http://wingdspur.com/2012/12/generate-daily-exchange-email-stats/

   

Exchange 2010환경

매일매일 csv로 통계파일 떨어뜨리고,

스크립트로 나중에 Merge(여기 블로그는 Ruby 언어로 Merge)

   

   

아래 배치파일을 저장해서

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -command C:\Users\myuser\Desktop\stats\emailstats.ps1

이와 같이 예약된 작업으로 돌린다.

   

   

 

출처 https://gist.github.com/wingdspur/4383416>

 

Create email stats powershell script and bat file

   

Add-PSSnapin Microsoft.Exchange.Management.PowerShell.E2010

   

#requires -version 2.0

   

$today = get-date

$rundate = $($today.adddays(-1)).toshortdatestring()

   

$outfile_date = ([datetime]$rundate).tostring("yyyy_MM_dd")

# modify path for your server

$outfile = "C:\Users\myuser\Desktop\stats\email_stats_" + $outfile_date + ".csv"

# modify path for your server

$dl_stat_file = "C:\Users\myuser\Desktop\stats\DL_stats.csv"

   

$accepted_domains = Get-AcceptedDomain |% {$_.domainname.domain}

[regex]$dom_rgx = "`(?i)(?:" + (($accepted_domains |% {"@" + [regex]::escape($_)}) -join "|") + ")$"

   

$mbx_servers = Get-ExchangeServer |? {$_.serverrole -match "Mailbox"}|% {$_.fqdn}

[regex]$mbx_rgx = "`(?i)(?:" + (($mbx_servers |% {"@" + [regex]::escape($_)}) -join "|") + ")\>$"

   

$msgid_rgx = "^\<.+@.+\..+\>$"

   

$hts = get-exchangeserver |? {$_.serverrole -match "hubtransport"} |% {$_.name}

   

$exch_addrs = @{}

   

$msgrec = @{}

$bytesrec = @{}

   

$msgrec_exch = @{}

$bytesrec_exch = @{}

   

$msgrec_smtpext = @{}

$bytesrec_smtpext = @{}

   

$total_msgsent = @{}

$total_bytessent = @{}

$unique_msgsent = @{}

$unique_bytessent = @{}

   

$total_msgsent_exch = @{}

$total_bytessent_exch = @{}

$unique_msgsent_exch = @{}

$unique_bytessent_exch = @{}

   

$total_msgsent_smtpext = @{}

$total_bytessent_smtpext = @{}

$unique_msgsent_smtpext=@{}

$unique_bytessent_smtpext = @{}

   

$dl = @{}

   

   

$obj_table = {

@"

Date = $rundate

User = $($address.split("@")[0])

Domain = $($address.split("@")[1])

Sent Total = $(0 + $total_msgsent[$address])

Sent MB Total = $("{0:F2}" -f $($total_bytessent[$address]/1mb))

Received Total = $(0 + $msgrec[$address])

Received MB Total = $("{0:F2}" -f $($bytesrec[$address]/1mb))

Sent Internal = $(0 + $total_msgsent_exch[$address])

Sent Internal MB = $("{0:F2}" -f $($total_bytessent_exch[$address]/1mb))

Sent External = $(0 + $total_msgsent_smtpext[$address])

Sent External MB = $("{0:F2}" -f $($total_bytessent_smtpext[$address]/1mb))

Received Internal = $(0 + $msgrec_exch[$address])

Received Internal MB = $("{0:F2}" -f $($bytesrec_exch[$address]/1mb))

Received External = $(0 + $msgrec_smtpext[$address])

Received External MB = $("{0:F2}" -f $($bytesrec_smtpext[$address]/1mb))

Sent Unique Total = $(0 + $unique_msgsent[$address])

Sent Unique MB Total = $("{0:F2}" -f $($unique_bytessent[$address]/1mb))

Sent Internal Unique = $(0 + $unique_msgsent_exch[$address])

Sent Internal Unique MB = $("{0:F2}" -f $($unique_bytessent_exch[$address]/1mb))

