Sunday, 26 June 2011 20:10

How to Export Message Tracking Results in Exchange 2010

Written by

I know we all were a little uncomfortable when Microsoft has come up with the new Message Tracking in Exchange Server 2007 and Exchange 2010 (of course even me). But, now I become very comfortable with it and mainly because of its flexibility/features.  Recently the message tracking helped me in identifying a spam attack from an application server, which made me to write this post. Here I have tried to explain how to easily track and export the tracking results to a file and do the further filtration for troubleshooting purpose.

Note – I used the Exchange 2010 SP1 Exchange Management Console and Shell.

Open the Tool Box from EMC and locate Tracking Log Explorer, and do your normal tracking for a desired output. Here I did tracking for couple of test message that I sent.

Message_Tracking_-EMC1

Below shows the result window,

Message_Tracking_-EMC2 

As you know that the Exchange 2007 and 2010 tracking give plenty of detail in the message tracking result. Now, how will you interpret these results? Is it easy to read the information shows in this output?

At least few time you would have thought, how we can export these results. It is not difficult for administrators who work with Exchange Management Shell. Don’t worry, it is not difficult for you who are not comfortable with Shell as well.

Copy the Exchange Management Shell command from the Message tracking page,

get-messagetrackinglog -MessageSubject "Test Message to Verify Tracking Details" -Start "6/26/2011 9:00:00 PM" -End "6/26/2011 9:30:00 PM"

End of the Shell command that you copied add the field needed to export with a ‘select’ filter, see the below modified shell command.

get-messagetrackinglog -MessageSubject "Test Message to Verify Tracking Details" -Start "6/26/2011 9:00:00 PM" -End "6/26/2011 9:30:00 PM" | select timestamp, ClientIp, ClientHostname, ServerIp, ServerHostname, SourceContext, ConnectorId, Source, EventId, InternalMessageId, MessageId, {$_.Recipients}, {$_.RecipientStatus}, TotalBytes, RecipientCount, RelatedRecipientAddress, Reference, MessageSubject, Sender, ReturnPath, MessageInfo | Export-Csv "c:\Track-results.csv"

Message_Tracking_-EMS

Open the results file in excel and do your rest of filtration, that’s it... you have done.

Message_Tracking_CSV

You may select only the fields that you need during the shell command execution, use the table below to decide your fields.

Timestamp
ClientIp
ClientHostname
ServerIp
ServerHostname
SourceContext
ConnectorId
Source
EventId
InternalMessageId
MessageId
Recipients
RecipientStatus
TotalBytes
RecipientCount
RelatedRecipientAddress
Reference
MessageSubject
Sender
ReturnPath
MessageInfo

 

Hope now you will like the message tracking of Exchange 2007 and 2010. You may use the same approach when tracking in Exchange 2007, more or less the same.

Interested to read more, refer the MS technet link below to know more.

Ref - How to Search Message Tracking Logs

 

Field name that is used in the message tracking log

Field name that is used to filter the Get-MessageTrackingLog results

date-time

Timestamp 

Bottom of Form

client-ip

ClientIp

client-hostname

ClientHostname

server-ip

ServerIp

server-hostname

ServerHostname

source-context

SourceContext

connector-id

ConnectorId

source

Source

event-id

EventId

internal-message-id

InternalMessageId

message-id

MessageId

recipient-address

Recipients

recipient-status

RecipientStatus

total-bytes

TotalBytes

recipient-count

RecipientCount

related-recipient-address

RelatedRecipientAddress

reference

Reference

message-subject

MessageSubject

sender-address

Sender

return-path

ReturnPath

message-info

MessageInfo

Bottom of Form

theme by reviewshub