Exchange Message Tracking - A Great Tool!!
Posted by: John Bostock
Microsoft Windows, Mobile, ESM, Exchange, Message tracing, Message logging, Exchange Tracking Center
Exchange has a great feature called message tracking that enables you to track messages. It works for both directions inbound/outbound – it also does internal messages. This function has a low overhead so I leave it enabled so I can get my hands on the info when I want, although I do have a large amount of emails that pass through my organization on a daily basis so I set log removal to be low.
—————————————————————————————————————————————————————–
Here is the scenario. Your Boss calls at the wrong moment as per usual raving about a SUPER important email message that never got delivered. So what do you do? This is when you need to know how to use Message Tracking so let’s have a look at how.
How to Enable
1. Open ESM go to servers 
2. Right click on the server and choose properties
3. Select these options “enable subject logging and display” “enable message tracking”
4. “Remove log files” This option set to 30 days which is long enough. If you have massive traffic consider lower times say 7-10 days.
5. Also check out the location of the log files. Keep them away from the main store on a separate drive if possible.
Now mine looks slightly different because I do mine through a server policy as I have multiple Exchange servers. Although greyed out you can see the ticks and where I store them.
Now let’s look at Tracking Messages.
Once tracking has been running for a while you will have collected some information, then we can track messages. Let’s look at how
1. Open ESM and then go to tools
2. Scroll down to Message Tracking Center
3. Choose the server you want to track the message from. This of course will be the server that the user has his or her mailbox on, depending on whether you want to track inbound or outbound messages.
At this point we can search even though nothing else is configured. But this will result in heaps of results up to a max of 1000 every message since midnight will be processed. Best case - use the other fields to narrow the search results. Once the system finds the message you can double click it which will show what exchange did with the message.
Tracking log files will be stored (by default) in a folder located at x:\Program Files\Exchsrvr\servername.log, where x is the volume you have installed Exchange Server onto. Inside this folder you will find a text file for each day that logs are being retained for. You can open these files and work from them if you want, but I would recommend doing it in Excel as the files are tab-delimited and very hard to sort through otherwise.
Ok so we have a great way of searching and finding out what has happened with an email. Now that’s it but we can advance things a bit by utilizing third party tools and REALLY bringing Message Tracking ALIVE.
Check out these links for advanced use of Message Tracking. If you search the web you will find various software, some users have created scripts to work with these logs - Just make sure you test them and not in your live enviroment 
Exchange Log Analyzer Promodag Now This is great software
Comment
RSS Feed
Email a friend
You must be logged-in to post a comment. Log-in/Register