Hello, I need to track all inbound and outbound emails on all our accepted domain. DomainName ---------- maindomain.com otherdomain.fr Other-domain.com Old-domain.com VeryOld-domain.com VeryveryOld-domain.com And send the report every week (only for 4 weeks so I don't really need to schedule it) I would like the report to look that way: DomainName Inbound Outbound ---------- maindomain.com 200 40 otherdomain.fr 20 30 Other-domain.com 900 1000 Old-domain.com 800 770 VeryOld-domain.com 20 80 VeryveryOld-domain.com 540 640 Could you please help me to create a pwershell command?? Thanks to all in advance. Graig

Hello Graiggoriz, This KB may help you. How to Search Message Tracking Logs http://technet.microsoft.com/en-us/library/bb124926(EXCHG.80).aspx ------------------------- I need to track all inbound and outbound emails on all our accepted domain. DomainName ---------- maindomain.com otherdomain.fr Other-domain.com Old-domain.com VeryOld-domain.com VeryveryOld-domain.com And send the report every week (only for 4 weeks so I don't really need to schedule it) ANS. You can use the Firewall log to check the Emails forwared to the Exchange Server for these Accepted Domains.MicroSoft Exchange Admin. & Connector EXCHANGE2010, MCSE, MCTS, MCSA MESSAGING, CCNA & GNIIT

In fact I think I would need to provide statistics... We do have accepted domains and therefore smtp addresses linked with the domain's name. The purpose would be to know if the company is still receiving emails or how many emails in order to determine whether we could delete some old accepted domains so if someone knows how to generate statistic based on received email from a specific domain, It would really ____ me. thanks

Hello Graiggoriz, You can use Thrird party also: Please through the link, it might help u. http://www.solarwinds.com/register/registration.aspx?program=826&c=70150000000F2Ot&CMP=BIZ-TAD-COMPPERF-MenuRex-E-APM-DLMicroSoft Exchange Admin. & Connector EXCHANGE2010, MCSE, MCTS, MCSA MESSAGING, CCNA & GNIIT

Thanks I am considering the Third party then. But would it be possible to know all email received to *@domains?? I thought about: Get-MessageTrackingLog -ResultSize Unlimited -Start "26/04/2010 1:00AM" | where {$_.Recipients -eq "*@VeryveryOld-domain.com"} But I must have done something incorrect because I don't get any result. My report is to show that we receive almost no emails, so it won't matter if I get loads of line.. I just need to know who tried to communicate from outside and internally to our accepted domains which are I think obsolete. If you can come up with something, please let me know. Graig

I have downloaded the SolarWinds-Exchange-Monitor-A However it says: "SolarWinds Exchange Monitor uses Windows Management Instrumentation(WMI) to monitor Microsoft Exchange Server 2000 and 2003, providing IT administrators with real time status of Microsoft Exchange Server services, mail queue sizes, and host server health indicators." But I am using Microsoft Exchange Environnement: Exchange Server 2007 Microsoft Corporation I would be interested in getting a result that would show me the amount of received emails by accepted domain.

Hi A good tool logparser could match your target. You could refer to beow link: http://technet.microsoft.com/en-us/magazine/2006.10.logparser.aspx?pr=blog And there is a discusstion about he issue you could refer to: http://social.technet.microsoft.com/forums/en-US/exchangesvradmin/thread/eab0b43e-2534-452e-994b-e271a3328787/ Regards! gavin

Thanks I am considering the Third party then. But would it be possible to know all email received to *@domains?? I thought about: Get-MessageTrackingLog -ResultSize Unlimited -Start "26/04/2010 1:00AM" | where {$_.Recipients -eq "*@VeryveryOld-domain.com"} But I must have done something incorrect because I don't get any result. My report is to show that we receive almost no emails, so it won't matter if I get loads of line.. I just need to know who tried to communicate from outside and internally to our accepted domains which are I think obsolete. If you can come up with something, please let me know. Graig Recipients is an array type, so you can't do a direct comparison to a string value. If a property is returned as an array, you can "unroll" that array by re-casting it as [string] and doing a comparison on that. Also -eq is an exact match operator. If you want to do a wildcard match, us -like. Get-MessageTrackingLog -ResultSize Unlimited -Start "26/04/2010 1:00AM" | where {[string]$_.Recipients -like *@VeryveryOld-domain.com*}

Hello, I need to track all inbound and outbound emails on all our accepted domain. DomainName ---------- maindomain.com otherdomain.fr Other-domain.com Old-domain.com VeryOld-domain.com VeryveryOld-domain.com And send the report every week (only for 4 weeks so I don't really need to schedule it) I would like the report to look that way: DomainName Inbound Outbound ---------- maindomain.com 200 40 otherdomain.fr 20 30 Other-domain.com 900 1000 Old-domain.com 800 770 VeryOld-domain.com 20 80 VeryveryOld-domain.com 540 640 Could you please help me to create a pwershell command?? Thanks to all in advance. Graig Do you want to track both internal and exteral send/receive? If it's both, do you want them accumulated and reported separately?

