Microsoft 1 Event Monitoring

Chapter 4: Enterprise Monitoring 63

Event Monitoring

When Exchange 2000 Server is running smoothly, event monitoring does not seem espe-

cially important. However, when performance is poor, you will quickly see the benefits of

event monitoring. Event Viewer is a useful source of information about Exchange 2000

Server, along with log files that you may choose to generate. Large organizations may

require an application such as Microsoft Operations Manager for reporting on Exchange

2000 Server events.

Event Viewer

Exchange reports to the Application event log. By default, it logs all critical events to the

Application log. By increasing the logging on particular Exchange services, you can ensure

that more data is available.

To enable logging for a particular Exchange service, right click the server in Exchange

System Manager, select Properties, and then select the Diagnostics Logging tab.

The logging levels are:

◆None – Only error messages are logged (the default setting on all the services)

◆Minimum – Warning messages and error messages are logged

◆Medium – Informational, warning, and error messages are logged

◆Maximum – Troubleshooting (extra detail), informational, warning, and error messages

are logged

You can log the following services in Exchange 2000 Server:

◆IMAP4Svc (IMAP4 Protocol)

◆MS-ExhangeAL (Address List)

◆MSExchangeIS\System (Information Store System)

◆MSExchangeIS\Mailbox (Information Store Mailbox)

◆MSExchangeIS\Public Folder (Information Store Public Folders)

◆MSExchangeSRS (Site Replication Service)

◆MSExchangeTransport (SMTP Routing Engine and Transport)

◆MSExchangeMTA (MTA Service)

◆MSExchangeSA (System Attendant Service)

◆POP3SVC (POP3 Protocol)

Under normal operating conditions, it is not necessary to set logging levels any higher than

minimum, because increasing logging rapidly fills your event log with a great deal of

unnecessary information. When issues arise, you can increase the level of logging to allow

you to diagnose the problem, reducing it again after the issue has been resolved.

The Windows 2000 Resource Kit includes elogdmp.exe, a utility which allows you to

dump the information in any Event Viewer log to a file for analysis elsewhere.

Contents

Main ii Contents Chapter 1 Introduction 1 Chapter 2 Capacity and Availability Management 11 Change and Configuration Management 37 Chapter 4 Enterprise Monitoring 53 Chapter 5 Protection 71 Chapter 6 Glossary 97 Support 89 Page Page Page Introduction Microsoft Operations Framework (MOF) Page How to Use This Guide Efficiency, Continuity, and Security Figure 1.2 Efficiency Continuity Security Chapter Outlines Planning and Deployment Service Level Agreements Features Performance Recovery Support Related Topics Page Capacity and Availability Management Capacity Management Page Page Availability Management Service Hours Service Availability Minimizing System Failures Decreasing Single Points of Failure Increasing the Reliability of Exchange 2000 Minimizing System Recovery Time Performance Tuning Making Changes to the Registry No Performance Optimizer Optimizable Features Tuning Considerations Upgrading from Exchange 5.5 to Exchange 2000 Tuning the Message Transfer Agent (MTA) Tuning SMTP Transport Mailroot Directory Location SMTP File Handles Page Store and ESE Tuning Online Store Maintenance Online Backups Choosing the Correct Maintenance Strategy Extensible Storage Engine (ESE) Heaps Store-Database Cache Size Page Log Buffers Tuning Active Directory Integration Page Tuning Outlook Web Access (OWA) Page Hardware Upgrades Page Change and Configuration Management Prerequisites Change Management Defining Change Type Step 1 Request for Change Is Submitted to Change Manager Step 2 Change Manager Assesses the RFC Step 3 Change Is Passed to IT Executive Committee for Approval Step 4 Change Is Passed to the Change Advisory Board for Scheduling Step 5 Change Is Passed to the Change Owner Step 6 Change Process Evaluation Minor and Standard Changes Scripting Minor and Standard Changes Security Software Control and Distribution Documentation Configuration Management Tools for Configuration Management Configuration Management and Change Management Configuration Items Page Page Page Defining Configuration Items Configuration Management and Exchange Maintaining the Configuration Management Database Change Management Ownership Security Backup Exchange System Policies Administering System Policies Page Enterprise Monitoring Prerequisites Performance Monitoring System Monitor Exchange 2000 Objects and Counters to Monitor Service or Resource Performance Object Information Store Counters SMTP Server MSExchangeMTA and MSExchangeMTAConnections MSExchangeIM Virtual Servers MSExchangeAL Windows 2000 Objects and Counters to Monitor Table 4.2 Subjects and Associated Objects and Counters Subsystem Object Counter Exchange Comments Subsystem Object Counter Exchange Comments Centralized Monitoring Event Monitoring Event Viewer Log Files Centralized Event Monitoring Availability Monitoring Monitoring and Status Tool Adding Services to the Default Configuration Monitoring Resources Notifications Status Disabling Server Monitoring Centralized Availability Monitoring Client Monitoring Page Page Protection Chapter Start Point Chapter End Point Protection Against Hacking Firewall Operations Maintaining Firewall Availability Ensuring That Only the Correct Traffic Passes Through the Firewall Monitoring Against Hacker Intrusion Dealing With Security Breaches Anti-Virus Measures Staying Current Dealing With Virus Infection Blocking Attachments at the Client Page Disaster Recovery Procedures Backing Up Page Offline Backup Disk Imaging Restoring Recovering Individual Messages Recovering Lost Mailboxes Recovering Exchange Stores and Storage Groups Full Exchange Server Recovery Recovering Exchange After Active Directory Failure Alternate Server Recovery Recovery Testing Page Page Support Providing Support for End Users Reducing End User Support Costs Page Problem Reporting Dealing with User Problems Notifying Users Exchange Problem Management Page Page Glossary