Backtrack:  
 
by lunarg on March 10th 2015, at 16:12

You can easily view message tracking logs through the Exchange Management Shell (EMS). The cmdlet to use is called Get-MessageTrackingLog, and roughly provides the same search queries as before, and to be honest, it's faster than using the GUI in older Exchange versions, once you get to know the syntax. And thanks to the power of Powershell, you have a lot more options about exporting said data (e.g. to CSV).

Basic syntax

The basic syntax is as follows:

Get-MessageTrackingLog [-Server <ServerIdentity.] [-ResultSize <Integer> | Unlimited] [-Start <DateTime>] [-End <DateTime>] [-EventId <EventId>] [-InternalMessageId <InternalMessageId>] [-MessageId <MessageId>] [-MessageSubject <Subject>] [-Recipients <RecipientAddress1,RecipientAddress2...>] [-Reference <Reference>] [-Sender <SenderAddress>]

Although it may look complicated, a lot of these options can be omitted, allowing for very fast searching of results. Running Get-MessageTrackingLog is also possible, providing the 1000 most recent message tracking log entries on the current server.

Search parameters

A quick explanation of some of the search parameters you can specify, although most of them are self-explanatory.

-Start
-End
Selects the start and end date and time for your query. This is useful for limiting the search to a specific time period. It is specified as a DateTime string, such as "3/28/2013 8:00AM".
-EventIdThe type of entry, such as SMTP, STORE. To look for errors, set it to FAIL.
-SenderLook for mails with this specific sender, entered as an e-mail address.
-RecipientA comma-separated list of e-mail addresses, which are the recipients to look for.
-MessageId
-InternalMessageId
Look for a specific message with the specified ID. Very useful if you're looking for one message in particular, and want all the logging associated with it.

Formatting

As with any Powershell output, you can pipe the results through Format-Table, Format-List, and Select.

Examples

Look for all failed entries for the sender user@contoso.com, in the specified time interval.

Get-MessageTrackingLog -ResultSize Unlimited -Start "3/28/2013 8:00AM" -End "3/28/2013 5:00PM" -EventId FAIL -Sender "user@contoso.com"

Export the results of the last 1000 entries to a CSV:

Get-MessageTrackingLog | Export-CSV ".\logs.csv"

More information

More information on Technet: https://technet.microsoft.com/en-us/library/bb124926(v=exchg.150).aspx.

 
 
« December 2024»
SunMonTueWedThuFriSat
1234567
891011121314
15161718192021
22232425262728
293031    
 
Links
 
Quote
« I needed a password with eight characters so I picked Snow White and the Seven Dwarves. »