The UTC date-time of the message tracking event. There was a spam attack in our organization. Hey guys, have you ever had this scenario? Example values include Incoming , Undefined , and Originating. Exchange Server – General Discussion https: Feedback We’d love to hear your thoughts.

Uploader: Gabei
Date Added: 6 May 2007
File Size: 23.69 Mb
Operating Systems: Windows NT/2000/XP/2003/2003/7/8/10 MacOS 10/X
Downloads: 38891
Price: Free* [*Free Regsitration Required]

The different log file names are described in the following table. The ex Test has smtp Relay has two IPs to it. Another way we could have approached ztoredriver is to search the transport rules for those that match a criteria. The event source was human intervention. Example entries in the message tracking log An uneventful message sent between two users generates several entries in the message tracking log.

On the old system we have SMTP forwarding setup to forward mail to the new system. You should also look at the Source and Recipients fields when inspecting messages with this event.

If you find my post to be helpful in anyway, please click vote as helpful.

Tracking messages in Exchange 2013 log files – easy and quick!

Awesome resource, thanks a million! Next, I sort the events by time stamp, and look at the EventId, Source, and MessageSubject fields because we already know the message subject was modified.


The event source was an Inbox rule.

That way I can understand the impact to the business. For more information, see Shadow redundancy in Exchange Server.

Message tracking

E-mail required, but will not display. Like email which received from Sykpe for Business that contain the conversation. A shadow message was discarded after the primary copy was delivered to the next hop. Hello Paul, Good article, thanks. The values in the source field in the message tracking log indicate the transport component that’s responsible for the message tracking event.

Exchange Tracking logs EventId: RECEIVE and HARECEIVE ?

I’ve now got thousands of records that I can begin to filter and dissect in different ways without having to re-run my query. Hey guys, have you ever had this scenario?

During the expansion of the distribution group, a duplicate recipient was detected. The value is Microsoft Exchange Server.

She wants the following matrix: Renaming old log files or copying other files into the message tracking log folder could cause the folder to exceed its specified maximum size. So, that’s one way to find a rule by using message tracking logs to determine which rule ID was applied to the message. The value of the Message-Id: Trackung values are described in the Source values in the message mesxage log section later in this topic. This field isn’t important in on-premises Exchange organizations.


This site uses cookies.

A message was automatically resubmitted from Safety Net. I have run this script: For more information about poison messages and the poison message queue, see Storedtiver. What I need to pull out is the: Recipients and split up multi-value results into unique email addresses.

For more information about moderated recipients, see Moderated Transport. Mssage you can see, there are a few different ways that you can look for which transport rule or rules has been applied to an email message.