Exchange Me!

Dec 14 2007   7:24AM GMT

Exchange Message Tracking – A Great Tool!!

B00M3R John Bostock Profile: B00M3R

Exchange has a great feature called message tracking that enables you to track messages. It works for both directions inbound/outbound – it also does internal messages. This function has a low overhead so I leave it enabled so I can get my hands on the info when I want,  although I do have a large amount of emails that pass through my organization on a daily basis so I set log removal to be low.


Here is the scenario. Your Boss calls at the wrong moment as per usual raving about a SUPER important email message that never got delivered. So what do you do? This is when you need to know how to use Message Tracking so let’s have a look at how.

How to Enable

1.       Open ESM go to servers
2.       Right click on the server and choose properties
3.       Select these options “enable subject logging and display” “enable message tracking”
4.       “Remove log files” This option set to 30 days which is long enough. If you have massive traffic consider lower times say 7-10 days.
5.       Also check out the location of the log files. Keep them away from the main store on a separate drive if possible.

Now mine looks slightly different because I do mine through a server policy as I have multiple Exchange servers. Although greyed out you can see the ticks and where I store them.

Now let’s look at Tracking Messages.

Once tracking has been running for a while you will have collected some information, then we can track messages. Let’s look at how

1.       Open ESM and then go to tools
2.       Scroll down to Message Tracking Center
3.       Choose the server you want to track the message from. This of course will be the server that the user has his or her mailbox on, depending on whether you want to track inbound or outbound messages.

At this point we can search even though nothing else is configured. But this will result in heaps of results up to a max of 1000 every message since midnight will be processed. Best case – use the other fields to narrow the search results. Once the system finds the message you can double click it which will show what exchange did with the message.

Tracking log files will be stored (by default) in a folder located at x:\Program Files\Exchsrvr\servername.log, where x is the volume you have installed Exchange Server onto. Inside this folder you will find a text file for each day that logs are being retained for. You can open these files and work from them if you want, but I would recommend doing it in Excel as the files are tab-delimited and very hard to sort through otherwise.  

Ok so we have a great way of searching and finding out what has happened with an email. Now that’s it but we can advance things a bit by utilizing third party tools and REALLY bringing Message Tracking ALIVE.

Check out these links for advanced use of Message Tracking. If you search the web you will find various software, some users have created scripts to work with these logs – Just make sure you test them and not in your live enviroment 🙂

Exchange Log Analyzer    Promodag Now This is great software


2  Comments on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.
  • RichardAsif
    Have you heard about archive manager ? It's great solution for controlling all messages that is passing through Exchange server. It captures everything to a central repository where you can easily search and archive messages. It's also great disk space saver. For example, you have a couple of messages with the same big attachment archive manager will store only one copy of it. The solution supports Exchange 2000, 2003 and 2007.
    0 pointsBadges:
  • RichardAsif
    ooops... something wrong with the link... the correct one: [A href=""]Archive Manager[/A]
    0 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: