From Splunk Wiki

Jump to: navigation, search

You will want to enable Exchange Message Tracking: The link below from explains, "By default, message tracking is not enabled in Exchange Server, but it is something that you will want to configure at the earliest possible opportunity. The only real downside to message tracking is that you will consume some extra system resources along the way. This is not a large concern these days on adequately powered systems."

Your tracking log files will be stored (by default) in a folder located at x:\Program Files\Exchsrvr\servername.log, where x is the volume you have installed Exchange Server onto. Inside this folder you will find a text file for each day that logs are being retained for. You can install a Splunk Windows forwarder to grab these messages in realtime.

For Exchange 2003 there is also a SplunkBase application that brings field names into compliance with the Splunk common information model.

Personal tools
Hot Wiki Topics

About Splunk >
  • Search and navigate IT data from applications, servers and network devices in real-time.
  • Download Splunk