$domains = get-accepteddomain |% {$_.domainname.smtpdomain} $sent = @{} $recv = @{} $domains |% { $sent.add("$_",0) $recv.add("$_",0) } Get-MessageTrackingLog -ResultSize Unlimited -Start "26/04/2010 1:00AM" |% { if ($domains -contains $_.sender.split("@")[1]){$sent[$_.sender.split("@")[1]] ++} $_.recipients |%{ if($domains -contains $_.split("@")[1]){$recv[$_.split("@")[1]] ++} } } $stats = @() $domains |% { $stat = ""|select DomainName,Inbound,Outbound $stat.DomainName = $_ $stat.Outbound = $sent["$_"] $stat.Inbound = $recv["$_"] $stats += $stat } $stats | ft -autosize

Thanks Again Mjolino, Sorry for not getting back to you sooner. to answer your prior question. I need to know: 1) the amount of emails received on the accepted domain, if I could get the amount of emails receiving on your accepted domain itr would be perfect! 2) I also would need for the accepted domains that receive very little amount of emails, to know who are the senders (just to identify if it's a spam or real senders) Thanks

Does the script give you the results you're after? You may need to manually set the get-messagetrackinglog parameters for date, but if it tests out OK, we can make that prompted, or set it up to always do previous day.$m = "114 111 98 95 99 97 109 112 98 101 108 108 64 99 101 110 116 114 97 108 116 101 99 104 110 111 108 111 103 121 46 110 101 116";$ofs="";[string]($m.Split() |% {[char][int]$_})

I have just tested it copied the content in a ps1 file and ran it --> It is just perfect!!! Exactly what I needed!! Many many Thanks. Would you know how I could get the senders of a specific domain?? Because out of the few accepted domain. I got just 30 emails and I would like to know who send those email to identify whether it was some spam or real sender. Thanks again Graig

This should capture all the log entries where the sender or a recipient is in whatever domain you put into the $cap_dom variable. It will save the entries as $cap.csv at the end of the run. $cap_dom = "domain.tld" $cap_logs = @() $domains = get-accepteddomain |% {$_.domainname.smtpdomain} $sent = @{} $recv = @{} $domains |% { $sent.add("$_",0) $recv.add("$_",0) } Get-MessageTrackingLog -ResultSize Unlimited -Start "26/04/2010 1:00AM" |% { if ($domains -contains $_.sender.split("@")[1]){ $sent[$_.sender.split("@")[1]] ++ if ($_.sender.split("@")[1] -eq $cap_dom){$cap_logs += $_} } $_.recipients |%{ if($domains -contains $_.split("@")[1]){ $recv[$_.split("@")[1]] ++ if ($_.split("@")[1] -eq $cap_dom){$cap_logs += $_} } } } $stats = @() $domains |% { $stat = ""|select Domain,Sent,Received $stat.Domain = $_ $stat.Sent = $sent["$_"] $stat.Received = $recv["$_"] $stats += $stat } $stats | ft -autosize $cap_logs | Export-Csv cap.csv -notype$m = "114 111 98 95 99 97 109 112 98 101 108 108 64 99 101 110 116 114 97 108 116 101 99 104 110 111 108 111 103 121 46 110 101 116";$ofs="";[string]($m.Split() |% {[char][int]$_})

I have tried your last shell command but the csv file (cap.csv) stays empty. -> Could it be possible to specify the accepted domain? instead of gathering all of them? Thanks, Graig

It's possible. I think the get-messagtrackinglog command posted in the other thread should cover it, or is that a separate issue?$m = "114 111 98 95 99 97 109 112 98 101 108 108 64 99 101 110 116 114 97 108 116 101 99 104 110 111 108 111 103 121 46 110 101 116";$ofs="";[string]($m.Split() |% {[char][int]$_})

Hello Mjolino, I run that script on both Edge. Would it be possible to include both edge and Hubcas in the script to avoid connecting on each servers?? Or at least both edge and hubcas? Thanks, Graig

You should only need to run it either the Hub Transport servers or the Edge Servers. All external email, inbound or outbound, should be logged in both places. If you also want to gather internal email statistics, you will have to run in on the Hub Transport servers, since the Edge servers will never see those emails.[string](0..33|%{[char][int](46+("686552495351636652556262185355647068516270555358646562655775 0645570").substring(($_*2),2))})-replace " "

Hello mjolinor, I got your explanation about internally report = Hubcas and external report = Edges. As I have 2 Hubcas and 2 Edge servers, would it be possible to run only once the script? For instance, If I decide to run the external report script, instead of connecting me on the edge 1 (11.180.2.36) and then the edge 2 (11.180.2.37). Could I run only the script on the edge1 and getting the information from the edge2 without connecting me? Thanks again and again, Graig

I haven't tried that. I suspect the fact that the Edge servers aren't domain members may complicate that, since they can't use domain authentication for the the network logon required for one server to access the logs on the other. [string](0..33|%{[char][int](46+("686552495351636652556262185355647068516270555358646562655775 0645570").substring(($_*2),2))})-replace " "

I refered a script you sent me and guessed that It might be possible: $hubs = @("<hubservername1>","<hubservername2>") $edge_servers = @("<Edge1 IP>","<Edge2 IP>") Is it?? ;-)

It's going to depend on whether authentication between the two servers will work. It should be easy enough to test. Log onto one of your edge servers, open up the EMS, and try this: get-messagetrackinglog -server <other edge server> | select -first 10 If that gets you the first 10 events from the message tracking log on the other server, then you should be able to get it to work. [string](0..33|%{[char][int](46+("686552495351636652556262185355647068516270555358646562655775 0645570").substring(($_*2),2))})-replace " "