locked
Exchange 2010 SP3 RU11 Transport Rule Monitoring RRS feed

  • Question

  • Hi,

    I want to check how many emails are hitting transport rules and which transport rule.

    Exchange 2010 SP3 RU11

    Tuesday, May 30, 2017 9:45 AM

Answers

  • Sorry, because of I set ResultSize equal to Unlimited, but not specify the date range.

    You can run Get-MessageTrackingLog with Start and End parameter. For example:
    Get-TransportServer | Get-MessageTrackingLog -Start "05/27/2017" -End "06/01/2017" -ResultSize Unlimited | ? {($_.EventID -eq "AgentInfo")}| ? {$_.EventData -like "*ruleID*"} | FL sender,Recipients,MessageSubject,EventData

    Best Regards,

    Allen Wang


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, June 1, 2017 10:58 AM
    Moderator

All replies

  • Hello,

    To find out the transport rule for existing mail flow, we need use message tracking log to check the rule information (i.e. rule ID) and also actions.

    For example:
    Get-TransportServer | Get-MessageTrackingLog  -ResultSize Unlimited | ? {($_.EventID -eq "AgentInfo")}| ? {$_.EventData -like "*ruleID*"} | FL sender,Recipients,MessageSubject,EventData
    Figure as below:

    We can find transport rule by "RuleID" and "Action" in EventData.

    Then, we can run below command to find rule by RuleID:
    Get-TransportRule | FL Name,Description,GUID

    If you need find the item about anti-spam agents, we need enable agent log. More details, refer to:
    https://technet.microsoft.com/en-us/library/bb124795(v=exchg.150).aspx

    Best Regards,

    Allen Wang


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, May 31, 2017 8:24 AM
    Moderator
  • Thanks for replying, however, the cmdlet runs for eternity.
    Wednesday, May 31, 2017 11:54 AM
  • Sorry, because of I set ResultSize equal to Unlimited, but not specify the date range.

    You can run Get-MessageTrackingLog with Start and End parameter. For example:
    Get-TransportServer | Get-MessageTrackingLog -Start "05/27/2017" -End "06/01/2017" -ResultSize Unlimited | ? {($_.EventID -eq "AgentInfo")}| ? {$_.EventData -like "*ruleID*"} | FL sender,Recipients,MessageSubject,EventData

    Best Regards,

    Allen Wang


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, June 1, 2017 10:58 AM
    Moderator