Maintaining and Troubleshooting

Understanding Message Tracking Logs

A separate message tracking log is created for each day that Exchange runs on your server. Each entry in the tracking log typically includes the date and time a message was sent; information about the sender, such as the client IP address and host name; and information about the recipients, such as their addresses and the number of recipients. The log can also record information about the message itself; for example, whether a message priority was set, whether the message was encrypted, the message ID, and the subject line of the message.

Each log typically begins with the following text:

# Message Tracking Log File # Exchange System Attendant Version # Date Time Client-IP Client-hostname Partner-name Server-hostname Server-IP Recipient-address Event-ID MSGID Priority Recipient-report-status Total-bytes Number-recipients Origination-time Encryption Service-version Linked-MSGID Message-Subject Sender-Address

This text will help you identify the information that each entry in the log file includes. You can specify the information you want to track. For more information about changing the information that is tracked, see the Windows 2000 documentation.

Use the following table to identify the information in message tracking entries. The first column identifies the order in which the information appears in the log entry. The second column identifies the name of the parameter that you can enable to track specific information. The third column describes the type of information logged and the format in which the recorded data is displayed.

Tip   Because the message tracking log can contain messages sent by Windows 2000 when a specific event occurs, log entries describe a message as an event.

Entry Order Name Description
1 Date Date of the event in coordinated universal time (UTC).
2 Time Time of the event in Greenwich mean time (GMT) time.
3 Client IP IP address of the sending client or system.
4 Client-Hostname Host name of the sending client system.
5 Partner-Name Name of the messaging service associated with the event. In Exchange, the partner-name is the message transfer agent (MTA) or Information Store.
6 Server-hostname Host name of server making the log entry.
7 Server IP IP address of the server making the log entry.
8 Recipient Address

Name of the message recipient or a proxy address.

This field is separated from the previous field by a line feed and is repeated for each recipient.

9 Event ID A number that represents the event type.
10 MSGID The message ID.
11 Priority Lists priorities as -1, 0, and 1, corresponding to low, normal, and high.
12 Recipient report status

The number of attempts required to deliver a report to the recipient, in which Delivered equals 0 and Not delivered equals 1. This field is repeated for each recipient.

13 Total-bytes Message length in bytes.
14 Number-recipients The number of recipients.
15 Origination-time Time in seconds it took to deliver the message.
16 Encryption The encryption type of the message body: identified as 0 if there is no encryption, 1 if the message is signed, and 2 if the message is encrypted. Encryption is tracked for each message, not for each recipient.
17 Service version Version of the service making the log entry.
18 Linked MSGID If there is a message ID (MSGID) from another service, it is provided to link the message across services.
19 Message Subject The subject of the message, truncated to 106 bytes.
20 Sender Address Primary address of the originating mailbox, if known. The address can be a Simple Mail Transfer Protocol (SMTP) address, X.400 address, or a domain name, depending on the transport.