Microsoft Exchange Protocol Log Size

Although message tracking logs provide a lot of information regarding a message on an Microsoft Exchange infrastructure, there are many times that protocol logs have been proved to be the last resort for detailed information.

By default, Exchange has some restrictions on the maximum age or directory size for protocol logs. Although these will fit most of the organizations, I believe that you should check how long back in time your logs are with your currently configured limits and then configure those limits in order to have at least four to five days of logs.

The size of a protocol folder depends on the traffic on your server and on the type of the protocol. The receive logs are going to be more than the send logs and the transport logs are going to be more that the frontend transport logs, so pick a number for each of the four folders.

The below commands configure the transport and frontend transport service in a way that logs are not deleted until the size of the protocol logs directories are over 3500MB.

Set-TransportService -SendProtocolLogMaxDirectorySize 3500MB `
                     -ReceiveProtocolLogMaxDirectorySize 3500MB 

Set-FrontendTransportService -SendProtocolLogMaxDirectorySize 3500MB `
                             -ReceiveProtocolLogMaxDirectorySize 3500MB

Here's a quick way to determine how back in time your logs go:

Get-TransportService |
    %{
        Invoke-Command -ComputerName $_.Name `
                       -ScriptBlock {
                            Param ($path)

                            Get-ChildItem -Path $path -File |
                                Sort-Object -Property LastWriteTime |
                                    Select-Object -First 1

                        } -ArgumentList $_.ReceiveProtocolLogPath
    }

We get all the transport services and then we connect to every one of the servers and get the oldest file in the log folder. You can replace the "ReceiveProtocolLogPath" with "SendProtocolLogPath" to get the send protocol log and the "Get-TransportService" with "Get-FrontEndTransportService" to get the logs for the frontend transport service.

One more thing to do, check the maximum log age just in case it is less that the one you need!

Popular posts from this blog

Domain Controller Machine Password Reset

Configuring a Certificate on Exchange Receive Connector

Running Multiple NGINX Ingress Controllers in AKS