Home » Exchange Server 2010 » Message Tracking in Exchange Server 2010/2013

Translate:

Archives

Message Tracking in Exchange Server 2010/2013

Today let’s discuss about Message Tracking in detail, I was breaking my head searching logs for tracking messages.

 

Thought this might help Administrators to easily Enable or Disable but also Tracking the messages.

 

First we’ll discuss Enabling or Disabling this feature later we can discuss on how to track messages:

 

Enabling or Disabling Message Tracking

 

Under the Sever Configuration -> Hub Transport -> Right click on the server and click properties as shown below:

 

MT1

 

Click on Server properties -> Go to Log Settings

 

MT2

 

Put check mark on Enable this feature, if you want to disable uncheck the box as shown above.

 

Also this can be performed using PowerShell

 

To check this feature on the Exchange Hub Transport below is the command

 

Syntax:

Get-TransportServer | Select Name, MessageTrackingLogEnabled | ft -Auto

 

MT3

 

To check this feature in the Mailbox server below is the command

 

Syntax:

Get-MailboxServer | Select Name, MessageTrackingLogEnabled |ft -Auto

 

MT4

 

By default

Max Age 30 Days

MaxDirectorySize 1GB and this can be extended

 

MT5

 

As said the feature MaxDirectorySize can be extended based on your requirement using the command:

Now if you check Directorysize it will be shown as the size that you have set

 

MT6

 

Now let’s see how to find the messages. Messages can be searched using Exchange Management Console (EMC) or Exchange Management Shell (EMS)

 

Exchange Management Console:

 

Open EMC -> Toolbox ->

 

MT7

 

Click Tracking Log Explorer for tracking messages to granular level as shown below:

 

MT8

 

Now let’s track the messages using Exchange Management Shell

 

PowerShell

 

The above message can be executed

 

Syntax:

 

Get-ExchangeServer | where {$_.isHubTransportServer -eq $true -or $_.isMailboxServer -eq $true} | Get-MessageTrackingLog -MessageId “da18339e-8151-4ff3-aeea-87ccf5fc9796@techrid.com” | Select-Object Timestamp,ServerHostname,ClientHostname,Source,EventId,Recipients | Sort-Object -Property Timestamp

 

The above syntax needs to be changed based on your requirement

 

Let’s go ahead message tracking user level using PowerShell commands:

 

Find messages by sender:

 

Get-MessageTrackingLog -sender “peppili@techrid.com”

 

Find messages by recipient:

 

Get-MessageTrackingLog -recipients “peppili@techrid.com”

 

Messages received or messages delivered to the mailbox:

 

You can further separate these by message received:

 

Get-MessageTrackingLog -sender “peppili@techrid.com” -eventID RECEIVE

 

Messages delivered to the mailbox

 

Get-MessageTrackingLog -sender “peppili@techrid.com” -eventID DELIVER

 

Start and End date/time:

 

To further constrain these by Start and End times:

 

Get-MessageTrackingLog -sender peppili@techrid.com -eventID DELIVER -Start “6/30/2015 01:00PM” -End “6/30/2015 03:00PM”

 

Formatting output

 

To show only selected fields, you can pipe the output to the Select-Object command, and specify the fields required. Here we want the timestamp, recipients, and subject fields:

 

Get-MessageTrackingLog -sender “peppili@techrid.com” -eventID DELIVER -Start “6/30/2015 01:00PM” -End “6/30/2015 03:00PM” | Select timestamp,recipients,messagesubject

 

To get all fields from a message in a list format, you can pipe the output into a fl (format list).

 

By default, the Get-MessageTrackingLog command returns up to 1000 results. This can be hard to work with in a command screen that keeps scrolling endlessly. In addition to the above parameters used to filter the logs, you can also restrict the number of results returned using the ResultSize parameter.

 

Get-MessageTrackingLog -sender “peppili@techrid.com” -eventID DELIVER -Start “6/30/2015 01:00PM” -End “6/30/2015 03:00PM” -ResultSize 25

 

For Message tracking rather using EMC Tool using EMS will be much faster.

 

Tracking Messages sent to Distribution List

 

Most of the times situations come where administrators need to track messages sent to DL

 

Here below command might useful to track messages sent to DL

 

MT9

 

Note: No emails sent as it’s my Lab environment :).

 

Here we can also use the switch “-Autosize” even export to csv file as shown below:

 

Get-MessageTrackingLog -Start 06/29/2015 -EventID Expand | ft Timestamp,RelatedRecipientAddress -Autosize >C:\Message.csv

 

If we want to know how many messages received to that DL, this can be done by using small parameter as “Group-Object”

 

MT10

 

Messages sent to particular DL

 

Get-MessageTrackingLog -EventID Expand | ? {$_.RelatedRecipientAddress -like “IT-Helpdesk@contoso.com”} | ft Timestamp,Sender,MessageSubject -Autosize

 

 

Tracking Messages by Subject

 

Another good thing is here we can use “-MessageSubject” parameter while tracking messages. First we need to make sure that if this option is Enabled or not if not we can Enable this

 

So to check this feature run the command

 

Get-TransportServer | select name,*subject* | ft -auto

 

MT11

 

If it’s not Enabled you need to run the command as Set-TransportServer

 

Once after Enabling this you can Search the Message using “-MessageSubject”

 

MT12

 

Now let’s Track messages with EventID using PowerShell

 

Small Command

 

Get-MessageTrackingLog -ResultSize Unlimited | Group-Object -Property:EventId | Sort-Object Count -Desc | Select Name,Count

 

MT13

 

MT14

 

Great from this we have learnt Message tracking using EMC and EMS.

 

 

For More Info :

Search Message Tracking

Message Tracking in Exchange-2003-2007-2010.aspx

 

Regards,

Praveen

MCTS,MCITP | Exchange Server


Leave a comment

Translate »