When using the EMC to search tracking logs, you cannot
search with wildcards. You can use the
Exchange Shell to do this.
Get-MessageTrackingLog returns an object with the following
properties and methods:
Name
|
MemberType
|
Definition
|
----
|
----------
|
----------
|
Equals
|
Method
|
bool Equals(System.Object obj)
|
GetHashCode
|
Method
|
int GetHashCode()
|
GetType
|
Method
|
type GetType()
|
ToString
|
Method
|
string ToString()
|
ClientHostname
|
Property
|
System.String ClientHostname {get;}
|
ClientIp
|
Property
|
System.String ClientIp {get;}
|
ConnectorId
|
Property
|
System.String ConnectorId {get;}
|
EventData
|
Property
|
System.Collections.Generic.KeyValuePair`2[[System.String,
mscorlib, Version=2.0...
|
EventId
|
Property
|
System.String EventId {get;}
|
InternalMessageId
|
Property
|
System.String InternalMessageId {get;}
|
MessageId
|
Property
|
System.String MessageId {get;}
|
MessageInfo
|
Property
|
System.String MessageInfo {get;}
|
MessageLatency
|
Property
|
System.Nullable`1[[Microsoft.Exchange.Data.EnhancedTimeSpan,
Microsoft.Exchange...
|
MessageLatencyType
|
Property
|
Microsoft.Exchange.Management.TransportLogSearchTasks.MessageLatencyType
Messag...
|
MessageSubject
|
Property
|
System.String MessageSubject {get;}
|
RecipientCount
|
Property
|
System.Nullable`1[[System.Int32, mscorlib,
Version=2.0.0.0, Culture=neutral, Pu...
|
Recipients
|
Property
|
System.String[] Recipients {get;}
|
RecipientStatus
|
Property
|
System.String[] RecipientStatus {get;}
|
Reference
|
Property
|
System.String[] Reference {get;}
|
ReturnPath
|
Property
|
System.String ReturnPath {get;}
|
Sender
|
Property
|
System.String Sender {get;}
|
ServerHostname
|
Property
|
System.String ServerHostname {get;}
|
ServerIp
|
Property
|
System.String ServerIp {get;}
|
Source
|
Property
|
System.String Source {get;}
|
SourceContext
|
Property
|
System.String SourceContext {get;}
|
Timestamp
|
Property
|
System.DateTime Timestamp {get;}
|
TotalBytes
|
Property
|
System.Nullable`1[[System.Int32, mscorlib,
Version=2.0.0.0, Culture=neutral, Pu...
|
Given this information, we can use these properties to
search tracking logs for required details.
EG:
To get a list of all emails from any address @gmail.com between
the dates 10-07-14 and 15-07-14, use the following command (must use MM/DD/YYYY
date format, even though regional settings are for Australia!) (one line):
Get-MessageTrackingLog –ResultSize Unlimited –Start “07-10-2014”
–End “07-15-2014” | where {$_.sender –like “*@gmail.com”}
Combining this with a select-object we can get specific
details about the object returned. To
show the TimeStamp, Source, Event ID, Sender, Recipients, Message Subject and
Size, use the following (one line):
Get-MessageTrackingLog –ResultSize Unlimited –Start “07-10-2014”
–End “07-15-2014” | where {$_.sender –like “*@gmail.com”} | Select-Object
Timestamp, Source, EventID,Sender, {$_.Recipients}, MessageSubject,TotalBytes
You can also use Export-CSV to get the data into a CSV (one line):
Get-MessageTrackingLog –ResultSize Unlimited –Start “07-10-2014”
–End “07-15-2014” | where {$_.sender –like “*@gmail.com”} | Select-Object
Timestamp, Source, EventID,Sender, {$_.Recipients}, MessageSubject,TotalBytes |
–Export-CSV –path export.csv
Search with a wildcard subject (not case sensitive) (one line):
Get-MessageTrackingLog –ResultSize Unlimited | where {$_.MessageSubject
–like “*Dell*”} | Select-Object Timestamp, Source, EventID,Sender,
{$_.Recipients}, MessageSubject,TotalBytes
No comments:
Post a Comment