diTii.com Digital News Hub

Sign up with your email address to be the first to know about latest news and more.

I agree to have my personal information transfered to MailChimp (more information)


Exchange Server 2007: Advanced Transport Logs Troubleshooting using Log Parser – Part 1

Exchange Server 2007 uses new transport logs file formats that are easy to parse with one of our favorite Swiss Army knife tools, “Log Parser”.  Log Parser (also referred to as LP in the rest of this blog post) is commonly used for analyzing IIS log files or Windows Event logs. This first post will get you started on how to use Log Parser in the context of analyzing Exchange 2007 transport logs. The second part will lead you in-depth on how extract the essence of the log as it provides a lot of valuable information.

I have tried to write this post in a way that you can see how we came to final queries that we wanted to use, so we might walk through several versions of queries and show what different options we are adding.

To get started first download and install Log Parser from the following link:


I mentioned looking at IIS logs… if you have IIS installed, from a command line you can run:

logparser “select * from <1>” -o:DATAGRID

This query will return all fields from your IIS logs into a data grid where IIS SiteID=1. As you can see LP allows you to parse IIS logs using common SQL commands such as: select, where, group by, order by, etc.

The “logparser -h” switch returns the main help information. Below are the most useful help commands:

  • logparser-h FUNC – returns all LP functions
  • logparser-h GRAM – returns all LP grammar keywords
  • logparser-h EXAMPLES – returns additional sample queries

The beauty of this tool is that it can parse virtually any logs. As Exchange 2007 was released after Log Parser shipped we will use the CSV importer for our parsing.

So if you type “logparser-h -i:CSV” LP will return all additional options for the CSV input format.

Share This Story, Choose Your Platform!