Exchange

Filtering event log entries

2 Comments

One of the first steps in troubleshooting your Exchange environment (or any Windows environment) is checking the Event Viewer. The Application log shows tons of entries, and step one is to filter out only the Error messages:

image

There are a lot of entries here that make perfect sense, but generate way too much information, for example:

  • Event ID 7 – MSExchangeWebServices
  • Event ID 106 – MSExchange Common
  • Event ID 1006 – MSExchangeDiagnostics
  • Event ID 1023 – Perflib
  • Event ID 3018 – MSExchangeApplicationLogic
  • Event ID 4376 – MSExchangeRepl

You can filter out specific Event ID’s as well by entering these ID’s in a negative number in the Current Filter, like -7,-106,-1006,-1023,-3018,-4376:

image

The remaining entries that are shown make troubleshooting much easier since only a few entries are shown:

image

Right now I can continue troubleshooting the issues at this Exchange server (unexpected Mailbox database failovers).

2 thoughts on “Filtering event log entries”

  1. Pingback: Weekly IT Newsletter – October 13-17, 2014 | Just a Lync Guy
  2. Pingback: NeWay Technologies – Weekly Newsletter #117 – October 17, 2014 | NeWay

Leave a Reply

Please log in using one of these methods to post your comment:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s