SMTP Protocol Logs availability
SMTP Protocol logs are an invaluable tool when troubleshooting message delivery in on-premises Exchange Server.
I have just had a support case closed because Office 365 support cannot provide SMTP Protocol logs and I'm stuck, not able to determine the cause of a mail flow issue without the logs. The only option for send/receive information on a particular message is advanced message trace, which does not provide details of the message conversation.
Can you provide a way for admins to request these logs from the Office 365 support team, if not provide a way to access them via Remote PowerShell? Obviously, these logs exist, as you're running Exchange Servers in your data centers.
As Exchange Online operates in a multi-tenant configuration, protocol logs include connections from multiple customers. Unlike Message Tracking Logs, these logs are not attributed to a specific tenant at a protocol level, therefore there is no way extract a single tenant’s logs. We provide Message Trace as the best way of tracking the messages that pass through our service.
For connections from your own servers to our service, you do have the ability to analyse your logs which would mirror our own front door protocol logs. Message Trace would then take over for messages that were accepted by our service.
For support cases, protocol logs can be searched for as part of tracking down an issue for an instance of an issue, however support cannot provide customers with their protocol logs for them to do their own investigation.
We understand that admins have much less control of what happens to their messages in Exchange Online compared to Exchange Server, and we are working on various feature and improvements to make it easier to analyse mail flow. The queue viewer in the Mail Flow Dashboard is one such feature.
Dave Webster commented
That's not really good enough.
We should be moving forwards and making better systems.
Instead it seems MS is slowly cutting off my fingers and in return offering to remove the money from my wallet for me as I have now been left disabled..
At the very least logon / authentication events should show up in Audit logs
Zack Aubut commented
I completely agree. In the same boat. I NEED access to those protocol logs.