Fortinet white logo
Fortinet white logo

External Systems Configuration Guide

Microsoft Exchange

Microsoft Exchange

What is Discovered and Monitored

Protocol Information discovered Metrics collected Used for
Protocol Information discovered Metrics collected Used for
SNMP Application type Process level CPU and memory utilization for the various exchange server processes Performance Monitoring
WMI Application type, service mappings Process level metrics: uptime, CPU utilization, Memory utilization, Read I/O KBytes/sec, Write I/O KBytes/sec for the various exchange server processes Performance Monitoring

Exchange performance metrics (: VM Largest Block size, VM Large Free Block Size, VM Total Free Blocks, RPC Requests, RPC Request Peak, RPC Average Latency, RPC Operations/sec, User count, Active user Count, Peak User Count, Active Connection Count, Max Connection Count

Exchange error metrics (obtained from Win32_PerfRawData_MSExchangeIS_MSExchangeIS WMI class): RPC Success, RPC Failed, RPC Denied, RPC Failed - Server Busy, RPC Failed - Server Unavailable, Foreground RPC Failed, Backgorund RPC Failed

Exchange mailbox metrics (obtained from Win32_PerfRawData_MSExchangeIS_MSExchangeISMailbox and Win32_PerfRawData_MSExchangeIS_MSExchangeISPublic WMI classes): Per Mailbox: Send Queue, Receive Queue, Sent Message, Submitted Message, Delivered Message, Active User, Peak User

Exchange SMTP metrics (obtained from Win32_PerfRawData_SMTPSVC_SMTPServer WMI class): Categorization Queue, Local Queue, Remote Queue, Inbound Connections, Outbound Connections, Sent Bytes/sec, Received Bytes/sec, Retry Count, Local Retry Queue, Remote Retry Queue

Exchange ESE Database (Win32_PerfFormattedData_ESE_MSExchangeDatabase):

Exchange Database Instances (Win32_PerfFormattedData_ESE_MSExchangeDatabaseInstances):

Exchange Mail Submission Metrics (Win32_PerfFormattedData_MSExchangeMailSubmission_MSExchangeMailSubmission):

Exchange Replication Metrics (Win32_PerfFormattedData_MSExchangeReplication_MSExchangeReplication):

Exchange Store Interface Metrics (Win32_PerfFormattedData_MSExchangeStoreInterface_MSExchangeStoreInterface):

Exchange Transport Queue Metrics (Win32_PerfFormattedData_MSExchangeTransportQueues_MSExchangeTransportQueues):

Windows Agent Application Logs Security Monitoring and Compliance

Event Types

In ADMIN > Device Support > Event, search for "microsoft exchange" in the Description column to see the event types associated with this device.

Reports

In RESOURCE > Reports , search for "microsoft exchange" in the Name column to see the reports associated with this application or device.

Configuration

SNMP

See SNMP Configurations in the Microsoft Windows Server Configuration section.

WMI

See WMI Configurations in the Microsoft Windows Server Configuration section.

Settings for Access Credentials

See Setting Access Credentials in the Microsoft Windows Server Configuration section.

Sample Logs

2017-10-05T12:06:00Z EXCH99.foo.com 192.0.2.0 AccelOps-WUA-UserFile-ExchangeTrackLog [monitorStatus]="Success" [Locale]="en-US" [MachineGuid]="d78e4bd5-bc3f-4950-bcdf-926947ee1db7" [timeZone]="+0300" [fileName]="C:\\Program Files\\Microsoft\\Exchange Server\\V15\\TransportRoles\\Logs\\MessageTracking\\MSGTRKMS2017100512-1.LOG" [msg]="2017-10-05T12:05:56.564Z,ffff::eeee:aaaa:bbbb:cccc:dddd%13,EXCH99,,EXCH99.foo.com,\"MDB:d72c63cf-290e-456e-86e5-85dedb1f56de, Mailbox:d7c8c416-c1a7-4225-a17f-552d5274703d, Event:4419662, MessageClass:IPM.Note.ProbeMessage.MBTSubmissionServiceHeartbeatProbe, CreationTime:2017-10-05T12:05:56.267Z, ClientType:Monitoring, SubmissionAssistant:MailboxTransportSubmissionEmailAssistant\",,STOREDRIVER,SUBMIT,,<e545b612256a4c14a563f78a8999fafd@user.example.com>,0a21180c-5932-4c7e-3888-08d50be96f34,HealthMailbox66dd83eddb9b4ee69dbd3fa82c925a3b@user.example.com,,,1,,,00000052-0000-0000-0000-0000ea5a2141-MBTSubmissionServiceHeartbeatProbe,HealthMailbox66dd83eddb9b4ee69dbd3fa82c925a3b@user.example.com,,2017-10-05T12:05:56.267Z;LSRV=EXCH99.foo.com:TOTAL-SUB=0.296|SA=0.078|MTSS=0.209(MTSSD=0.209(MTSSDA=0.005|MTSSDC=0.005|SDSSO=0.161(SMSC=0.020|SMS=0.140)|X-MTSSDPL=0.004|X-MTSSDSS=0.008|MTSSDSDS=0.001)),Originating,,,,S:ItemEntryId=00-00-00-00-ED-99-60-31-E3-76-3C-4B-BE-FE-5B-27-F0-88-3D-0A-07-00-25-D5-0C-8E-46-5A-51-46-A4-18-7D-65-F7-DF-52-1C-00-00-00-00-01-0B-00-00-25-D5-0C-8E-46-5A-51-46-A4-18-7D-65-F7-DF-52-1C-00-00-30-88-0D-FF-00-00,Email,92e0d0ab-4670-41e9-d453-08d50be96f50,15.01.0845.034"

