I am working with one of the biggest Messaging setup & facing issues where transactional log drives starts to gets fill up very fast.  This troublshooting comes with a bit of experience, it involves reading of transactional logs, montoring using Exmon & a guess work sometimes 🙂

Reading transactional logs is not a easy task therefore I have researched a way from Internet which can help you in doing so.

So, lets start….

There are two ways for reading trasactional logs

download strings from below site

http://technet.microsoft.com/en-us/sysinternals/bb897439

download unix for win32 from below site

http://downloads.sourceforge.net/unxutils/UnxUtils.zip?modtime=1172730504&big_mirror=0

Extract everything above in c:\unix

Create a folder c:\txnlogs (this is the folder in which you have to copy the txn logs that you want to analyse)

Create a folder C:\output  for results.

use the below command  for the results

strings -q -n 16 C:\TXNLOGS\*.log | cut -f3 -d: | sort | uniq -c | sort | tee c:\output\log-output.wri

After running this command you will get counts of the data that is repeating.

Now you have to use exmon to match the repeating entry with the entry that is consuming more bytes/CPU.

Match this entry with the database /txn log drive that is having issues.(if user is present in that database then probably that user is culprit for generating lot of txnlogs )

Now get the user active sync device reconfigured on all mobile devices , do CAS reset for the CAS on which user session is there. If there is anything stuck in user outbox then remove it, if there are calendar entries with no end date then tell the user to put some end dates.

Above seems to be simple process but some times give headace’s for finding the culprit..:)

Reference:-

not working any more-blogs.msdn.com/b/scottos/archive/2007/07/12/rough-and-tough-guide-to-identifying-patterns-in-ese-transaction-log-files.aspx