When we talk about “logging” in Exchange Server 2010 it can mean a lot of different things.  Here are eight different types of logging that are performed by Exchange Server 2010 that email administrators need to understand.

Transaction Logging

Mailbox and Public Folder databases comprise two main parts – the database itself, and the transaction logs.

When changes occur in the database they are first written to a transaction log.  When the transaction is fully logged it is then committed to the database at a later time.  A checkpoint file is used to keep track of which logs have been committed to the database and which are not.  If there is a database or server problem, the server uses the checkpoint file to determine how to recover the database.

When a database is successfully backed up the committed transaction logs are removed from disk to reclaim disk space.

These log files are not human readable, but they are very important.  In many Exchange environments it is best practice to separate the database and logs on to distinct storage volumes so that a single storage failure does not destroy both the logs and the database at once.

Message Tracking Logs

Message tracking is an optional feature of Exchange that can keep track of all message activity on Edge Transport, Hub Transport, and Mailbox servers.  A message tracking report for any given email message in the organization can be generated showing all of the actions taken by servers along its delivery path (within the boundaries of the Exchange Organization).

Message tracking is typically used to troubleshoot email delivery problems, and for generating statistics on email traffic volumes.

Transport Agent Logs

Each of the anti-spam agents that can run on Edge Transport and Hub Transport servers generate their own log file of actions performed on messages.  These log files can be used for reporting on anti-spam performance, for which Exchange ships with several sample PowerShell scripts to parse the log file data.

Connectivity Logging

Connectivity logging occurs on Edge Transport and Hub Transport servers, and is used to track the delivery of outbound email messages to mailbox servers, smart hosts, or external domains.

Unlike message tracking logs the connectivity log only tracks activity for a message on that specific server, not every server within the Exchange Organization.

Protocol Logging

When an SMTP communication occurs between two servers all of the parts of the conversation are recorded in the protocol log.  Protocol logging can be enabled on any Send Connector or Receive Connector and used to troubleshoot mail delivery problems.

Similar to connectivity logging the log file only captures the SMTP conversation relative to that server.

IIS Logs

The Client Access Server role uses an instance of IIS to host the various web services such as OWA and ActiveSync.  This IIS website can perform its own logging which is useful for troubleshooting the HTTP and HTTPS connections between remote users and the Client Access Server.

Diagnostic Logging

Practically every service, agent, or component of Exchange is capable of writing diagnostic information to the Application Event Log on the server.  Some information is logged by default but during troubleshooting the administrator can configure diagnostic logging on specific components to get more log details to help find the problem.

Setup Logs

The final log type I will mention is the setup logs.  These log files are written during initial install of the Exchange server, or when any role is added or removed to an existing server, or when a server is installed with an update or service pack.

The setup logs contain a record of every action taken by the installer and are useful for verifying successful install of Exchange roles or updates.