exchange 2013

Track messages in Exchange 2013 using Get-MessageTrackingLog


In addition to directly analyzing transport log files, tracking messages in MS Exchange Server 2013 is very easy to carry out with the help of Message Tracking Logs tool. In this post we will discuss some features of the Get-MessageTrackingLog cmdlet, which was created specifically for processing message tracking logs.

You can run the cmdlet without any additional parameters:

Get-MessageTrackingLog

The data will be taken from the server on which the command is executed. By default, all message transmission events will be displayed for the last 30 days (not more than 1000).

message tracking log exchange

The output of the cmdlet is not very convenient.

To remove the limit of 1000 strings, you can use the -ResultSize option, setting the value to Unlimited (be careful, it can heavily load the server). Results can be displayed in page-by-page form (depending on a console size) using the Out-Host cmdlet.

Get-MessageTrackingLog | Out-Host –Paging

The -Paging key is responsible for paginal output.

message tracking log exchange list

It’s more convenient, but the data still looks completely uninformative.

In fact, the message tracking logs contain a lot of information and some of it can be extremely useful in analyzing server operation, message monitoring and many other tasks. Message tracking log files in text format are stored in the directory %ExchangeInstallPath%TransportRoles\Logs\MessageTracking. Manual analysis of these logs is very inconvenient and difficult for any Exchange Administrator.

READ ALSO  How to remotely enable Remote Desktop (RDP) using PowerShell

message tracking log notepad

If you want to display the values of only certain columns, you will run into difficulties. The fact is that the column names in the file and the names of the same columns in Powershell are different! Microsoft developers are not looking for easy ways! 🙂 To help you get column names, you can use the Format-List cmdlet (fl), which displays the properties of each object on a separate line. We display all the fields and data for the first log entry.

Get-MessageTrackingLog | Select-Object -First 1 | Format-List

message tracking log format list

Now it is possible to operate the received data freely and to select only that is necessary. For example, you want to see through which connectors the message passes (we narrow the search area by specifying the subject of the letter), when you send it from within the organization to the internal recipient. To do this, we use the ConnectorID property. You can use the Format-Table (ft) cmdlet to present the data in a table form. Align the width of the columns with the -AutoSize:

Get-MessageTrackingLog -MessageSubject "test" | Format-Table Timestamp,ConnectorID,EventID,Source -AutoSize

And here is the output of the command:

message tracking log format table

Everything is simple and clear and even the names of connectors, including system ones, are visible.

Finally, we’ll try to process the output of Get-MessageTrackingLog with the help of a very interesting Group-Object cmdlet. It allows you to group objects by some property and count their number. This cmdlet is usually used last (or one of the last), because it creates new objects in the pipeline and you can no longer process the objects of the Get-MessageTrackingLog cmdlet.

READ ALSO  CRM 4.0 and Outlook - Cannot add to the server Junk E-mail Lists...

We will try to count the number of all messages sent by users of our organization to recipients on Gmail.com. To do this, you need to enter an additional condition that will filter necessary recipients. You can do this with the help of Where-Object.

Get-MessageTrackingLog -EventId "Send" -ResultSize Unlimited | Where-Object {$_.Recipients -like "*@gmail.com"} | Group-Object Recipients | Sort-Object Count -Descending | Format-Table *

Not so difficult. Here’s what we saw in the results:

message tracking log values

We do not recommend putting the -ResultSize Unlimited key without specifying the start date. You can set the date in this way -Start (Get-Date).AddDays(-1). The command will return the current timestamp and subtract one day from it. That is, you will be returned recipients statistics for the last 24 hours.

You also need to remember that each Exchange server has its own tracking log files. Therefore, this command must be executed on all Exchange Mailbox servers in your organization.


You may also like:

Migrate email to Office 365 using WHM If you are like me, then you are simply wanting to migrate your email over to Microsoft Office 365 to take advantage of Exchange. Me and my colleague ...
Add An Out Of Office Message In Outlook for A Diff... Did an employee just leave for vacation and forget to do something? Below the instructions will show you how to add an out of office message in Outloo...
Grant Full Access to All Mailboxes in Exchange 200... This is a short tutorial on how to add full access to all mailboxes in Exchange 2007 and 2010 for a an additional user. This can come in handy when sa...
How to Recreate Virtual Directories OWA and ECP on... This article describes how to recreate virtual directories OWA and ECP on Exchange 2016. The rebuilding of these virtual directories helps to reset al...
Windows Server 2012 Mailbox Role Process Execution... If you are trying to install Exchange 2010 on Windows Server 2012 and are receiving the error "Mailbox Role Process Failed.... Process execution faile...