diTii.com Digital News Hub

Sign up with your email address to be the first to know about latest news and more.

I agree to have my personal information transfered to MailChimp (more information)


Exchange Server 2007: Advanced Transport Logs Troubleshooting using Log Parser – Part 1

Exchange Server 2007 uses new transport logs file formats that are easy to parse with one of our favorite Swiss Army knife tools, “Log Parser”.  Log Parser (also referred to as LP in the rest of this blog post) is commonly used for analyzing IIS log files or Windows Event logs. This first post will get you started on how to use Log Parser in the context of analyzing Exchange 2007 transport logs. The second part will lead you in-depth on how extract the essence of the log as it provides a lot of valuable information.

I have tried to write this post in a way that you can see how we came to final queries that we wanted to use, so we might walk through several versions of queries and show what different options we are adding.

To get started first download and install Log Parser from the following link:


I mentioned looking at IIS logs… if you have IIS installed, from a command line you can run:

logparser “select * from <1>” -o:DATAGRID

This query will return all fields from your IIS logs into a data grid where IIS SiteID=1. As you can see LP allows you to parse IIS logs using common SQL commands such as: select, where, group by, order by, etc.

The “logparser -h” switch returns the main help information. Below are the most useful help commands:

  • logparser-h FUNC – returns all LP functions
  • logparser-h GRAM – returns all LP grammar keywords
  • logparser-h EXAMPLES – returns additional sample queries

The beauty of this tool is that it can parse virtually any logs. As Exchange 2007 was released after Log Parser shipped we will use the CSV importer for our parsing.

So if you type “logparser-h -i:CSV” LP will return all additional options for the CSV input format.

  • -i:CSV – specify the CSV input parser of LP as there is no current Exchange 2007 LP Input parser. The CSV allows specifying the separator and in the case of the Exchange 2007 logs it is comma separated.
  • -nSkipLines:4 – specifies to skip 4 lines (The Exchange Transport Log file headers) before parsing logs. Note this is required because otherwise you are going to get into a single column named “
Share This Story, Choose Your Platform!

Get Latest News

Subscribe to Digital News Hub

Get our daily newsletter about the latest news in the industry.
First Name
Last Name
Email address
Secure and Spam free...