{"id":1098,"date":"2014-08-28T14:42:51","date_gmt":"2014-08-28T21:42:51","guid":{"rendered":"http:\/\/jim-zimmerman.com\/?p=1098"},"modified":"2018-11-14T16:03:18","modified_gmt":"2018-11-14T23:03:18","slug":"exchange-message-tracking-using-ems","status":"publish","type":"post","link":"https:\/\/jim-zimmerman.com\/?p=1098","title":{"rendered":"Exchange Message Tracking using EMS"},"content":{"rendered":"<p>Sometimes I just love linux even more.  Message tracking and just plain logging in Exchange is just unbearable.  I love the way it is so simple to get right to the problem a linux system.  <\/p>\n<p>Determining what has happened to message in Exchange is just a nightmare.  It seems even worse in Exchange 2013, but I know there is a lot of information there.  It would just be nice to see a simple standards based SMTP type of log.  I have yet to stumble on it in the mountain of logging options in EMS.  <\/p>\n<p>First, you have to set the event log level.  At least, I believe you do.  Regardless, it is something to note here, because it could useful for troubleshooting other kind of issues.<\/p>\n<p>To check the current event log levels:<\/p>\n<blockquote><p>[PS] C:\\>Get-EventLogLevel<\/p><\/blockquote>\n<p>I highly recommend piping this out to more, because there are a lot of them.  By default, almost all of the log levels are set to Lowest.  <\/p>\n<p>To change a log level:<\/p>\n<blockquote><p>[PS] C:\\>Set-EventLogLevel -Identity <em>identityname<\/em> -Level <em>newlevel<\/em><\/p><\/blockquote>\n<p>For example:<\/p>\n<blockquote><p>[PS] C:\\>Set-EventLogLevel -Identity <em>MSExchangeTransport\\SmtpReceive<\/em> -Level <em>High<\/em><\/p><\/blockquote>\n<p>To change the retention in days of the logs.  The default is 30 days.:<\/p>\n<blockquote><p>Set-TransportServer -Identity MY-SERVER -MessageTrackingLogMaxAge 90<\/p><\/blockquote>\n<p>Other options include:<\/p>\n<blockquote><p>MessageTrackingLogMaxDirectorySize (for example: 1000 MB)<br \/>\nMessageTrackingLogMaxFileSize (for example: 10 MB)<br \/>\nMessageTrackingLogPath (for example: L:\\ExchangeLogs)<\/p><\/blockquote>\n<p>[PS] C:\\>get-messagetrackinglog -start &#8220;6\/6\/2014 10:00:00&#8221; -end &#8220;6\/17\/2014 23:59&#8221; -recipient &#8220;recipientemailaddress&#8221; -sender &#8220;senderemailaddress&#8221; | format-list | more<\/p>\n<p>If you get a log of output, you may need to use ResultSize to increase the number of items listed.  Also, you can use Select to selectively choose your display columns:<\/p>\n<p>[PS] C:\\>get-messagetrackinglog -start &#8220;6\/6\/2014 10:00:00&#8221; -end &#8220;6\/17\/2014 23:59&#8221; -EventID RECEIVE -ResultSize 10000 -recipient &#8220;recipientemailaddress&#8221; -sender &#8220;senderemailaddress&#8221; | Select Recipients,Sender,MessageSubject,TimeStamp<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Sometimes I just love linux even more. Message tracking and just plain logging in Exchange is just unbearable. I love the way it is so simple to get right to the problem a linux system. Determining what has happened to message in Exchange is just a nightmare. It seems even worse in Exchange 2013, but [&#038;hellip<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[358,125,381,382],"class_list":["post-1098","post","type-post","status-publish","format-standard","hentry","category-documentation","tag-ems","tag-exchange","tag-message","tag-tracking"],"share_on_mastodon":{"url":"","error":""},"_links":{"self":[{"href":"https:\/\/jim-zimmerman.com\/index.php?rest_route=\/wp\/v2\/posts\/1098","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/jim-zimmerman.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jim-zimmerman.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jim-zimmerman.com\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/jim-zimmerman.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1098"}],"version-history":[{"count":7,"href":"https:\/\/jim-zimmerman.com\/index.php?rest_route=\/wp\/v2\/posts\/1098\/revisions"}],"predecessor-version":[{"id":1693,"href":"https:\/\/jim-zimmerman.com\/index.php?rest_route=\/wp\/v2\/posts\/1098\/revisions\/1693"}],"wp:attachment":[{"href":"https:\/\/jim-zimmerman.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1098"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jim-zimmerman.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1098"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jim-zimmerman.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1098"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}