*Pre-requisites for performing messaging tracking*
- The user must me a member of the following security groups: Organization Management, Records Management and Recipient Management.
You can use message tracking within Exchange to review / follow mail flow by reviewing the generated logs. By default it is enabled - although you can enable or disable using the Exchange Shell as follows:
Set-TransportService <server-name> -MessageTrackingLogPath "C:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\Logs\MessageTracking" -MessageTrackingLogMaxFileSize 10MB -MessageTrackingLogMaxDirectorySize 1GB -MessageTrackingLogMaxAge 30.00:00:00 -MessageTrackingLogSubjectLoggingEnabled $true
You can manually access the log files in the following location:
C:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\Logs\MessageTracking
There are several types of message logs as described below:
MSGTRKMS – For sent messages (messages sent from mailboxes by the Mailbox Transport Submission service).
MSGTRKMD – For received messages. (Messages delivered to mailboxes by the Mailbox Transport Delivery service).
MSGTRK – For mail flow (Transport service events).
MSGTRKMA – Approvals and rejections used by moderated transport.
Using the shell we can search for emails from these logs - in order to find emails that were sent from a specific email to another email during a specific date range we can use:
Get-MessageTrackingLog -Server Mailbox01 -Start "03/13/2013 09:00:00" -End "03/15/2013 17:00:00" -Sender "[email protected]" -Recipients "[email protected]" -EventId Send -MessageSubject "Test Subject"
The GUI does not provide the same level of functionality as the cli in this instance and as a result I would reccomend you stick with the Exchange Shell.
The following will give you detailed information regarding all of the events during the mailflow.
Get-MessageTrackingLog -Server MS02 -Start "03/26/2015 06:00:00" -End "03/26/2015 08:00:00" -Sender "[email protected]" -MessageSubject "Your subject title" | FL
We can also track NDR's
Get-MessageTrackingLog -Server <mailbox-server> -Start "03/26/2015 06:00:00" -End "03/26/2015 17:00:00" -EventID FAIL -Recipient "[email protected]"
or track a specific message with the -MessageId switch:
Get-MessageTrackingLog -Server MS02 -Start "04/13/2015 06:00:00" -End "04/13/2015 22:00:00" -MessageId "<message-id>" | FL
For more information please see here (https://technet.microsoft.com/en-us/library/aa997573%28v=exchg.150%29.aspx)
Wildcards
Since the -Sender or -Recipient parameters do not support wildcards e.g. search for all emails from a specific domain - we have to pipe the output out to 'Where-Object' e.g. to find all gmail.com message we could issue
Get-MessageTrackingLog -Start (Get-Date).AddHours(-24) -ResultSize Unlimited | Where-Object {$_.recipients -like "*@gmail.com"}
No comments:
Post a Comment