In the past (on 2007 mind you) I’ve used exmon and also Scott Oseychik’s guide to looking for patterns in logs, it’s a bit hit and miss though, but on a couple of occasions has located rogue clients
http://blogs.msdn.com/b/scottos/archive/2007/07/12/rough-and-tough-guide-to-identifying-patterns-in-ese-transaction-log-files.aspx Nick From: Harry Singh [mailto:[email protected]] Sent: 11 January 2012 16:16 To: MS-Exchange Admin Issues Subject: Rapid Log Drive Consumption. All - Single exchange 2010 SP1 and UR 3v3 server running on a Windows 2008 Enterprise VM (Vmware 4.1) I come in this morning to a failed Backupexec Full backup job and the drive consisting of all my logs, tranasaction, smtp, queuedatabase. iis etc is at about 3.5 GB of free space left. All my databases are in an "Unknown" Mount state and I'm getting a "ServiceDown" in the Copy Status. No DAG either. I noticed the Exchange Replication service was not running. I started this service, increased the capacity of the Log Drive and mail flow started to resume normally. The log drive is set to about 100GB and we about 400 users. Most have a 1GB mailbox limit, some have a 2GB. I'd say most users and business functions rely on email, so it's a relatively busy box. I've tried searching the archive with no luck. I'm guessing my search string is simply wrong, but here goes: What tools/commands could i use inherently to determine which mailbox is being overly chatty? Do i simply need to scour SMTP logs? We do have BES, Unified Messaging using Adtran, iPhones and MAPI desktops (all on Outook 2010 or 2003) Regards, Harry. --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe exchangelist This electronic message contains information from CACI International Inc or subsidiary companies, which may be confidential, proprietary, privileged or otherwise protected from disclosure. The information is intended to be used solely by the recipient(s) named above. If you are not an intended recipient, be aware that any review, disclosure, copying, distribution or use of this transmission or its contents is prohibited. If you have received this transmission in error, please notify us immediately at [email protected] Viruses: Although we have taken steps to ensure that this e-mail and attachments are free from any virus, we advise that in keeping with good computing practice the recipient should ensure they are actually virus free. CACI Limited. Registered in England & Wales. Registration No. 1649776. CACI House, Avonmore Road, London, W14 8TS. --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe exchangelist
