How to Export Message Tracking Results in Exchange 2010

I know we all were a little uncomfortable when Microsoft has come up with the new Message Tracking in Exchange Server 2007 and Exchange 2010 (of course even me). But, now I become very comfortable with it and mainly because of its flexibility/features. Recently the message tracking helped me in identifying a spam attack from an application server, which made me to write this post. Here I have tried to explain how to easily track and export the tracking results to a file and do the further filtration for troubleshooting purpose.

Note – I used the Exchange 2010 SP1 Exchange Management Console and Shell.

Open the Tool Box from EMC and locate Tracking Log Explorer, and do your normal tracking for a desired output. Here I did tracking for couple of test message that I sent.

Message_Tracking_-EMC1.png (6.81 KiB) Viewed 1 time

Below shows the result window,

Message_Tracking_-EMC2.png (14 KiB) Viewed 1 time

As you know that the Exchange 2007 and 2010 tracking give plenty of detail in the message tracking result. Now, how will you interpret these results? Is it easy to read the information shows in this output?

At least few time you would have thought, how we can export these results. It is not difficult for administrators who work with Exchange Management Shell. Don’t worry, it is not difficult for you who are not comfortable with Shell as well.

Copy the Exchange Management Shell command from the Message tracking page,

get-messagetrackinglog -MessageSubject "Test Message to Verify Tracking Details" -Start "6/26/2011 9:00:00 PM" -End "6/26/2011 9:30:00 PM"

End of the Shell command that you copied add the field needed to export with a ‘select’ filter, see the below modified shell command.

get-messagetrackinglog -MessageSubject "Test Message to Verify Tracking Details" -Start "6/26/2011 9:00:00 PM" -End "6/26/2011 9:30:00 PM" | select timestamp, ClientIp, ClientHostname, ServerIp, ServerHostname, SourceContext, ConnectorId, Source, EventId, InternalMessageId, MessageId, {$_.Recipients}, {$_.RecipientStatus}, TotalBytes, RecipientCount, RelatedRecipientAddress, Reference, MessageSubject, Sender, ReturnPath, MessageInfo >c:\Track-results.csv

Message_Tracking_-EMS.png (7.8 KiB) Viewed 1 time

Open the results file in excel and do your rest of filtration, that’s it... you have done.

Message_Tracking_CSV.png (14.13 KiB) Viewed 1 time

You may select only the fields that you need during the shell command execution, use the table below to decide your fields.

Timestamp
ClientIp
ClientHostname
ServerIp
ServerHostname
SourceContext
ConnectorId
Source
EventId
InternalMessageId
MessageId
Recipients
RecipientStatus
TotalBytes
RecipientCount
RelatedRecipientAddress
Reference
MessageSubject
Sender
ReturnPath
MessageInfo

Hope now you will like the message tracking of Exchange 2007 and 2010. You may use the same approach when tracking in Exchange 2007, more or less the same.