                        Lowest

MSExchangeIS\9001 Public\MTA Connections                             Lowest

MSExchangeIS\9001 Public\Logons                                      Lowest

MSExchangeIS\9001 Public\Access Control                              Lowest

MSExchangeIS\9001 Public\Send On Behalf Of                           Lowest

MSExchangeIS\9001 Public\Send As                                     Lowest

MSExchangeIS\9001 Public\Rules                                       Lowest

MSExchangeIS\9001 Public\Storage Limits                              Lowest

MSExchangeIS\9001 Public\Replication Site Folders                    Lowest

MSExchangeIS\9001 Public\Replication Expiry                          Lowest

MSExchangeIS\9001 Public\Replication Conflicts                       Lowest

MSExchangeIS\9001 Public\Replication Backfill                        Lowest

MSExchangeIS\9001 Public\Background Cleanup                          Lowest

MSExchangeIS\9001 Public\Replication Errors                          Lowest

MSExchangeIS\9001 Public\DS Synchronization                          Lowest

MSExchangeIS\9001 Public\Views                                       Lowest

MSExchangeIS\9001 Public\Replication General                         Lowest

MSExchangeIS\9001 Public\Download                                    Lowest

MSExchangeIS\9001 Public\Local Replication                           Lowest

With a little PowerShell syntax we can set the logging level of all of these items in a single command.

[PS] C:\>Get-EventLogLevel | where {$_.identity -like "MSExchangeIS\9001 Public\*"} | Set-EventLogLevel -Level 5

Get-EventLogLevel will show us the outcome of this.

[PS] C:\>Get-EventLogLevel | where {$_.identity -like "MSExchangeIS\9001 Public\*"}

Identity                                                             EventLevel

--------                                                             ----------

MSExchangeIS\9001 Public\Transport General                           High

MSExchangeIS\9001 Public\General                                     High

MSExchangeIS\9001 Public\Replication DS Updates                      High

MSExchangeIS\9001 Public\Replication Incoming Messages               High

MSExchangeIS\9001 Public\Replication Outgoing Messages               High

MSExchangeIS\9001 Public\Replication NDRs                            High

MSExchangeIS\9001 Public\Transport Sending                           High

MSExchangeIS\9001 Public\Transport Delivering                        High

MSExchangeIS\9001 Public\MTA Connections                             High

MSExchangeIS\9001 Public\Logons                                      High

MSExchangeIS\9001 Public\Access Control                              High

MSExchangeIS\9001 Public\Send On Behalf Of                           High

MSExchangeIS\9001 Public\Send As                                     High

MSExchangeIS\9001 Public\Rules                                       High

MSExchangeIS\9001 Public\Storage Limits                              High

MSExchangeIS\9001 Public\Replication Site Folders                    High

MSExchangeIS\9001 Public\Replication Expiry                          High

MSExchangeIS\9001 Public\Replication Conflicts                       High

MSExchangeIS\9001 Public\Replication Backfill                        High

MSExchangeIS\9001 Public\Background Cleanup                          High

MSExchangeIS\9001 Public\Replication Errors                          High

MSExchangeIS\9001 Public\DS Synchronization                          High

MSExchangeIS\9001 Public\Views                                       High

MSExchangeIS\9001 Public\Replication General                         High

MSExchangeIS\9001 Public\Download                                    High

MSExchangeIS\9001 Public\Local Replication                           High

To reset the logging levels when we are finished troubleshooting just use the same command string with the value for Lowest.

[PS] C:\>Get-EventLogLevel | where {$_.identity -like "MSExchangeIS\9001 Public\*"} | Set-EventLogLevel -Level 0

Now lets say you have a server with several different diagnostic logging items set to High, filling up your Application event log with entries. Some are Public Folder related, some are Transport related, and resetting them all would mean several individual commands. You also donâ€™t want to touch any of the items set to other levels such as Low.

[PS] C:\>Get-EventLogLevel | where {$_.EventLevel -ne "Lowest" -and $_.EventLevel -ne "Low"}

By piping that command to the Set-EventLogLevel cmdlet you can reset any logging item that is now already set to Lowest or Low.

[PS] C:\>Get-EventLogLevel | where {$_.EventLevel -ne "Lowest" -and $_.EventLevel -ne "Low"} | Set-EventLogLevel -Level 0

Now all of the various items that were set to Medium, High, or Expert levels have been reset to Lowest.

Posted by Madferret at 3 Feb 2010, 9:03 AM

Categories: Exchange 2007
Tags: Managing Diagnostic Logging Powershell Exchange Server 2007

Trackbacks

Trackback specific URL for this post

No trackbacks exist for this post.

Comments

No comments exist for this post.

Exchange 2010, Powershell, Active Directory 2008, Exchange 2007, OCS 2007 R2

Main Navigation

Managing Diagnostic Logging Powershell Exchange Server 2007

Trackbacks

Comments

Leave a comment

Back to Main Page

Twitter Link

Subscribe

Quick Search

Category Archives

Meigh External Links

Monthly Archives

Visitors

Calendar

Recent Posts

Comment Showcase

Recent Comments