Introduction to Log Parser and RCA Logs in Exchange 2016
Tracking Outlook Versions being used in your Exchange 2016 environment is always something that is asked by management as they need to know what legacy versions of Outlook are being used and to plan for upgrades.
In this article we will show you how to copy all the RCA Exchange Logs to a central location so that we can run it through Log Parser.
Log Parser will need to be installed and can be downloaded from Microsoft directly, the link below opens the Microsoft download page:
https://www.microsoft.com/en-us/download/details.aspx?id=24659Copying Exchange 2016 RPC Client Access Logs to a Central Location
To effectively copy the Exchange 2016 RPC Client Access logs to a central location, PowerShell scripts can be employed. These scripts enable administrators to automate the transfer process, ensuring that logs are centralized for analysis without manual intervention. A key requirement for this task is establishing a reliable file path where the logs will reside on the central server.
First, one must determine the source path of the RPC Client Access logs. Typically, these logs can be found in the directory structure of the Exchange installation, usually under C:Program Files\Microsoft\Exchange Server\V15\Logging\RPC Client Access\. The destination path must also be specified, which could be a network share on a centralized logging server that is accessible by the Exchange servers.
Below is a script that I put together to copy the RCA Logs files from all Exchange Servers. You will need to modify the fields below in the script:
- $sourceDir – This is location of the Exchange RCA log files, typically it will be the default in the script but change it if you have Exchange installed in another directory.
- $destServer – This is the server where you want to copy all the RCA Log files to
- $destDir – This is the folder to store the RCA logs on the destination server. In my example I used the location “C$\Installs\Outlook\Versions\Logs\
- $servers – This is where you add all the Exchange Mailbox Servers, separated by inverted commas and comma if more than 1 server is specified
Here is the PowerShell Script:
# Define the source directory and the destination server and directory
$sourceDir = "C$\Program Files\Microsoft\Exchange Server\V15\Logging\RPC Client Access\"
$destServer = "Server2" # Replace with your destination server name
$destDir = "C$\Installs\OutlookVersions\Logs\"
# List of source servers
$servers = @("Server1") # Add your source server names here
# Loop through each source server
foreach ($server in $servers) {
try {
# Get the top 10 logs sorted by creation time
$logs = Get-ChildItem -Path "\\$server\$sourceDir" -Filter *.log | Sort-Object CreationTime -Descending | Select-Object -First 10
# Copy each log to the destination directory on the destination server
foreach ($log in $logs) {
$destPath = Join-Path -Path "\\$destServer\$destDir" -ChildPath "$server-$($log.Name)"
Copy-Item -Path $log.FullName -Destination $destPath -ErrorAction Stop
}
Write-Host "Logs copied successfully from $server to $destServer"
} catch {
Write-Host "Error copying logs from $server to $destServer : $_"
}
}Verifying the Log Transfer Process
You can run the above from PowerShell ISE or PowerShell, make sure to check the location specified so that you see all the log files. They will have a naming convention of “ServerName-Logfile”
Once you have completed the above, you can move onto installing Log Parser.
Introduction to Log Parser and Its Capabilities
Log Parser is a versatile tool developed by Microsoft to analyze and process log files in various formats. It provides administrators with a seamless way to query, filter, and manipulate log data, making it highly beneficial for organizations that rely on complex systems such as Exchange 2016. The application leverages a SQL-like syntax, allowing users to create sophisticated queries that can extract meaningful insights from even the largest datasets. This feature is particularly useful when dealing with log files generated by Exchange 2016, as they can quickly grow extensive and convoluted.
One of Log Parser’s standout capabilities is its support for querying different types of log files, including text files, XML files, Windows Event Logs, and even databases. This flexibility enables IT professionals to consolidate their analysis efforts when dealing with multifaceted environments where multiple log formats are in use. The ability to perform analyses across different log types means that one can correlate data from Exchange 2016 logs with other application logs, providing a more comprehensive overview of system performance and issues.
Setting Up Log Parser for Analysis
Now that we have Log Parser installed, you can open the Application and run the command below:
"C:\Program Files (x86)\Log Parser 2.2\logparser.exe" "SELECT TO_LOWERCASE(EXTRACT_SUFFIX(client-name,0,'=')) as User,client-software as Software,client-software-version as Version,client-mode as Mode,client-ip as IP,protocol as Protocol INTO C:\Installs\OutlookVersions\ClientInfo.csv FROM 'C:\Installs\OutlookVersions\Logs\*.log' GROUP BY User,Software,Version,Mode,IP,Protocol ORDER BY User" -nSkipLines:4 -i:CSV -o:csvThe command run in Log Parser does the following:
- It skips the first 4 lines to get to the information we want as those lines are not important
- It creates a .CSV file that you can use
- it use the -i Switch to specify the file and the -o Switch on the format we want
The script above for Log Parser is not my own as I was missing the last part to skip the lines and belongs to Chris Lehr, his blog post is here:
https://blog.chrislehr.com/2019/01/reporting-on-office-versions-in-use.htmlOnce you have the CSV file, you can share this with the team that needs the info to plan your upgrades.
Hope you find it helpful.