When using the EMC to search tracking logs, you cannot search with wildcards. You can use the Exchange Shell to do this.
Get-MessageTrackingLog returns an object with the following properties and methods:
|
Name
|
MemberType
|
Definition
|
|
—-
|
———-
|
———-
|
|
Equals
|
Method
|
bool Equals(System.Object obj)
|
|
GetHashCode
|
Method
|
int GetHashCode()
|
|
GetType
|
Method
|
type GetType()
|
|
ToString
|
Method
|
string ToString()
|
|
ClientHostname
|
Property
|
System.String ClientHostname {get;}
|
|
ClientIp
|
Property
|
System.String ClientIp {get;}
|
|
ConnectorId
|
Property
|
System.String ConnectorId {get;}
|
|
EventData
|
Property
|
System.Collections.Generic.KeyValuePair`2[[System.String, mscorlib, Version=2.0…
|
|
EventId
|
Property
|
System.String EventId {get;}
|
|
InternalMessageId
|
Property
|
System.String InternalMessageId {get;}
|
|
MessageId
|
Property
|
System.String MessageId {get;}
|
|
MessageInfo
|
Property
|
System.String MessageInfo {get;}
|
|
MessageLatency
|
Property
|
System.Nullable`1[[Microsoft.Exchange.Data.EnhancedTimeSpan, Microsoft.Exchange…
|
|
MessageLatencyType
|
Property
|
Microsoft.Exchange.Management.TransportLogSearchTasks.MessageLatencyType Messag…
|
|
MessageSubject
|
Property
|
System.String MessageSubject {get;}
|
|
RecipientCount
|
Property
|
System.Nullable`1[[System.Int32, mscorlib, Version=2.0.0.0, Culture=neutral, Pu…
|
|
Recipients
|
Property
|
System.String[] Recipients {get;}
|
|
RecipientStatus
|
Property
|
System.String[] RecipientStatus {get;}
|
|
Reference
|
Property
|
System.String[] Reference {get;}
|
|
ReturnPath
|
Property
|
System.String ReturnPath {get;}
|
|
Sender
|
Property
|
System.String Sender {get;}
|
|
ServerHostname
|
Property
|
System.String ServerHostname {get;}
|
|
ServerIp
|
Property
|
System.String ServerIp {get;}
|
|
Source
|
Property
|
System.String Source {get;}
|
|
SourceContext
|
Property
|
System.String SourceContext {get;}
|
|
Timestamp
|
Property
|
System.DateTime Timestamp {get;}
|
|
TotalBytes
|
Property
|
System.Nullable`1[[System.Int32, mscorlib, Version=2.0.0.0, Culture=neutral, Pu…
|
Given this information, we can use these properties to search tracking logs for required details. EG:
To get a list of all emails from any address @gmail.com between the dates 10-07-14 and 15-07-14, use the following command (must use MM/DD/YYYY date format, even though regional settings are for Australia!) (one line):
Get-MessageTrackingLog –ResultSize Unlimited –Start “07-10-2014” –End “07-15-2014” | where {$_.sender –like “*@gmail.com”}
Combining this with a select-object we can get specific details about the object returned. To show the TimeStamp, Source, Event ID, Sender, Recipients, Message Subject and Size, use the following (one line):
Get-MessageTrackingLog –ResultSize Unlimited –Start “07-10-2014” –End “07-15-2014” | where {$_.sender –like “*@gmail.com”} | Select-Object Timestamp, Source, EventID,Sender, {$_.Recipients}, MessageSubject,TotalBytes
You can also use Export-CSV to get the data into a CSV (one line):
Get-MessageTrackingLog –ResultSize Unlimited –Start “07-10-2014” –End “07-15-2014” | where {$_.sender –like “*@gmail.com”} | Select-Object Timestamp, Source, EventID,Sender, {$_.Recipients}, MessageSubject,TotalBytes | –Export-CSV –path export.csv
Search with a wildcard subject (not case sensitive) (one line):
Get-MessageTrackingLog –ResultSize Unlimited | where {$_.MessageSubject –like “*Dell*”} | Select-Object Timestamp, Source, EventID,Sender, {$_.Recipients}, MessageSubject,TotalBytes