Mark Minasi's Reader Forum

Mark Minasi's Reader Forum

All Forums

Email, Databases, Sharepoint and more

Exchange

Get-MessageTrackingLog

Note: You must be registered in order to post a reply.
To register, click here. Registration is FREE!

Screensize:

UserName:

Password:

Format Mode:

Format:

Message:

* HTML is OFF
* Forum Code is ON

Smilies

[quote][i]Originally posted by JSCLMEDAVE[/i]
[br]Ok I got this sorted out.

I do NOT have access to the Transport Servers Roles which is what I cannot run Get-TransportServer via EMS.

Had I been able to I could have run Get-TransportServer Exchange01 | Select * and seen that the -MessageTrackingLogMaxAge was set to 30 days...

Lesson learned...  Do not always presume that your script is wrong, check the settings if in doubt.

Here is what I am using to pull everything since I am limited to 30 days and I am not able to use Get-TransportServer -

[code]Get-Exchangeserver | where {$_.isHubTransportServer -eq $true -or $_.isMailboxServer -eq $true} | Get-MessageTrackingLog -Resultsize Unlimited -Sender "PersonA@Comp.com" -EventID Receive -Recipient "PersonB@Comp.com" | Select Timestamp,Sender,RecipientCount,{$_.Recipients},MessageSubject,TotalBytes,ClientHostname,ServerHostname,InternalMessageId,MessageId | Export-Csv C:\TEMP\FromA_ToB.csv -notype
 [/code]

If you want a specific date and time say the 29th from 7AM to the 31st 7AM use -

[code]Get-Exchangeserver | where {$_.isHubTransportServer -eq $true -or $_.isMailboxServer -eq $true} | Get-MessageTrackingLog -Resultsize Unlimited[blue] [b]-Start "03/29/2012 06:00:00" -End "03/31/2012 07:00:00" [/blue][/b]-Sender "PersonA@Comp.com" -EventID Receive -Recipient "PersonB@Comp.com" | Select Timestamp,Sender,RecipientCount,{$_.Recipients},MessageSubject,TotalBytes,ClientHostname,ServerHostname,InternalMessageId,MessageId | Export-Csv C:\TEMP\FromA_ToB.csv -notype  [/code]

Edit - Forgot to post code

[/quote]

Check here to include your profile signature.
Note: please do not cross-post.
Cross-postings will be deleted and ignored.
Thanks for helping to keep this forum junk-free!
Check here to subscribe to this topic.

