How to keep Tracking of all incomming and outgoing mails on Exchange Server. RRS feed

  • Question

  • Hi,

    I have been using EWS (Exchange WebService) to search emails.  But our experience is not good, The search is too slow.  I am looking for alternative option.  So what i want to do is write a program that can attach itself to exchange server and watch every incomming and outgoing emails of every accounts, the program will then copy contents of From, To, CC and Subject fields into a SQLServer Database along with Unique EmailID assigned by Exchange Server to that email.

    Later when user search for emails it will be fast and easy for me to search in SQLServer.   The Search response for the user will be faster and then I will use EWS to query and get actual email based on Unique EmailID assigned by Exchange Server.

    Is this possible ?  Any sample code to create a watchdog kind of program which can be installed on Exchange Sever to monitor all accounts  and allows me to access properties of an Email ?


    PS: We are using Exchange Server 2007.

    Saturday, November 13, 2010 11:50 AM

All replies

  • I'd use PS script, running as a scheduled task to get the message tracking logs from the Hub Transport servers, and export that to csv.  All of the information you're after can be extracted from there.

    [string](0..33|%{[char][int](46+("686552495351636652556262185355647068516270555358646562655775 0645570").substring(($_*2),2))})-replace " "
    Saturday, November 13, 2010 12:16 PM
  • Hi

    Point 1.  In my case its a simple setup of Exchange Server 2007.  I am not sure what are " Hub Transport servers". 

    Point 2.  Can you share some info on PS script samples and how can i plug them into Exchange Server to get information i am after.



    Saturday, November 13, 2010 12:37 PM
  • An Exchange 2007 system consists of various server roles.  The miminum is 3 - Client Access, Hub Transport, and Mailbox. You may also have optional Unified Messaging and Edge Transport roles.  In a simple setup you will have the minimum 3 roles, all installed on the same server.  In larger installations they will be split up, and there may be multiple servers in each role.

    From the Exchange Management Shell on your server, run this:

    get-messagetrackinglog -resultsize 1000 | export-csv c:\temp\mtlog.csv -notype

    That will get you a sample of the message tracking logs as a csv so you can see what's available.

    For more information about the get-messagetrackinglog cmdlet, run

    get-help get-messagetrackinglog -full | more

    More information about the log events types and content of the fields is here:

    [string](0..33|%{[char][int](46+("686552495351636652556262185355647068516270555358646562655775 0645570").substring(($_*2),2))})-replace " "
    Saturday, November 13, 2010 1:08 PM
  • Hi

    I did check this. The log file contains many columns like

    EventId  (Receive, Resolve, Deliver, Fail,   etc )

    InternalMessageID (some numeric value , which is not unique )

    and MessageId ( like   "<478d527f-8cd1-4d7b-bca0-a88ca672faed>"    Or  <>)

    Q. Now my Question is How can i retrieve a particular mail in .EML or .MSG format based on information i get from above log fields .


    Monday, November 15, 2010 1:58 PM
  • Well, that's a much different question, and probably needs to be the subject of a new thread.
    [string](0..33|%{[char][int](46+("686552495351636652556262185355647068516270555358646562655775 0645570").substring(($_*2),2))})-replace " "
    Monday, November 15, 2010 2:08 PM