Sent External Unique = $(0 + $unique_msgsent_smtpext[$address])

Sent External Unique MB = $("{0:F2}" -f $($unique_bytessent_smtpext[$address]/1mb))

"@

}

   

$props = $obj_table.ToString().Split("`n")|% {if ($_ -match "(.+)="){$matches[1].trim()}}

   

$stat_recs = @()

   

function time_pipeline {

param ($increment = 1000)

begin{$i=0;$timer = [diagnostics.stopwatch]::startnew()}

process {

$i++

if (!($i % $increment)){Write-host "`rProcessed $i in $($timer.elapsed.totalseconds) seconds" -nonewline}

$_

}

end {

write-host "`rProcessed $i log records in $($timer.elapsed.totalseconds) seconds"

Write-Host " Average rate: $([int]($i/$timer.elapsed.totalseconds)) log recs/sec."

}

}

   

foreach ($ht in $hts){

   

Write-Host "`nStarted processing $ht"

   

get-messagetrackinglog -Server $ht -Start "$rundate" -End "$rundate 11:59:59 PM" -resultsize unlimited |

time_pipeline |%{

if ($_.eventid -eq "DELIVER" -and $_.source -eq "STOREDRIVER"){

if ($_.messageid -match $mbx_rgx -and $_.sender -match $dom_rgx) {

$total_msgsent[$_.sender] += $_.recipientcount

$total_bytessent[$_.sender] += ($_.recipientcount * $_.totalbytes)

$total_msgsent_exch[$_.sender] += $_.recipientcount

$total_bytessent_exch[$_.sender] += ($_.totalbytes * $_.recipientcount)

foreach ($rcpt in $_.recipients){

$exch_addrs[$rcpt] ++

$msgrec[$rcpt] ++

$bytesrec[$rcpt] += $_.totalbytes

$msgrec_exch[$rcpt] ++

$bytesrec_exch[$rcpt] += $_.totalbytes

}

}

else {

if ($_messageid -match $messageid_rgx){

foreach ($rcpt in $_.recipients){

$msgrec[$rcpt] ++

$bytesrec[$rcpt] += $_.totalbytes

$msgrec_smtpext[$rcpt] ++

$bytesrec_smtpext[$rcpt] += $_.totalbytes

}

}

}

}

if ($_.eventid -eq "RECEIVE" -and $_.source -eq "STOREDRIVER"){

$exch_addrs[$_.sender] ++

$unique_msgsent[$_.sender] ++

$unique_bytessent[$_.sender] += $_.totalbytes

if ($_.recipients -match $dom_rgx){

$unique_msgsent_exch[$_.sender] ++

$unique_bytessent_exch[$_.sender] += $_.totalbytes

}

   

if ($_.recipients -notmatch $dom_rgx){

$ext_count = ($_.recipients -notmatch $dom_rgx).count

$unique_msgsent_smtpext[$_.sender] ++

$unique_bytessent_smtpext[$_.sender] += $_.totalbytes

$total_msgsent[$_.sender] += $ext_count

$total_bytessent[$_.sender] += ($ext_count * $_.totalbytes)

$total_msgsent_smtpext[$_.sender] += $ext_count

$total_bytessent_smtpext[$_.sender] += ($ext_count * $_.totalbytes)

}

}

if ($_.eventid -eq "expand"){

$dl[$_.relatedrecipientaddress] ++

}

}        

}

   

foreach ($address in $exch_addrs.keys){

   

$stat_rec = (new-object psobject -property (ConvertFrom-StringData (&$obj_table)))

$stat_recs += $stat_rec | select $props

}

   

$stat_recs | export-csv $outfile -notype

   

if (Test-Path $dl_stat_file){

$DL_stats = Import-Csv $dl_stat_file

$dl_list = $dl_stats |% {$_.address}

}

else {

$dl_list = @()

$DL_stats = @()

}

   

   

$DL_stats |% {

if ($dl[$_.address]){

if ([datetime]$_.lastused -le [datetime]$rundate){

$_.used = [int]$_.used + [int]$dl[$_.address]

$_.lastused = $rundate

}

}

}

$dl.keys |% {

if ($dl_list -notcontains $_){

$new_rec = "" | select Address,Used,Since,LastUsed

$new_rec.address = $_

$new_rec.used = $dl[$_]

$new_rec.Since = $rundate

$new_rec.lastused = $rundate

$dl_stats += @($new_rec)

}

}

   

$dl_stats | Export-Csv $dl_stat_file -NoTypeInformation -force

   

   

Write-Host "`nRun time was $(((get-date) - $today).totalseconds) seconds."