T O P I C R E V I E W
JSCLMEDAVE	Posted - 03/30/2012 : 2:42:07 PM I am trying to replace possibly the worst email tracking tool I have seen - Exchange 2010 - with some simple Powershell commands. Exchange 2010 SP1, Outlook 2010 For testing I am using my account as the -Recipients TBolton@mail.com One of our Techs as the -Sender BBob@mail.com To ensure that I am pulling from all the possible servers I am using this - Get-Exchangeserver \| where {$_.isHubTransportServer -eq $true -or $_.isMailboxServer -eq $true} I can NOT run Get-TransportServer the only reason I can think of is that I am missing access rights to run it... So,,, $MAIL = Get-Exchangeserver \| where {$_.isHubTransportServer -eq $true -or $_.isMailboxServer -eq $true} \| Get-MessageTrackingLog -Sender BBob@mail.com -Recipients TBolton@mail.com -Start "1/19/2012 6:00:00 AM" -End "3/29/2012 7:00:00 AM" In Outlook I can see that I have received 48 items from BBob@mail.com. Some have been sent directly to me, others I was CC and some I was in a Distro Group. The count when I do $Mail.count is 16 If I include -EventID Expand The count when I do $Mail.count is 4 and a Single Distro Group is listed but none of the CC or other Distro Groups. Again, I want to be able to answer a typical request "How many emails did UserA Send to UserB over this time period since we are trying to prove an email was or was not sent." without using the built in Message Tracking solution.
8 L A T E S T R E P L I E S (Newest First)
JSCLMEDAVE	Posted - 09/20/2012 : 09:48:28 AM Good Article Searching Message Tracking Logs by Time and Date Range http://exchangeserverpro.com/searching-message-tracking-logs-by-time-and-date-range?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+ExchangeServerPro+%28Exchange+Server+Pro%29
JSCLMEDAVE	Posted - 05/24/2012 : 2:17:47 PM I now have access that I needed for the Transport Servers. Updated the command a bit. [PS] C:\Get-TransportServer \| Get-MessageTrackingLog -Resultsize Unlimited -Start "05/23/2012 06:00:00" -End "05/24/2012 09:00:00" \| where { $_.Recipients -match "tbolton@Minasi.com" } \| Select Timestamp,Sender,EventID,Recipie ntCount,@{Name="Recipients";Expression={$_.recipients}},MessageSubject,TotalBytes,ClientHostname,ServerHostname,Internal MessageId,MessageId \| Export-Csv C:\TEMP\tbolton.csv -notype
JSCLMEDAVE	Posted - 04/03/2012 : 10:55:02 AM Just read Paul Cunningham's Blog. http://exchangeserverpro.com/exchange-2010-message-tracking-log-search-powershell Adding this bit to the Select-Object @{Name="Recipients";Expression={$_.recipients}} Get-Exchangeserver \| where {$_.isHubTransportServer -eq $true -or $_.isMailboxServer -eq $true} \| Get-MessageTrackingLog -Resultsize Unlimited -Start "03/29/2012 06:00:00" -End "03/31/2012 07:00:00" -Sender "PersonA@Comp.com" -EventID Receive -Recipient "PersonB@Comp.com" \| Select Timestamp,Sender,RecipientCount,@{Name="Recipients";Expression={$_.recipients}},MessageSubject,TotalBytes,ClientHostname,ServerHostname,InternalMessageId,MessageId \| Export-Csv C:\TEMP\FromA_ToB.csv -notype
JSCLMEDAVE	Posted - 04/02/2012 : 2:04:17 PM Ok I got this sorted out. I do NOT have access to the Transport Servers Roles which is what I cannot run Get-TransportServer via EMS. Had I been able to I could have run Get-TransportServer Exchange01 \| Select * and seen that the -MessageTrackingLogMaxAge was set to 30 days... Lesson learned... Do not always presume that your script is wrong, check the settings if in doubt. Here is what I am using to pull everything since I am limited to 30 days and I am not able to use Get-TransportServer - Get-Exchangeserver \| where {$_.isHubTransportServer -eq $true -or $_.isMailboxServer -eq $true} \| Get-MessageTrackingLog -Resultsize Unlimited -Sender "PersonA@Comp.com" -EventID Receive -Recipient "PersonB@Comp.com" \| Select Timestamp,Sender,RecipientCount,{$_.Recipients},MessageSubject,TotalBytes,ClientHostname,ServerHostname,InternalMessageId,MessageId \| Export-Csv C:\TEMP\FromA_ToB.csv -notype If you want a specific date and time say the 29th from 7AM to the 31st 7AM use - Get-Exchangeserver \| where {$_.isHubTransportServer -eq $true -or $_.isMailboxServer -eq $true} \| Get-MessageTrackingLog -Resultsize Unlimited -Start "03/29/2012 06:00:00" -End "03/31/2012 07:00:00" -Sender "PersonA@Comp.com" -EventID Receive -Recipient "PersonB@Comp.com" \| Select Timestamp,Sender,RecipientCount,{$_.Recipients},MessageSubject,TotalBytes,ClientHostname,ServerHostname,InternalMessageId,MessageId \| Export-Csv C:\TEMP\FromA_ToB.csv -notype Edit - Forgot to post code
wobble_wobble	Posted - 03/30/2012 : 6:33:26 PM I've posted the posh I use for tracking a few times. What's the difference? Internal only mail, external mail, alias addressed mail?
JSCLMEDAVE	Posted - 03/30/2012 : 4:48:16 PM Yeah the 16 are sent directly to me. I can tell via the subject. I can also see all the other recipients that were included. The 4 sent to the Distro Group also via their subject are correct. The others that I am CC or a Distro Group I am in is CC'd are not showing up. At least that is what it seems to be indicating. I am playing with different -EventIDs now and they are giving me different results as well. I was thinking about trying to use -EventID with a wildcard if possible or using a where statement to include them all. I sure thought this was going to be easier than it is.
Jazzy	Posted - 03/30/2012 : 4:20:51 PM Tim, it's late and I drank some glasses of whine. This may not be my sharpest response... When you look at the results, does it make sense? I mean, you should be able to see what messages you miss and maybe think of why. What does this show? Get-Exchangeserver \| where {$_.isHubTransportServer -eq $true -or $_.isMailboxServer -eq $true} \| Get-MessageTrackingLog -Resultsize Unlimited -Sender BBob@mail.com \| Where {$_.Recipients - like "TBolton"}
JSCLMEDAVE	Posted - 03/30/2012 : 3:04:02 PM I also tried this - $Mail = Get-Exchangeserver \| where {$_.isHubTransportServer -eq $true -or $_.isMailboxServer -eq $true} \| Get-MessageTrackingLog -Resultsize Unlimited -Sender BBob@mail.com -EventID Expand \| Where {$_.Recipients - match "TBolton"} $Mail.count is 4 AND $Mail = Get-Exchangeserver \| where {$_.isHubTransportServer -eq $true -or $_.isMailboxServer -eq $true} \| Get-MessageTrackingLog -Resultsize Unlimited -Sender BBob@mail.com \| Where {$_.Recipients - match "TBolton"} $Mail.count is 16

Mark Minasi's Reader Forum

This page was generated in 0.12 seconds.

Snitz Forums 2000