«

»

Oct 18

Print this Post

Message Logs Searcher for Multiple Mailbox Servers

I got tired of manually running MessageTracking Logs across all of our mail servers so I knocked out this script to search across all servers and pull all the data together into a single data table or export the results to a CSV.

You only need to set your search parameters on lines 14-19 and run the search.

Search MessageTrackingLogs
Search MessageTrackingLogs
Search_MessageTrackingLogs.zip
Version: 2016-10
1.6 KiB
4 Downloads
Details

### Message Logs Search ###
Write-Host "Loading Exchange Management Powershell Modules"
Add-PSSnapin Microsoft.Exchange.Management.PowerShell.E2010, Microsoft.Exchange.Management.PowerShell.Setup , Microsoft.Exchange.Management.Powershell.Support
### Clear Variables ###
$sender = $null
$recipient = $null
$subjectContains = $null
$start = $null
$end = $null
$outFile = $null
### ###

### Set Search Parameters Comment out any that are not used ###
#$outFile = “Full:\Path\To\Log\Output.csv”
#$sender = “[email protected]
#$recipient = “[email protected]
#$subjectContains = “Portion of Subject”
$start = “10/17/2016 00:00:00”
$end = “10/18/2016 00:00:00”
### ###

# This is used to load the Exchange Powershell modules in the subjobs that are created for each server
$preCmd = “Add-PSSnapin Microsoft.Exchange.Management.PowerShell.E2010, Microsoft.Exchange.Management.PowerShell.Setup , Microsoft.Exchange.Management.Powershell.Support”

### build the search command ###
$cmd = “Get-MessageTrackingLog -ResultSize Unlimited”

if($sender -ne $null){ $cmd = “$cmd -Sender ‘$sender'” }
if($recipient -ne $null){ $cmd = “$cmd -Recipients ‘$recipient'” }
if($subjectContains -ne $null){ $cmd = “$cmd -MessageSubject ‘$subjectContains'” }
if($start -ne $null){ $cmd = “$cmd -Start ‘$start'” }
if($end -ne $null){ $cmd = “$cmd -End ‘$end'” }
### ###

# Get all the Exchange servers that have the mailbox role installed
$servers = Get-ExchangeServer | WHERE ServerRole -Contains “Mailbox”

# Create some arrays to be used later
$messages = @()
$jobs = @()

### Loop Through each server and start searching the Message Tracking Logs ###
write-host “Starting Jobs”
foreach($server in $servers){

$serverName = $server.name
Write-Host “Searching $serverName”

$msgsTemp = $null

# Create a job to run a search against this server
$cmdTemp = “Start-Job -InitializationScript { $preCmd } -ScriptBlock { $cmd -Server $serverName } -Name $serverName”
$jobs += Invoke-Expression -Command $cmdTemp

}
### ###

### Loop through each job and wait for it to complete ###
Write-Host “Waiting for Job completion”
foreach($job in $jobs){
$job.Name
# Wait for the job to finish
Wait-Job $job.Name

# Retrieve the data from the job and remove the job
$msgsTemp = receive-Job $job.Name
Remove-Job $job.Name

# Add the data to the $messages Array
if($msgsTemp -ne $null){ $messages += $msgsTemp }
}
write-host ” ”
### ###

# display the results on the screen
write-host “Result”
$messages | ft TimeStamp,EventId,Source,Sender,Recipients,MessageSubject -AutoSize

### Compile the data into a more readable format that can be further manipulated ###
$outData = @()
foreach($message in $messages){
$outline = New-Object PSObject -Property @{ TimeStamp = $message.TimeStamp;
ClientIP = $message.originalClientIp;
ClientHostName = $message.ClientHostname;
ServerName = $message.ServerHostname;
SourceContext = $message.SourceContext;
MessageID = $message.MessageId;
Source = $message.Source;
ConnectorID = $message.ConnectorId;
EventID = $message.EventID;
Subject = $message.MessageSubject;
Sender = $message.Sender;
Recipients = “”;
TotalBytes = $message.MessageInfo
}
if($message.RecipientCount -gt 1){
foreach($recipient in $message.Recipients){
if($outLine.Recipients -ne “”){ $outLine.Recipients += “;” }
$outLine.Recipients += $recipient
}

}
elseif($message.RecipientCount -eq 1){ $outLine.Recipients = $message.Recipients[0] }
else{ $outLine.Recipients = “” }

$outData += $outLine
}
### ###

# If an Output file was specified, write the message list to a csv
if($outFile -ne $null){ $outdata | SORT Timestamp | SELECT TimeStamp,EventID,Source,ClientIP,ClientHostName,ServerName,SourceContext,MessageID,ConnectorID,Subject,Sender,Recipients,TotalBytes | Export-Csv $outFile -NoTypeInformation }

Permanent link to this article: https://www.wperry.net/code/message-logs-searcher-for-multiple-mailbox-servers/

Leave a Reply

Your email address will not be published. Required fields are marked *