Write-Host "Email stats file is $outfile"

Write-Host "DL usage stats file is $dl_stat_file"

   







 

 

Exchange Server 2007 HUB Transport Architecture




   

   

   

http://www.msexchange.org/articles-tutorials/exchange-server-2007/management-administration/understanding-back-pressure-feature-exchange-server-2007.html

   

시스템리소스 홍수(inundation) 방지장치

ìnəndéiʃən

   

 

   

백프레셔 기능에 의해 모니터링 되고 있는 시스템리소스

  1. 메시지큐 DB가 위치한 하드디스크 잔여공간
  2. 메시지큐 DB 트랜잭션 로그가 위치한 하드디스크 잔여공간
  3. EdgeTransport.exe, HubTransport.exe 등의 프로세스가 사용중인 메모리
  4. 메모리상에 위치하는 큐DB의 Uncommitted 메시지 수

       

3단계 상태

Normal

Medium : Authoritative domain으로 부터의 연결/메시지는 허용, 다른 소스로부터의 연결은 reject

High : 메시지흐름 stop, 모든 신규 연결/메시지 reject

   

EdgeTransport Role, Hub Transport Role에서만 동작

   

   

징후 증상

  1. 사서함 Draft 폴더에 메일이 머무른다
  2. 서버 접속시 insufficient resource 메시지 확인
  3. 이벤트로그

       

       

       

    Figure 04: Parameters related to the Back Pressure feature in the EdgeTransport.exe.config file

       

    EdgeTransport.exe.config 값 수정 후 무조건 서비스 재시작

  • General Options
  • Free Hard Disk drive space for Message Queue Database
  • Free Hard Disk drive space for Message Queue Database Transaction Logs
  • Memory that is used by the Edge Transport process
  • Memory that is used by all process ok

       

    ResourceMonitoringInterval 기본값 2 seconds (범위 3 ~ 20초)

       

       

    Table 1

    Free Hard Disk drive space for the Message Queue Database

    There is a default formula for this component:

    100*(hard disk drive size - 4 GB) / hard disk drive size

    This means we should have at least 4GB of free hard disk drive space always available for the message queue database.

    Note:

    The path of the Message Queue Database is stored in the QueueDatabasePath parameter in the same configuration file.

Parameter

Default Value

Possible Values

PercentageDatabaseDiskSpaceUsedHighThreshold

0 (indicates that the formula is in use).

3 to 100

PercentageDatabaseDiskSpaceUsedMediumThreshold

0 (if zero, indicates that the value is 2% less than the previous parameter)

3 to 100. The value must be less than the previous parameter.

PercentageDatabaseDiskSpaceUsedNormalThreshold

0. (if zero, indicates that the value is 2% less than the previous parameter)

3 to 100. The value must be less than the previous parameter.

   

   

   

Table 2

Free Hard Disk drive space for the Message Queue Database transaction logs

In this parameter we control how much free space the Message Queue Database transactions logs utilize. By default the Back Pressure feature uses the following formula:

100*(hard disk drive size - 25*DatabaseCheckPointDepthMax) / hard disk drive size

Note:

The parameter DatabaseCheckPointDepthMax can be found in the same configuration file.

Parameter

Default value

Possible Values

PercentageDatabaseLoggingDiskSpaceUsedHighThreshold

0 (if zero, indicates that the default formula will be used)

3 to 100

PercentageDatabaseLoggingDiskSpaceUsedMediumThreshold

0 (if zero, indicates that the value is 2% less than the previous parameter)

3 to 100. The value must be less than the previous parameter.

