You are here: Home / Tutorials / Searching Message Tracking Logs by Email Subject

Searching Message Tracking Logs by Email Subject

September 26, 2012 by 1 Comment

We’ve looked at searching Exchange Server message tracking logs by time/date range, and by sender or recipient email address.

Now it is time to look at how to use the email message subject as the search criteria.

Enabling/Disabling Message Tracking Log Subject Logging

The first thing to be aware of is that the message subject is an optional item for message tracking logs. Although the default setting is for subject logging to be enabled, you should verify that it is still configured that way if you wish to be doing log searches using the subject line as the criteria.

You can check all of your Transport servers at once using the Get-TransportServer cmdlet in PowerShell:

[PS] C:\>Get-TransportServer | select name,*subject* | ft -auto

Name           MessageTrackingLogSubjectLoggingEnabled
----           ---------------------------------------
HO-EX2010-MB1                                     True
HO-EX2010-MB2                                     True
BR-EX2010-MB                                      True
HO-EX2010-EDGE                                    True
HO-EX2007-MB1                                     True

If any of the servers are disabled (ie “False”) you can re-enable them using Set-TransportServer.

[PS] C:\>Set-TransportServer ho-ex2010-mb1 -MessageTrackingLogSubjectLoggingEnabled $true

Searching Message Tracking Logs by Message Subject

One of the nice things about using the -MessageSubject parameter for the Get-MessageTrackingLog cmdlet is that it already returns partial match results, so there is no need to pipe to Where-Object for wildcard searches or partial matches.

[PS] C:\>Get-MessageTrackingLog -MessageSubject "payroll"

EventId  Source   Sender                            Recipients                        MessageSubject
-------  ------   ------                            ----------                        --------------
RECEIVE  SMTP     Alan.Reid@exchangeserverpro.net   {David.Gower@exchangeserverpro... Payroll report for September
DELIVER  STORE... Alan.Reid@exchangeserverpro.net   {Alex.Heyne@exchangeserverpro.... Payroll report for September
DELIVER  STORE... Alan.Reid@exchangeserverpro.net   {David.Gower@exchangeserverpro... Payroll report for September
SUBMIT   STORE... Alan.Reid@exchangeserverpro.net   {}                                Payroll report for September

However, if we want to search on multiple criteria with and/or conditions we still need to use Where-Object.

[PS] C:\>Get-MessageTrackingLog -ResultSize Unlimited | Where-Object {$_.MessageSubject -match "payroll" -or $_.MessageSubject -match "meeting"}

EventId  Source   Sender                            Recipients                        MessageSubject
-------  ------   ------                            ----------                        --------------
RECEIVE  SMTP     Alan.Reid@exchangeserverpro.net   {Alan.Reid@exchangeserverpro.net} A meeting #1
HARED... ROUTING  Alan.Reid@exchangeserverpro.net   {Alan.Reid@exchangeserverpro.net} A meeting #1
SEND     SMTP     Alan.Reid@exchangeserverpro.net   {Alan.Reid@exchangeserverpro.net} A meeting #1
RECEIVE  STORE... Mahera.Bawa@exchangeserverpro.net {homeetingroom1@exchangeserver... A meeting about paper
TRANSFER ROUTING  Mahera.Bawa@exchangeserverpro.net {homeetingroom1@exchangeserver... A meeting about paper
DELIVER  STORE... Mahera.Bawa@exchangeserverpro.net {homeetingroom1@exchangeserver... A meeting about paper
RECEIVE  STORE... homeetingroom1@exchangeserverp... {Mahera.Bawa@exchangeserverpro... Accepted: A meeting about paper
DELIVER  STORE... homeetingroom1@exchangeserverp... {Mahera.Bawa@exchangeserverpro... Accepted: A meeting about paper
RECEIVE  SMTP     Alan.Reid@exchangeserverpro.net   {David.Gower@exchangeserverpro... Payroll report for September
DELIVER  STORE... Alan.Reid@exchangeserverpro.net   {Alex.Heyne@exchangeserverpro.... Payroll report for September
DELIVER  STORE... Alan.Reid@exchangeserverpro.net   {David.Gower@exchangeserverpro... Payroll report for September
SUBMIT   STORE... Alan.Reid@exchangeserverpro.net   {}                                Meeting minutes
SUBMIT   STORE... Alan.Reid@exchangeserverpro.net   {}                                A meeting #1
SUBMIT   STORE... Alan.Reid@exchangeserverpro.net   {}                                A meeting #2
SUBMIT   STORE... Alan.Reid@exchangeserverpro.net   {}                                Payroll report for September

As you can see searching message tracking logs based on message subject is quite simple.

Filed Under: Tutorials Tagged: , , , ,

About Paul Cunningham

Paul is a Microsoft Exchange Server MVP and publisher of Exchange Server Pro. He also holds several Microsoft certifications including for Exchange Server 2007, 2010 and 2013. Connect with Paul on Twitter and Google+.

Leave a Comment

*

We are an Authorized DigiCert™ SSL Partner.
Loading...

Still running Exchange 2003? Time to get moving and start your upgrade. Find out how - Click Here