Event Log Viewer
The Event Log, accessed by selecting View Event Log from either the System Tray Icon menu (right-click) or the tree-view in the Console, provides a real-time view of Mailtraq's recent activities. When Mailtraq starts, the Event Log is empty and, to conserve memory, the data in the event log rolls off after approximately 700 lines.
The 'buttons' at the top of the window control what events are displayed in this view of the log. Select ('click-in') all the buttons to the right of the separator for full reporting. Mouse over the buttons for the service description.
The Event Log is suitable for taking a snapshot of Mailtraq's activities. Use the 'Export List...' facility from the Event Log context menu if you need to paste information into a Support email or Form.
The Event Log can be a confusing experience the first time that you see it - and as things are happening pretty much in real time, events can move up the page quite quickly. You can pause the display, but it is usually best to either copy-to-clipboard and then paste into Windows Notepad, or look at the record on disk.
What to look for: Exception
Mailtraq writes serious problems it encounters to this log, so if you are trying to resolve an issue doing a search in Notepad for the word 'Exception' often is a good place to start. If there are no Exceptions (which is usually the case) then you can continue to work through the log, but if you do find one you can contact Support for more information
Need to send us log files ? - see Sending logs
Logging to disk files
For a more permanent and more detailed record of Mailtraq's activities, consult the Disk Logging facility. The Disk Log, configured on the Logging tab of the Options | Server Properties dialog, provides a semi-permanent record of all Mailtraq activity which is written to file in real time.
Using the log for troubleshooting
It is usually easier to examine the Disk Log when troubleshooting problems as it is not being constantly updated. Closing the event log in Notepad and reopening it will give you an updated view.
The default location is at C:\Program Files\Mailtraq, one file per day in the format LOG_31.TXT, over-written on a monthly cycle. The file name corresponding to the day of the month.
Wherever possible, consider placing Mailtraq's log files on a different drive to the Mailtraq database. This ensures that logs continue to be written in the event that there is no further disk space on the database drive. Mailtraq logs can consume at least 50Kb and 100Kb of disk space per user per day, given moderate activity levels: 4-5mb per day is 'typical' for business installations.
Reading the Log
The Event Log is a simple text file and is normally opened in MS 'Notepad'.
You use the normal edit controls to move around the text file. You use the 'Notepad' Edit| Find menu to search for key words, such as 'Exception' or for a particular email address.
Detailed Message Descriptions
If this option is enabled Mailtraq writes additional information relating to each transaction, for example the sender's name and the message Subject header. Otherwise, messages are referred to only by their unique identification number.
If you need to email an entire day's Event Log, please Zip the file before sending.
Note: changes were made to this dialog in build 2156 for the Low Disk Space Monitor and the Detailed Message Description switch was removed: all log entries will be fully detailed.
Writing logs to unique daily files - without cycling
In some circumstances you may wish to write each day's log entries to separate files, with a unique filename for each day. To do this, you need to select the Logging Method to be "Custom" and in the file name box, enter the name as below (adjusting the path as appropriate):
Note: Clearly, since the log files are never overwritten, this will have severe implications for disk space usage, and you should have a mechanism in place for archiving them off elsewhere.
Remote Logging Service
The logging service presents two variations of its disk log data over a TCP/IP stream so that Mailtraq's activities can be monitored from a remote terminal. This dialog, accessed from the Service Manager dialog, is used to configure the parameters which allow clients, such as Telnet to monitor the activity of Mailtraq from a remote machine.
It is normally necessary to open both your Router and Firewall to allow access to Port 5001
You access the RLS from the MS-Command <cmd> prompt by using Telnet to the public facing IP address of the Mailtraq machine on Port 5001, selecting Option 2
For example, at a DOS prompt:
telnet 184.108.40.206 5001
Mailtraq Server Remote Logging Service (example.com)
OPTION (1 = TELNET, 2 = MTQLOG)
OK -- Logging services started for 220.127.116.11 on 01/01/2006 09:56:06
Using Registry Flags: Extended Logs
In certain situations it may be useful to expand the range of the Event Log. This can be done by modifying the Registry Entry for Mailtraq. Unless you are instructed to do so by Mailtraq Support, the following information should only be used if you are familiar with using Regedit and understand the implications of making Windows Registry changes.
It is not usual to run extended logging without a specific reason, as the added information makes the Event Log more complex to read for day-to-day usage.
- Enable debug logging:debug=1
- Enable MX Resolution logging: mxlogging=1
- Enable Extended logging: extlogging=1
- Enable Memory usage logging: memlogging=1
- Enable CPU usage logging: cpulogging=1
Enable Remote Console: RemoteConsole=1
Method: Example to Log MX Resolution See how here...
Shut down Mailtraq, and then run Regedit
add New | String Value | Debugflags
and then set the value to
Note: multiple extended logging can be enabled as a comma separated list - for example:
Tips on using the Event Log
Reading the log
The Event Log viewer often is moving very quickly, and although it is possible to pause the viewer using the || button, if you are unfamiliar with the reporting it can still be hard to understand what is happening. The tips below explain how to make this easier.
Each 'thread' is identified by the number in the first columns.
A '+' indicates a new thread opening, and a '-' indicates it closing.
A common issue that you may be trying to diagnose is why certain messages are not being delivered as expected. The Event Log allows you to see - step-by-step - the path a message takes through Mailtraq, and what any remote mail server (the message's destination) may be saying to Mailtraq as the message is sent.
This KB article explains about Exceptions: KB11111401 Log files and Exceptions
Issue - messages are 'stuck' in the Outbox.
Clearing stuck messages is explained here.
To see what is happening, make a note of the time on the Mailtraq machine - and then 'Clear Host Assignments'. Watch the 'outbox' until the messages fail to send. Make a note of the time again. Now, open the disk file LOG_ .TXT and copy the entries between the two times into a new Notepad document. You will then easily be able to step through the record of what happened and see what 'talk-back' is being given by the remote mail server. Be aware that there may be multiple messages being handled at the same time, and that messages are first routed into Mailtraq and then routed out after the destination has been resolved - so there may be a gap in time (and many lines) between the Clear Host Assignment and the final message failure. Start at the top of the extract and work down.
Issue - messages from local email clients are being rejected by Mailtraq
To see what is happening, make a note of the time on the Mailtraq machine - and then send a test message of the type that fails. Now, open the disk file LOG_ .TXT and copy the entries from that time into a new Notepad document. You will then easily be able to step through the record of what happened and see what message is being given by Mailtraq. Be aware that there may be multiple messages being handled at the same time, and that messages are first routed into Mailtraq and then routed out after the destination has been resolved - so there may be a gap in time (and many lines) between 'send' and the final message failure. Start at the top of the extract and work down.