PercentageDatabaseLoggingDiskSpaceUsedNormalThreshold

0 (if zero, indicates that the value is 2% less than the previous parameter)

3 to 100. The value must be less than the previous parameter.

   

   

   

Table 3

Memory that is Used by the EdgeTransport.exe Process

The formula to calculate the memory used by the EdgeTransport.exe is the simplest Back Pressure feature. Actually, it is not a formula, but a rule: 75% of the total physical memory or 1 TB, the lower value wins.

Parameter

Default value

Possible Values

PercentagePrivateBytesUsedHighThreshold

0 (Indicates that the formula is used)

3 to 100

PercentagePrivateBytesUsedMediumThreshold

0 (if zero, indicates that the value is 2% less than the previous parameter)

3 to 100. The value must be less than the previous parameter.

PercentagePrivateBytesUsedNormalThreshold

0 (if zero, indicates that the value is 2% less than the previous parameter)

3 to 100. The value must be less than the previous parameter.

   

   

   

Table 4

Memory that is Used by All Processes

We can control the memory that is used by All Processes; when memory utilization by all process reaches the value specified in PercentagePhysicalMemoryUsedLimit a process called message dehydration starts. By default, all message content is kept in memory. This process removes all the unnecessary elements (MIME Content) of those messages, and then memory used can be reduced.

Parameter

Default Value

Possible Values

DehydrateMessagesUnderMemoryPressure

True (Enabled)

True (Enabled) or False (Disabled)

PercentagePhysicalMemoryUsedLimit

94

3 to 100

   

   

Table 5

Number of Uncommitted Message Queue Database Transactions That Exist in Memory

The "version buckets" are the message queue database transactions that are kept in memory. All changes that are made to the message queue database stay in memory until those changes can be committed to transaction log files.

Factors that can increase the version buckets may be virus issues, integrity of the message queue database, or hard drive performance.

Parameter

Default value

Possible Values

VersionBucketsHighThreshold

100

1 to 8000

VersionBucketsMediumThreshold

60

1 to 8000. The value must be less than the previous parameter.

VersionBucketsNormalThreshold

40

1 to 8000. The value must be less than the previous parameter

   

   

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

   

Stage 1

tranport 프로세스에 의한 메모리이용은 유효한 상태

Config파일의 수치를 넘어서면, 가비지컬렉션 작업 시작됨

미사용 객체를 체크해서 메모리 상에서 제거시킨다.

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Stage 2

메모리상의 uncommitted message queue database transactions 유효한 상태

Config파일의 수치를 넘어서면

메모리 상의 메시지큐DB 트랜잭션들을 강제로 트랜잭션 로그파일에 쓰려는 시도가 일어난다.

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Stage 3

모든 모니터링수치가 normal levels이용율을 넘어서는 경우

과잉이용이 지속되면 the highest level of utilization is acted upon.

   

HUB Edge 다르게 동작함(아래 참조)

HUB 내부흐름, 다른 HUB연결, Store driver연결은 허용(Medium)

Hub

Resource utilization level

Connections from other Hub Transport servers

Connections from other messaging servers

Store driver connections from Mailbox servers

Pickup directory and Replay directory submission

Internal mail flow

Medium

Allowed

Rejected

Allowed

Rejected

Functional

High

Rejected

Rejected

Rejected

Rejected

Not functional

   

Edge 모두 거부

Resource utilization level

Connections from Hub Transport servers

Connections from other messaging servers

Pickup directory and Replay directory submission

Medium

Rejected

Rejected

Rejected

High

Rejected

Rejected

Rejected

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Stage 4

The memory utilization of the Exchange Transport process is validated against the config file.

Transport service 재시작해도 전송큐의 메시지는 처리되지 않음

   

Other validation occurs in the message queue database transactions that are kept in memory.

transport dumpster will be disabled;

message delivery to any remote destination that uses a remote delivery queue will be disabled.

