Home » Exchagne Tool Kit

Category Archives: Exchagne Tool Kit

Transaction log files growing rapidly consuming disk space

Log Files growing rapidly and consuming disk space


Most of the Administrators has come across the scenario like Database size increasing due to rapid log file growth.

Related to any Database hosting Engines either it could be our mail System Exchange or SQL Database


When it comes to Exchange for time being to stop the log file growth we follow few steps like :

  1. Enabling Circular logging (Not Recommended by Microsoft)
  2. Increasing Diagnostic logging to trace the cause for the growth finding through Event ID


Let’s tale in detail:


Exchange is designed to write all transaction into log files first and then commit to the database whenever system allows.

Transaction can be anything, like:

Starting from accessing mailbox, moving messages between folders, email sending, receiving and so on.

So the increase in transaction log is nothing but the activity performed against the exchange databases.

Now let us see the reason for unusual growth in transaction logs, and this results increase in exchange database size.

Most of us don’t like reasons but when we start explaining the issue, these reasons might be very helpful.

Either it could be used to resolve or Isolate such issues.


The reasons can be one of the following:

Mailbox Related:


  1. Mailbox or database corruption
  2. Active Sync issues
  3. Misbehaving Client, it can be a corrupted profile as well
  4. 3rd party software accessing any specific mailbox’s


Mailflow Related:

  1. NDR Looping
  2. Spamming
  3. Increased mail flow
  4. Corrupt mail stuck in the queue

In short these Transaction Log File growth occurs majorly due to repeated transactions.


Steps to find out tracing log file growth


Step 1:

Use the tool Exmon – Installation of EXMON Tool for Identifying Logs .

If any user who uses the CPU(%) more than 50% most of the time, then most likely you have identified the problematic user.

Ask the user to quick any client/client activity, or if not possible way to reach them disable the account for some time.

Observe your store and the transaction logs.


Use your exchange server to verify the following parameters for each mailbox in problematic store (if you have not identified the database.

Now Let’s discuss the Installation and utilization of the Tool ExMon.

There are various types but let’s discuss few to trace the logs and identify the Log file growth


Today we’ll see the tools for tracing and identifying the log file growth


  • ExMon
  • Strings.exe
  • Netmon



Explanation about the Tools in detail, step by step Installation and Utilization

Installation is same procedure for all the three tools so installation of ExMon begins as shown below, and same procedure needs to follow for the other two.


Step 1: ExMon


Installation :

1: Download the Tool from my tool the Microsoft Exchange Server User Monitor

2: Download and save it. Run the Tool



3: Click Run




4: Click Next




5: Accept the License Agreement and click Next.




6: Specify the location and click next



7: Click Next and Close.

8: Installation completed.


We’ll see how to use the Tools as explained below:


Step1: Using ExMon


Go to the install path and on the Exmon.reg you need to add two registry keys

RpcEtwTracing and UsePerformanceClock as shown below:




Now when we go to ExMon properly installed let’s start the tool by executing the ExMon.exe file from the installation directory (C:\Program Files(X86)\Exchange User Monitor).


After the data collected by ExMon can be exported to a comma-separated text file (.CSV) which again can be opened using Excel or Access.


Now run the ExMon by running ExMon in a Command Prompt window with either -SU, -SV or -SC.


ExMon.exe –SU “C:\Program Files(X86)\Exchange User Monitor\data\User.csv”



Step 2: Analyzing the logs using Strings.exe


While working on this issue transaction logs, I have come across another tool Strings.exe, which is nothing parsing the logs.


Note: To perform this task we need max 100 logs.


Extract and place it in a folder save it in any one location as per your requirement, open Powershell and browse to the location to the folder


Run the below command :



.\strings.exe -q -n 16 D:\templogs\*.log | foreach-object { ($_.Split(“:”.ToCharArray(),3)[2]) }| group-object | select-object count,name | sort count | export-csv C:\temp\output.csv


When we open the CSV file and scroll down to the last we can see the mailbox names that has the maximum Occurrences and accordingly we can take action on the mailbox to stop the Log file growth.


For More Info:



Step 3: NetMon


Download the NetMon Tool NetMon


Note before we proceed tracing the logs using the tool please install the hotfix and then proceed


Hotfix for NetMon as its inbuilt feature for Win7 and Win Server 2008R2

Hotfix for Netmon


Start -> Run -> CMD (Run as Administrator)


Type “Netsh trace start scenario=NetConnection capture=yes report=yes persistent=no maxsize=1024 correlation=yes traceFile=C:\Logs\NetTrace.etl” without the quotation marks and then press Enter.


For more info:






Praveen Kumar

MCTS | Exchange Server

Publisher @

%d bloggers like this: