Microsoft Exchange Transaction Logs

pts.
Tags:
DataCenter
Microsoft Exchange
Microsoft Office
Will Exchange transaction logs track changes an Exchange Administrator has made to the log purge intervals? For example, if all of a sudden, the Admin changed the intervals from purging every 7 days to purging every 2 days. Also, do transaction (or other) logs show if a specific email user regularly deleted his emails in his inbox and sent box, and, WHEN the user did the deletions? Thank you!

Answer Wiki

Thanks. We'll let you know when a new response is added.

Hello,

Exchange transaction logs track changes to Exchange databases for DR purposes, but do not log records of configuration changes or user activity.

Exchange offers diagnostics logging which when set up, will write entries into the Windows event log, but as far as I know there is no logging on the server side that tracks message deletions on a per user basis.

Good luck!

Good luck.

Discuss This Question: 2  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Stevesz
    One DOES NOT PURGE transaction logs. The proper way to handle transaction logs is to use an Exchange aware backup system (NTBackup would work fine), where the logs are read into the database and then removed by the backup program. Depending on the installation, one should be backing up the Exchange server at least once a day to have a good, relatively up to date backup to use in case the server decides to go south on you. Any transaction logs that remain available after a disaster can then be read into the recovered database to give you as little loss of data as is possible.
    2,015 pointsBadges:
    report
  • ColinNZ
    You need to understand what the transaction log files are used for: Every message transaction in exchange is first processed in memory, then stored in a transaction log file (very fast write time), and only then committed to the exchange database (comparatively slow write time). If circular logging is turned off (which it should be), transaction logs record every message transaction made since the last full exchange backup. If circular logging is turned on, the logs are overwritten as required. There are two basic rules to observe when setting up Exchange (with respect to logs): 1. Transaction logs should always be stored on a disk with fast access times. I don't think this is so much of an issue these days, however in the days of Exchange 5.5, the setup program would test your HD write speeds, and recommend a particular drive for transaction log storage. 2. Transaction logs should ALWAYS be stored on a different disk, to the main exchange database. Exchange disaster recovery procedures all assume that you have lost either the database, or the logs, but not both! (If you're after a 'recovery back to time of failure'). I use mirrored disks for c: (System and transaction logs) and RAID5 for d: (database). We initially used one RAID 5 array for the entire server. This was a bad, and very dangerous practice. If you loose two disks, or your RAID card fails you loose logs and database. Transaction logs are useful in two situations: 1. Exchange server fails - i.e. power is cut to the server. Because the write time to the transaction logs fast, only messages held only in memory will be lost. This should be minimal. On power up, exchange will read the transaction logs, and commit anything outstanding to the exchange database. As I understand it - this is also the case with circular logging turned on. 2. A Hard disk fails (unrecoverable) If the c: (containing your transaction logs) fails, then you still have the exchange database. There may be a few uncommitted emails missing. These emails are lost. Build a new server (Disaster Recovery). Connect your existing database, and you're up and running with minimal message loss. If the D: (containing the exchange database) fails, then you'd better hope that you had circular logging turned off and were doing regular backups. In this case you replace the d: drive, and restore the exchange database from the last backup. On completion of the restore, exchange will replay the transaction logs (24 hours worth if you are backing up daily) and recovers any changes to the database since the last backup. End result - even fewer emails lost than in the last example (c: drive failure). 3. All drives fail - or you have circular logging turned on (ie Transaction logs are of no use). In this case, the best you can hope for is to return your server back to the point of the last good backup. You lose any email transactions done since your last backup. Hopefully this less than 24 hour?s worth. However... I'm picking that you may be looking for a new job shortly after... I would recommend taking a look at the Exchange Disaster Recovery white papers on the Microsoft web site. Exchange 2000: http://support.microsoft.com/?id=326052 Or Google on: "disaster recovery" "white paper" exchange site:.microsoft.com Sorry, this was a little long winded, but also fairly simplistic. Colin
    0 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following