Chapter 5: Monitoring and Troubleshooting Intelligent Message Filter
You can monitor and troubleshoot issues with Microsoft® Exchange Intelligent Message Filter using Event Viewer and System Monitor.
Using Event Viewer
In Event Viewer, both the Application Log and the System Log contain errors, warnings, and informational events related to the operation of Exchange, the SMTP service, and other applications. To help you identify the cause of Intelligent Message Filter problems, carefully review the data contained in the Application Log and System Log. Intelligent Message Filter writes events to Event Viewer using the source MSExchangeTransport and the category SMTP Protocol.
To view errors, warnings, and informational events in the Application Log
|
1. |
Click Start, point to All Programs, point to Administrative Tools, and then click Event Viewer. |
|
2. |
In the console tree, click Application Log. |
|
3. |
To sort the log alphabetically and quickly locate an entry for an Exchange service, in the details pane, click Source. |
|
4. |
To filter the log to list entries for events logged for Intelligent Message Filter, from the View menu, click Filter. |
|
5. |
In Application Log Properties, use the Event source list to select MSExchangeTransport. |
|
6. |
In the Category list, select SMTP Protocol. |
Table 5.1 explains the events that Intelligent Message Filter logs. Unless otherwise noted, all events are logged at the default logging level.
|
Event ID: 7512
Severity=Informational
Text:
The message with ID <message id>, P1 From <sender name>, Subject <subject> from remote host <host name> was Rejected/Deleted by the Intelligent Message Filter. |
Intelligent Message Filter writes this event when it rejects or deletes a message at the gateway.
This event is recorded only when the logging level is set to medium or maximum for the SMTP Protocol category of the MSExchangeTranport service. To set the logging level, use the Diagnostic Logging tab of the Exchange server properties. |
|
Event ID: 7513
Severity=Informational
Text:
Microsoft Exchange Intelligent Message Filter was refreshed for code version <version number>, data version <version number>. Microsoft Exchange Intelligent Message Filter is now enabled. A refresh occurs when the SMTP service is restarted or Microsoft Exchange Intelligent Message Filter is updated. |
Intelligent Message Filter writes this event when Intelligent Message Filter is installed for the first time or when Intelligent Message Filter is updated. This event log is also written when the SMTP service is restarted. |
|
Event ID: 7514
Severity=Error
Text:
An error occurred while loading Microsoft Exchange Intelligent Message Filter.
The error code is <error code>. |
Intelligent Message Filter writes this event when an error occurs while installing or updating Intelligent Message Filter.
Uninstall the new version of Intelligent Message Filter and attempt to reinstall. |
|
Event ID: 7515
Severity=Error
Text:
An error occurred while Microsoft Intelligent Message Filter attempted to filter a message with ID <message ID>, P1 From <sender>, Subject <subject>. This message will not be filtered.
The error code is <error code>. |
Intelligent Message Filter writes this event when it is unable to filter a message. Possible causes are corrupted or malformed messages. |
Using System Monitor and Performance Logs and Alerts
Intelligent Message Filter has several performance counters that you can use to monitor its performance and operation.
To monitor Intelligent Message Filter using System Monitor
|
1. |
Click Start, point to All Programs, point to Administrative Tools, and then click Performance. |
|
2. |
Right-click System Monitor, and then click Add Counters. |
|
3. |
In Add Counters, under Performance Object, select MSExchange Intelligent Message Filter.
Table 5.2 explains the list of performance counters available for Intelligent Message Filter.
|
Total Messages Scanned for UCE |
The total number of messages scanned by Intelligent Message Filter. If this number is 0 or very low, Intelligent Message Filter may not be functioning properly. |
|
Messages Scanned for UCE/sec |
The number of messages scanned per second by Intelligent Message Filter. This counter indicates how quickly Intelligent Message Filter is operating. |
|
Total UCE Messages Deleted |
The total number of messages deleted at the gateway. This counter indicates that Intelligent Message Filter has identified these messages as UCE and deleted them, based on the action specified by an administrator. If you configure Intelligent Message Filter to take another action on messages identified as UCE at the gateway, this counter displays 0. |
|
UCE Messages Deleted/sec |
The number of messages deleted per second by Intelligent Message Filter. This counter indicates how quickly Intelligent Message Filter deletes messages identified as UCE. If you did not configure Intelligent Message Filter to delete messages identified as UCE, this counter displays 0. |
|
Total UCE Messages Rejected |
The total number of messages rejected at the gateway. This counter indicates that Intelligent Message Filter has identified these messages as UCE and rejected them, based on the action specified by an administrator. If you configure Intelligent Message Filter to take another action on messages identified as UCE at the gateway, this counter displays 0. |
|
UCE Messages Rejected/sec |
The number of messages rejected per second by Intelligent Message Filter. This counter indicates how quickly Intelligent Message Filter rejects messages identified as UCE. If you did not configure Intelligent Message Filter to reject messages identified as UCE, this counter displays 0. |
|
Total UCE Messages Archived |
The total number of messages archived at the gateway. This counter indicates that Intelligent Message Filter has identified these messages as UCE and archived them, based on the action specified by an administrator. If you configured Intelligent Message Filter to take another action on messages identified as UCE at the gateway, this counter displays 0. |
|
UCE Messages Archived/sec |
The number of messages archived per second by Intelligent Message Filter. This counter indicates how quickly Intelligent Message Filter archives messages identified as UCE. If you did not configure Intelligent Message Filter to archive messages identified as UCE, this counter displays 0. |
|
% UCE out of Total Messages Scanned |
The percentage of the total number of messages scanned by Intelligent Message Filter that were identified as UCE. |
|
% UCE of Messages Scanned in the previous 30 minutes |
The percentage of the number of messages scanned by Intelligent Message Filter in the previous 30 minutes that were identified as UCE. |
|
Total Messages Assigned an SCL Rating of X |
The total number of messages scanned by Intelligent Message Filter that were assigned a spam confidence level (SCL) rating of x, where x is a spam rating of 0 to 9. | |