Troubleshooting Exchange with LogParser: HttpProxy logs

Since Exchange 2013 the logging on an Exchange server was dramatically increased. Note: This doesn’t mean that other logs like IIS, HTTPERR, RCA and EWS are not important anymore. HttpProxy logs are only a subset of the logging!

By default the HttpProxy logs for various protocols can be found in <exchange server installation directory>\Logging\HttpProxy\<protocol>

HttpProxy_LogFolderAs you can see there is for each protocol a dedicated folder.

Why are these logs so important? Well, especially when you have a coexistence with Exchange 2007/2010 they will help you in case of connectivity issues as those Exchange logs have more details and you have a centralized place where you can extract the information you are looking for.

What do you need in order to parse those logs?

  • LogParser
  • a server from where you will run the script. this server needs SMB access to all Exchange server as we will access the RCA logs via UNC path
  • adjust the execution policy. Here is an example, which bypass the policy only for the running process:
    Set-ExecutionPolicy -Scope Process -ExecutionPolicy Bypass
  • the script itself

How it works?

The script uses this function to determine all the relevant Exchange servers from AD. Then it starts to build an array of paths, one path for each server.

The script accepts the following parameters:

Parameter

Description

UserID a given user you want to parse the logs for
UserIDs comma seperated list of users you want to parse the logs for
StartDate this is used for filtering the logfiles to be parsed. The format must be yyMMdd
EndDate this is used for filtering the logfiles to be parsed. The format must be yyMMdd
Logparser this is used for the path to LogParser.exe
ADSite here you can define in which ADSite is searched for Exchange server
Outpath where the output will be found
Logparser this is used for the path to LogParser.exe
ADSite here you can define in which ADSite is searched for Exchange server
Outpath where the output will be found
Protocols for which protocol you want to parse. If omitted logs of all protocols will be parsed. You can specify the protocols comma seperated. Valid input are “Autodiscover“,”Eas“,”Ecp“,”Ews“,”Mapi“,”Oab“,”Owa“,”OwaCalendar“,”Powershell“,”RpcHttp
ErrorReport return only errors for given UserID, UserIDs or just all
Localpath if you have log files in a local folder. There is no filtering by date! All files will be analyzed.

This is the default output and in the following format:

yyMMdd_HttpProxy_UserID_ADSite_HH-mm-ss.csv

and it contains basically the pure content of the logs

HTTPProxy_02

HTTPProxy_03HTTPProxy_04HTTPProxy_05The huge advantage is that you can extract the user or users related data within a short time without a lot of efforts from multiple serves. Or you can still examine already collected logs on your local machine.

If you are looking on how to collect logs from an Exchange server automatically, have a look into this post from The Exchange Team Blog.

Happy parsing! Feedback is always welcome!

Advertisements

3 thoughts on “Troubleshooting Exchange with LogParser: HttpProxy logs

  1. Great Article! I don’t deal with exchange much, but I am a big fan of logparser.

    I am attempting to convince Microsoft to open source LogParser. If you think this is a good idea would you please tell @gwalters69 so. I would love to update this took which hasn’t been updated in a decade. It needs UTF-16 support, and I’m sure I could make the datagrid view better.

    Like

  2. Pingback: What is uploadReadAheadSize? | The clueless guy

  3. Pingback: Exchange performance:Garbage Collection | The clueless guy

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s