Exchange Server 2007: Logparser and Exchange logs

Right now there is no easy way to tell who is using Entourage, RPC/HTTP (Outlook Anywhere), Exchange ActiveSync, or OWA with what frequency. I have found Logparser to be very helpful in answering a lot of these questions. The tool is a bit intimidating to get started but once you get the hang of modifying […]

Right now there is no easy way to tell who is using Entourage, RPC/HTTP (Outlook Anywhere), Exchange ActiveSync, or OWA with what frequency. I have found Logparser to be very helpful in answering a lot of these questions. The tool is a bit intimidating to get started but once you get the hang of modifying some of my sample scripts you can accomplish a lot of detailed reporting. The following examples rely on the default IIS log settings. The most useful non-default column to enable is cs-bytes because with that you will be able to query on the amount of data as well. There are excellent built in examples and syntax help to modify the following to suit your own particular needs. Note that this should work the same on both Exchange 2003 and Exchange Server 2007.

Please note: the following scripts are samples and are not officially supported by Microsoft.

The following counts how many messages have been submitted by Entourage users and ranks them in descending order by domain/username:

logparser "select cs-username, Count(*) as DavMailSubmitted FROM c:\windows\system32\logfiles\w3svc1\ex*.log WHERE cs-uri-stem LIKE '%davmailsubmissionURI%' AND cs-username IS NOT NULL GROUP BY cs-username ORDER BY DavMailSubmitted desc" -rtp:-1

Output looks like this:

cs-username DavMailSubmitted
------------------ ----------------
DOMAIN\User1 153
DOMAIN\User2 148
DOMAIN\User3 143
DOMAIN\User4 141
DOMAIN\User5 138
DOMAIN\User6 130
DOMAIN\User7 124
DOMAIN\User8 124
DOMAIN\User9 121
...
Statistics:
-----------
Elements processed: 2010774
Elements output: 411
Execution time: 8.69 seconds

Full Article

Microsoft, Exchange Server, Exchange Server 2007, Log, Tips and Tricks, Tools, Mobility, Outlook Web Access, Tutotial, Knowledgebase, Article