Retrieve Microsoft Exchange Message Tracking Log with PowerShell

Please refer to the steps below on how to retrieve Microsoft Exchange Message Tracking Log with PowerShell

Default Configuration of Message Tracking Log – Retention of 30 Days with Max file size of 10MB and MAX folder size of 1GB. The message tracking log will be generated hourly

MessageTracking-01

Get-TransportService | Select MessageTrackingLogEnabled, MessageTrackingLogMaxAge, MessageTrackingLogMaxDirectorySize, MessageTrackingLogMaxFileSize, MessageTrackingLogPath  


MessageTrackingLogEnabled          : True
MessageTrackingLogMaxAge           : 30.00:00:00
MessageTrackingLogMaxDirectorySize : 1000 MB (1,048,576,000 bytes)
MessageTrackingLogMaxFileSize      : 10 MB (10,485,760 bytes)
MessageTrackingLogPath             : C:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\Logs\MessageTracking
  1. Filter Message for particular sender
$Sender = "kwyong@aventistech.com"
Get-TransportServer | Get-MessageTrackingLog -Sender $Sender `
| Select Timestamp, Source, Eventid, MessageSubject, Sender,Recipients

We will normally pay attention on the following EVENTID & SOURCE to ensure that Email is successfully Sent

RECEIVE – A message was received by the SMTP receive component of the transport service or from the Pickup or Replay directories (source: SMTP), or a message was submitted from a mailbox to the Mailbox Transport Submission service (source: STOREDRIVER).

SUBMIT – The Mailbox Transport Submission service successfully transmitted the message to the Transport service.

Source

STOREDRIVE – The event source was a MAPI submission from a mailbox on the local server.

SMTP – The message was submitted by the SMTP send or SMTP receive component of the transport service.

Timestamp      : 8/3/2019 11:40:50 AM
Source         : STOREDRIVER
EventId        : RECEIVE
MessageSubject : user/group email
Sender         : kwyong@aventistech.com
Recipients     : {kmwong@aventistech.com}

Timestamp      : 8/3/2019 11:40:51 AM
Source         : STOREDRIVER
EventId        : SUBMIT
MessageSubject : user/group email
Sender         : kwyong@aventistech.com
Recipients     : {kmwong@aventistech.com}

You can also export the result (-ResultSize unlimited – To extract all records, but it will take some time to complete) to CSV

$Sender = "kwyong@aventistech.com"
Get-TransportServer | Get-MessageTrackingLog -ResultSize unlimited -Sender $Sender `
| Select Timestamp, Source, Eventid, MessageSubject, Sender,{$_.Recipients} | Export-Csv C:\Temp\kwyong-send.csv -NoTypeInformation
  1. Filter Message for particular Recipient with on 8 March, 2019 only
$Recipient = "m3test@benalec.com.my"
$Date = "3/8/2019"
#Message receive in past 1 hour only
$Hours = (Get-Date).AddHours(-1) 
Get-TransportServer | Get-MessageTrackingLog -Recipients $Recipient -Start $Date `
| Select Timestamp, Source, Eventid, MessageSubject, Sender,{$_.Recipients}

We will normally pay attention on the following EVENTID & SOURCE to ensure that Email is successfully Delivered

HAREDIRECT – A shadow message was created.

AGENTINFO – This event is used by transport agents to log custom data.

SMTP RECEIVE , SMTP SEND and STOREDRIVE DELIVER

Timestamp      : 8/3/2019 12:28:23 PM
Source         : SMTP
EventId        : HAREDIRECTFAIL
MessageSubject : RE: Email Testing @1226PM
Sender         : kwyong@aventistech.com
$_.Recipients  : m3test@benalec.com.my

Timestamp      : 8/3/2019 12:28:23 PM
Source         : SMTP
EventId        : RECEIVE
MessageSubject : RE: Email Testing @1226PM
Sender         : kwyong@aventistech.com
$_.Recipients  : m3test@benalec.com.my

Timestamp      : 8/3/2019 12:28:23 PM
Source         : AGENT
EventId        : AGENTINFO
MessageSubject : RE: Email Testing @1226PM
Sender         : kwyong@aventistech.com
$_.Recipients  : m3test@benalec.com.my

Timestamp      : 8/3/2019 12:28:23 PM
Source         : SMTP
EventId        : SEND
MessageSubject : RE: Email Testing @1226PM
Sender         : kwyong@aventistech.com
$_.Recipients  : m3test@benalec.com.my

Timestamp      : 8/3/2019 12:28:23 PM
Source         : STOREDRIVER
EventId        : DELIVER
MessageSubject : RE: Email Testing @1226PM
Sender         : kwyong@aventistech.com
$_.Recipients  : m3test@benalec.com.my

Reference
1. https://docs.microsoft.com/en-us/exchange/mail-flow/transport-logs/message-tracking?view=exchserver-2019#EventTypes

Leave a Comment