The IP address of the other end is often the unique factor which can be traced when multiple threads are communicating at once.
> -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On > Behalf Of John Strongosky > Posted At: Tuesday, May 03, 2005 5:15 PM > Posted To: swynk > Conversation: IIS SMtp Logs > Subject: RE: IIS SMtp Logs > > > Forgot about the "Data Blob", what I would want is just what > the IIS logs gives now except add a message id so you can > follow the conversation. > > john > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On > Behalf Of Presley, Steven > Sent: Tuesday, May 03, 2005 3:12 PM > To: Exchange Discussions > Subject: RE: IIS SMtp Logs > > You will get the entire SMTP session except the entire DATA > blob. You will see a small portion of the DATA blob, which > tends to be limited to the messageID in the IIS SMTP log. I > have also found it useful to dump out the link state data as > that can clutter things up (again, using findstr /v). > Consider what you are asking for though. A typical SMTP log > where I work is 400mb a day (per server). If you were to add > in the entire DATA blob, that would make that log file > unmanageable. What are you expecting to see in the DATA blob > that you could not see in the client anyways? If you are > looking for the RAW MIME content then use a POP3 or IMAP > client and you will get the message before it is "promoted" > into MAPI format. > > Best regards, > Steven > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of > > John Strongosky > > Sent: Tuesday, May 03, 2005 4:26 PM > > To: Exchange Discussions > > Subject: RE: IIS SMtp Logs > > > > Thanks for the reply, what I would be looking for is the > entire smtp > > conversation in order to troubleshoot a problem.... > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of > > Presley, Steven > > Sent: Tuesday, May 03, 2005 1:18 PM > > To: Exchange Discussions > > Subject: RE: IIS SMtp Logs > > > > Well it all depends on what you are looking for in the IIS > SMTP log, > > but I generally start with the following: > > > > Separate the inbound from outbound connections: > > findstr /v "Outbound" iissmtplogfile.log > inbound.log findstr > > "Outbound" > > iissmtplogfile.log > outbound.log > > > > This should make it easier to parse, now it comes down to > what exactly > > you are looking for. If you are looking for mail from a particular > > server you can parse it even more (using either the server name or > > IP): > > findstr "servername" inbound.log or findstr "servername" > outbound.log > > > > Because email sessions can occur in constant streams it can be > > difficult to narrow down specifics, but generally once you get the > > feel for the logs and how they work you should be able to find what > > you are looking for. What specifically are you looking for? > > > > Best regards, > > Steven > > > > > > > > > -----Original Message----- > > > From: [EMAIL PROTECTED] > > > [mailto:[EMAIL PROTECTED] On > Behalf Of > > > John Strongosky > > > Sent: Tuesday, May 03, 2005 3:46 PM > > > To: Exchange Discussions > > > Subject: IIS SMtp Logs > > > > > > > > > Looking at the IIS smtp logs and I find it very hard to > follow the > > > smtp conversation, is there any way to add a email id. > I've checked > > > almost every check box on the IIS Logging properties and its not > > > there. Does anybody have a recommended log parser/viewer > > that they are > > > using for this? > > > > > > > > > v/r > > > john > > > > > > _________________________________________________________________ > > > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > > > Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange > > > To subscribe: > > http://e-newsletters.internet.com/discussionlists.html/ > > > To unsubscribe send a blank email to > > > [EMAIL PROTECTED] > > > Exchange List admin: [EMAIL PROTECTED] > > > To unsubscribe via postal mail, please contact us at: > > > Jupitermedia Corp. > > > Attn: Discussion List Management > > > 475 Park Avenue South > > > New York, NY 10016 > > > > > > Please include the email address which you have been > contacted with. > > > > > > > > > _________________________________________________________________ > > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > > Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange > > To subscribe: > http://e-newsletters.internet.com/discussionlists.html/ > > To unsubscribe send a blank email to > > [EMAIL PROTECTED] > > Exchange List admin: [EMAIL PROTECTED] > > To unsubscribe via postal mail, please contact us at: > > Jupitermedia Corp. > > Attn: Discussion List Management > > 475 Park Avenue South > > New York, NY 10016 > > > > Please include the email address which you have been contacted with. > > > > _________________________________________________________________ > > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > > Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange > > To subscribe: > http://e-newsletters.internet.com/discussionlists.html/ > > To unsubscribe send a blank email to > > [EMAIL PROTECTED] > > Exchange List admin: [EMAIL PROTECTED] > > To unsubscribe via postal mail, please contact us at: > > Jupitermedia Corp. > > Attn: Discussion List Management > > 475 Park Avenue South > > New York, NY 10016 > > > > Please include the email address which you have been contacted with. > > > > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange > To subscribe: http://e-newsletters.internet.com/discussionlists.html/ > To unsubscribe send a blank email to > [EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > To unsubscribe via postal mail, please contact us at: > Jupitermedia Corp. > Attn: Discussion List Management > 475 Park Avenue South > New York, NY 10016 > > Please include the email address which you have been contacted with. > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange > To subscribe: http://e-newsletters.internet.com/discussionlists.html/ > To unsubscribe send a blank email to > [EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > To unsubscribe via postal mail, please contact us at: > Jupitermedia Corp. > Attn: Discussion List Management > 475 Park Avenue South > New York, NY 10016 > > Please include the email address which you have been contacted with. > > > _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange To subscribe: http://e-newsletters.internet.com/discussionlists.html/ To unsubscribe send a blank email to [EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with.
