MicrosoftВ® Windows PowerShell(TM) Step By Step (Step By Step (Microsoft))
A fundamental aspect of maintenance and troubleshooting involves the configuration and modification of logging settings on Exchange Server 2007. There are 152 different logs that can be configured using Windows PowerShell. In the “old days,” merely finding a listing of the Exchange Server log files was a rather specialized and difficult task to accomplish. When a problem arose on the Exchange Server, you had to call a Microsoft Support professional, who would simply walk you through the task of configuring logging, reproducing the problem, and then reading the appropriate log file. After reading the error message in the log file, more often than not, the situation became rather transparent.
In Exchange Server 2007, troubleshooting still consists of configuring the appropriate log file, but now you can easily do that yourself. For instance, to obtain a listing of all the event logs on your server, you use the Get-EventLogLevel cmdlet, as shown here:
Get-EventLogLevel
When this command is run, an output similar to that shown here appears. Notice the format of the Identity property because that is the required parameter to configure the logging level on any particular Exchange log.
Identity EventLevel -------- -------- MSExchange ActiveSync\Requests Lowest MSExchange ActiveSync\Configuration Lowest MSExchange Antispam\General Lowest MSExchange Assistants\Assistants Lowest MSExchange Autodiscover\Core Lowest
We can use the name of a specific Exchange log file with Get-EventLogLevel to retrieve information about a specific log file. This is shown here, where we obtain the logging level of the routing log:
Get-EventLogLevel routing
If we try to use the Set-EventLogLevel cmdlet to change the logging level to medium as shown here, an error occurs.
Set-EventLogLevel routing -Level medium
This is rather frustrating because the error that occurs says a specific error log must be supplied. However, we confirmed that the routing log only referred to a single event log.
Set-EventLogLevel : Cannot set the EventLog level on more than one category. You must specify a unique EventSource\Category. At line:1 char:18 + Set-EventLogLevel <<<< routing -Level medium
To try to identify what Windows PowerShell is expecting for the command, we can look at all the properties of the routing event log. To obtain these properties, we pipe the object returned by the Get-EventLogLevel cmdlet to the Format-List cmdlet, as shown here:
Get-EventLogLevel routing | Format-List *
When we examine the properties of the routing event log, we see that is not very complicated. When we use Get-Help on the Set-EventLoglevel, we see that it wants the Identity property of the log file. As shown here, this would be a lot of typing:
Identity : MSExchangeTransport\routing IsValid : True ObjectState : Unchanged Name : Routing Number : 4 EventLevel : Lowest
As we discussed earlier, the Get-EventLogLevel routing command only returns a single instance of an Exchange event log. We can use this fact to avoid typing. If we store the results of the Get-EventLogLevel routing command in a variable, as shown here, we can reuse that variable later:
$a = Get-EventLogLevel routing
Because the $a variable holds only the routing event log, we can now use the Identity property of the Routing Event Log object to refer to that specific log file. As shown here, we can use this reference to the routing event log when we use the Set-EventLogLevel cmdlet.
Set-EventLogLevel -Identity $a.Identity -Level medium
Reporting transport logging levels
-
Open Notepad or your favorite Windows PowerShell script editor.
-
Create a variable called $aryLog and use it to hold the object that is returned by using the Get-EventLogLevel cmdlet. At the end of the line, use the pipeline character (|) both to pass the object to another object and to break the line for readability. This line of code is shown here:
$aryLog = Get-EventLogLevel |
-
On the next line, use the Where-Object cmdlet to filter the current pipeline object on the Identity property and to do a regular expression match on the word transport. The line of code that does this is shown here:
where-object {$_.identity -match "transport"}
-
On the next line, use the ForEach command to walk through the array of Exchange transport logs contained in the $aryLog variable. Use the variable $strLog as the individual instance of the event log from inside the array. This line of code is shown here:
foreach ($strLog in $aryLog)
-
On the next line, open the code block with an opening curly bracket. Skip a couple of lines, and close the code block with a closing curly bracket. These two lines of code are shown here:
{ }
-
Inside the newly created code block, create a variable called $strLogIdent and use it to hold the object that is returned by querying the Identity property of the $strLog variable. This line of code is shown here:
$strLogIdent = $strLog.identity
-
On the next line, use the Get-EventLogLevel cmdlet. Pass the identity string stored in the $strLogIdent variable to the identity argument of the Get-EventLogLevel cmdlet. The line of code that does this is shown here:
Get-EventLogLevel -identity $strLogIdent
-
Save your script as yourname
ReportTransportLogging.ps1 and run it. You should see a list of 26 transport logs. If this is not the case, compare your script with Report TransportLogging.ps1 script. -
This concludes the reporting transport logging levels procedure.
Configuring transport logging levels
-
Open Notepad or your favorite Windows PowerShell script editor.
-
On the first line of your script, declare a variable called $strLevel and assign the value “medium” to it. This line of code is shown here:
$strLevel = "medium"
-
On the next line in your script, use the Get-EventLogLevel cmdlet to get a collection of Event Log objects. At the end of the line, use the pipeline character (|) to pass the object to the next line. At the beginning of the line, use the variable $aryLog to hold the resulting object. This line of code is shown here:
$aryLog = Get-EventLogLevel |
-
On the next line, use the Where-Object cmdlet to filter the current pipeline object on the Identity property and to do a regular expression match on the word transport. The line of code that does this is shown here:
where-object {$_.identity -match "transport"}
-
On the next line, use the ForEach command to walk through the array of Exchange transport logs contained in the $aryLog variable. Use the variable $strLog as the individual instance of the event log from inside the array. This line of code is shown here:
foreach ($strLog in $aryLog)
-
On the next line, open the code block with an opening curly bracket. Skip a couple of lines, and close the code block with a closing curly bracket. These two lines of code are shown here:
{ }
-
Inside the newly created code block, create a variable called $strLogIdent and use it to hold the object that is returned by querying the Identity property of the $strLog variable. This line of code is shown here:
$strLogIdent = $strLog.identity
-
On the next line in your script, use the Set-EventLogLevel cmdlet to set the logging level of the transport logs. Use the string contained in the $strLogIdent variable to supply the specific log identity to the identity argument of the cmdlet. Use the string in the $strLevel variable to supply the logging level to the level argument of the Set-EventLogLevel cmdlet. This code is shown here:
Set-EventLogLevel -identity $strLogIdent -level $strLevel
-
Save your script as yourname
ConfigureTransportLogging.ps1. Run your script. After a few seconds, you will see the prompt return, but no output. -
Run the
ReportTransportLogging.ps1 script. You should now see a listing of all the transport logs and see that their logging level has been changed to medium. -
If you do not see the logging level changed, open the
ConfigureTransportLogging.ps1 script and it compare it with yours. -
This concludes the configuring transport logging levels procedure.
Категории