Hi, I am a Log Analyst and iam corrently working on MS excahnge 2007. I require Info regading transaction logs. I have the following queries: 1. What sort of information is written in the transaction logs? 2. I am aware that they are present in binary format. Is there any tool or some way to convert them into readable format? 3. What are the fields that are recorded in the transaction logs?

From the sound of it, I would guess you have a DBA background trying to translate that information into the Exchange world. Unfortunately, I don’t believe there is a direct translation aside from the concept of a log file itself.

All mail data for a given Storage Group (not just a single database) is written to a given set of transaction logs, which are sequentially written with every Exchange transaction that occurred on the server. This includes new emails, sent mail, calendar, contacts, message state (read/unread), and anything else you can think of. The logs do not represent specific fields (as it may in the database world), but literally different transactions- so much so that you can virtually rebuild an entire database by replaying the log files. In addition to the transaction data written to the logs, there headers as well, specifying which database(s) this log belongs to, the previous and next expected database files, etc.

I won’t pretend to know every tool out there on the market, but ESEUTIL is going to be your best friend when working with the log files. Quest and others also have tools for massaging log files, but those are aimed at using them to recover Exchange databases and not for extracting data. In fact with the newer version of Exchange, trying to extract data out of a log file would be the equivalent to reaching into a bucket filled with 5 different colors of balls and expecting to pick-out the same color every time.

Maybe it might be more helpful if you explain what you are trying to do / accomplish.