Microsoft Exchange

Microsoft Exchange

What is Discovered and Monitored

Protocol Information discovered Metrics collected Used for
Protocol Information discovered Metrics collected Used for
SNMP Application type Process level CPU and memory utilization for the various exchange server processes Performance Monitoring
WMI Application type, service mappings Process level metrics: uptime, CPU utilization, Memory utilization, Read I/O KBytes/sec, Write I/O KBytes/sec for the various exchange server processes Performance Monitoring

Exchange performance metrics (: VM Largest Block size, VM Large Free Block Size, VM Total Free Blocks, RPC Requests, RPC Request Peak, RPC Average Latency, RPC Operations/sec, User count, Active user Count, Peak User Count, Active Connection Count, Max Connection Count

Exchange error metrics (obtained from Win32_PerfRawData_MSExchangeIS_MSExchangeIS WMI class): RPC Success, RPC Failed, RPC Denied, RPC Failed - Server Busy, RPC Failed - Server Unavailable, Foreground RPC Failed, Backgorund RPC Failed

Exchange mailbox metrics (obtained from Win32_PerfRawData_MSExchangeIS_MSExchangeISMailbox and Win32_PerfRawData_MSExchangeIS_MSExchangeISPublic WMI classes): Per Mailbox: Send Queue, Receive Queue, Sent Message, Submitted Message, Delivered Message, Active User, Peak User

Exchange SMTP metrics (obtained from Win32_PerfRawData_SMTPSVC_SMTPServer WMI class): Categorization Queue, Local Queue, Remote Queue, Inbound Connections, Outbound Connections, Sent Bytes/sec, Received Bytes/sec, Retry Count, Local Retry Queue, Remote Retry Queue

Exchange ESE Database (Win32_PerfFormattedData_ESE_MSExchangeDatabase):

Exchange Database Instances (Win32_PerfFormattedData_ESE_MSExchangeDatabaseInstances):

Exchange Mail Submission Metrics (Win32_PerfFormattedData_MSExchangeMailSubmission_MSExchangeMailSubmission):

Exchange Replication Metrics (Win32_PerfFormattedData_MSExchangeReplication_MSExchangeReplication):

Exchange Store Interface Metrics (Win32_PerfFormattedData_MSExchangeStoreInterface_MSExchangeStoreInterface):

Exchange Transport Queue Metrics (Win32_PerfFormattedData_MSExchangeTransportQueues_MSExchangeTransportQueues):

Windows Agent Application Logs Security Monitoring and Compliance

Event Types

In ADMIN > Device Support > Event, search for "microsoft exchange" in the Description column to see the event types associated with this device.

Reports

In RESOURCE > Reports , search for "microsoft exchange" in the Name column to see the reports associated with this application or device.

Configuration

SNMP

See SNMP Configurations in the Microsoft Windows Server Configuration section.

WMI

See WMI Configurations in the Microsoft Windows Server Configuration section.

Settings for Access Credentials

See Setting Access Credentials in the Microsoft Windows Server Configuration section.

Sample Logs

2017-10-05T12:06:00Z EXCH99.foo.com 192.0.2.0 AccelOps-WUA-UserFile-ExchangeTrackLog [monitorStatus]="Success" [Locale]="en-US" [MachineGuid]="d78e4bd5-bc3f-4950-bcdf-926947ee1db7" [timeZone]="+0300" [fileName]="C:\\Program Files\\Microsoft\\Exchange Server\\V15\\TransportRoles\\Logs\\MessageTracking\\MSGTRKMS2017100512-1.LOG" [msg]="2017-10-05T12:05:56.564Z,ffff::eeee:aaaa:bbbb:cccc:dddd%13,EXCH99,,EXCH99.foo.com,\"MDB:d72c63cf-290e-456e-86e5-85dedb1f56de, Mailbox:d7c8c416-c1a7-4225-a17f-552d5274703d, Event:4419662, MessageClass:IPM.Note.ProbeMessage.MBTSubmissionServiceHeartbeatProbe, CreationTime:2017-10-05T12:05:56.267Z, ClientType:Monitoring, SubmissionAssistant:MailboxTransportSubmissionEmailAssistant\",,STOREDRIVER,SUBMIT,,<e545b612256a4c14a563f78a8999fafd@user.example.com>,0a21180c-5932-4c7e-3888-08d50be96f34,HealthMailbox66dd83eddb9b4ee69dbd3fa82c925a3b@user.example.com,,,1,,,00000052-0000-0000-0000-0000ea5a2141-MBTSubmissionServiceHeartbeatProbe,HealthMailbox66dd83eddb9b4ee69dbd3fa82c925a3b@user.example.com,,2017-10-05T12:05:56.267Z;LSRV=EXCH99.foo.com:TOTAL-SUB=0.296|SA=0.078|MTSS=0.209(MTSSD=0.209(MTSSDA=0.005|MTSSDC=0.005|SDSSO=0.161(SMSC=0.020|SMS=0.140)|X-MTSSDPL=0.004|X-MTSSDSS=0.008|MTSSDSDS=0.001)),Originating,,,,S:ItemEntryId=00-00-00-00-ED-99-60-31-E3-76-3C-4B-BE-FE-5B-27-F0-88-3D-0A-07-00-25-D5-0C-8E-46-5A-51-46-A4-18-7D-65-F7-DF-52-1C-00-00-00-00-01-0B-00-00-25-D5-0C-8E-46-5A-51-46-A4-18-7D-65-F7-DF-52-1C-00-00-30-88-0D-FF-00-00,Email,92e0d0ab-4670-41e9-d453-08d50be96f50,15.01.0845.034"