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Stage 5

Transport process 메모리 사용율이 여전히 높고 ,모든 프로세스에 대한 메모리 이용율이 config파일의 정의된 수치를 넘어서게 되면

메모리 상에서 DNS캐시 버린다(flush)

메시지 탈수프로세스 시작?

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

   

   

   




   

   

   

  • 사용자가 NDR을 받았다면 아마도 수신 측 서버 문제일 것 NDR을 보자
  • 수신자메일주소 도메인 NSLOOKUP, PING
  • SMTP서버 TELNET접속 25포트
  • Exchange 콘솔에서 큐뷰어 or 쉘에서 Get-Queue
  • ECP에서 Delivery Report 확인
  • 메시지 트랙킹 로그 확인

     "C:\Program Files\Microsoft\Exchange Server\V14\TransportRoles\Logs\MessageTracking"

  • Enable TransportLogging

    Send Connector ?

  • 프로토콜 로그파일

    C:\Program Files\Microsoft\Exchange Server\V14\TransportRoles\Logs\ProtocolLog\SmtpSend

    주의, 엄청 크다

       

       

       




   

   

08:20 MBX02 Version Bucket 5,000 까지 올라감

허브 큐 각 300건

08:35 MBX02 Version Bucket 10,000 까지 올라감

허브 큐 각 400건

   

08:38 클러스터 STOP

아래와 같이 Version Bucket 수치 떨어짐 -> 100대로 떨어지자 EDB 오프라인 시작됨

08:40 EDB 오프라인 중

   

08:43 EDB 전체 오프라인 -> MOVE -> START

08:44 디스크 온라인 완료

08:45 EDB 온라인 완료 Fail없음

08:53 허브 큐 해소 완료(Mapi Delivery)

   

   

   

   

기준값

  1. Back Pressure큐 상에 처리되지 않은 메일 건수 기준
  2. Version Bucket 은 처리되지 않은 Request 건수 / 메모리상의 요청 수

   

   

현상

  1. Back Pressure => 메일박스 전체에 영향을 줌
  2. Version Bucket 은 특정 EDB 에서만 발현

3. 상세현상

특정사용자에게 규칙오류(event id 1147) 관련 메일 폭탄이 계속해서 전달됨(현상 해소시킬 때까지 계속)

규칙오류로 특정 EDB 사용자에게 폭탄메일(반복적인 오류메일)이 계속들어옴, 아웃룩 사용불가

Perfmon 모니터에서 MSExchange Database version bucket allocated 수치 확인

평상 시 에는 Information Store Total 수치 모니터링

사전 감지 어려움

   

   

결론

Exchange Server 2013은 해당 문제 없음

   

   








MOVE


“{Mount database on the server with preference 1 (with colors)}”

Get-MailboxDatabase | Sort Name | ForEach {$db=$_.Name; $xNow=$_.Server.Name ;$dbown=$_.ActivationPreference| Where {$_.Value -eq 1};  Write-Host $db “on” $xNow “Should be on” $dbOwn.Key -NoNewLine; If ( $xNow -ne $dbOwn.Key){Write-host ” WRONG” -ForegroundColor Red; Move-ActiveMailboxDatabase $db -ActivateOnServer $dbOwn.Key -confirm:$False} Else {Write-Host ” OK” -ForegroundColor Green}}






Verify 


“{Verify if the database is mounted on the server with preference 1 (with colors)}”

Get-MailboxDatabase | Sort Name | ForEach {$db=$_.Name; $xNow=$_.Server.Name ;$dbown=$_.ActivationPreference| Where {$_.Value -eq 1};  Write-Host $db “on” $xNow “Should be on” $dbOwn.Key -NoNewLine; If ( $xNow -ne $dbOwn.Key){Write-host ” WRONG” -ForegroundColor Red; } Else {Write-Host ” OK” -ForegroundColor Green}}













'기술(MS,Web,Windows,AWS) > [MS]Exchange2013' 카테고리의 다른 글

메일(메시지) 헤더 분석편 References  (0) 2016.05.25
ISAPI Filter  (0) 2016.03.11

+ Recent posts