locked
Exchange Server Get-MessageTrackingLog EventID usage ? RRS feed

  • Question

  • Hi,

    I need some help and clarification of using the exact Exchange PowerShell script Get-MessageTrackingLog like the below example:

    Get-TransportServer | ForEach-Object {
        Write-Host $_.Name
        Get-Messagetrackinglog -Server $_.Name -Resultsize Unlimited -Start "01/03/2018 12:00:00 AM" -End "29/03/2018 5:00:00 PM" -EventID SEND | Where-Object { $_.Source -eq "SMTP"} | 
    Select @{Name="Recipients";Expression={ $_.Recipients -join ';' }}, Sender, ClientIp, ClientHostname, Timestamp, EventID, Source, ServerHostname, ServerIp, MessageSubject, TotalBytes, ConnectorId 
    } | Export-Csv C:\Logs\Result.csv -NoTypeInformation

    The above script working fine, but I just need to get some additional confirmation if the below Where Clause is correct or not, Based on the https://technet.microsoft.com/en-us/library/bb124375%28v=exchg.150%29.aspx

    To get the total number of Inbound emails: -EventID DELIVER | Where-Object { $_.Source -eq "StoreDriver"}

    To get the total number of Outbound emails: -EventID SEND | Where-Object { $_.Source -eq "SMTP"}

    Any help would be greatly appreciated.


    /* Server Support Specialist */


    Thursday, March 29, 2018 4:59 AM

All replies

  • What is not happening or what is the error?


    \_(ツ)_/

    Thursday, March 29, 2018 5:10 AM
  • Which one of these combination is correct:

    Inbound emails: 
    -EventID DELIVER | Where-Object { $_.Source -eq "StoreDriver"}
    -EventID RECEIVE | Where-Object { $_.Source -eq "StoreDriver"}

    Outbound emails: 
    -EventID SEND | Where-Object { $_.Source -eq "SMTP"}
    -EventID SUBMIT | Where-Object { $_.Source -eq "SMTP"}


    /* Server Support Specialist */

    Thursday, March 29, 2018 5:16 AM
  • The source and types are documented here: https://technet.microsoft.com/en-us/library/bb124375%28v=exchg.150%29.aspx


    \_(ツ)_/

    Thursday, March 29, 2018 5:19 AM
  • The source and types are documented here: https://technet.microsoft.com/en-us/library/bb124375%28v=exchg.150%29.aspx


    \_(ツ)_/

    Yes,

    But somehow which one is correct?

    I need someone to clarify it for me.


    /* Server Support Specialist */

    Thursday, March 29, 2018 6:01 AM
  • If u wanna know, how many emails are received through Exchange, use receive (includes Failed ones, NDRs..).

    If u wanna know, how many emails are actually delivered into mailbox  (without failed messages). use Deliver

    Thursday, March 29, 2018 6:17 AM
  • Which one is correct for what?  You are being unclear.  What is ti you are trying to do?

    To get the values just do this:

    $splat = @{
        EventID = 'SEND' 
    Server = $_.Name Resultsize = 'Unlimited' Start = '01/03/2018 12:00:00 AM' End = '29/03/2018 5:00:00 PM' } Get-Messagetrackinglog @splat | select Source

    Splatting makes long commands easier to manage.

    I should also note that valid sources depend on server configuration.


    \_(ツ)_/



    • Edited by jrv Thursday, March 29, 2018 6:22 AM
    Thursday, March 29, 2018 6:20 AM