Message Tracking Inquiry

by GTRnPosh at 2013-04-16 09:39:09

Hello to all! I am new as a member to this website but have frequented it many, many times for learning.

I have a peculiar problem, which I’m hoping I can use Powershell to solve.

I’ve been tasked at work with finding out how often each Universal Distribution Group we have in our Exchange environment is being emailed.

Normally, I would simply query the Message Tracking logs on the single Transport server we have with a foreach loop using a csv with all the names of the distribution lists, and output the results. However, when attempting to do this for hundreds of distribution lists on the Transport server itself, system performance suffers significant negative impact.

Thus, I need to copy message tracking logs on the server itself to my local computer, and query them. What I was hoping to be able to do was invoke a cmd statement to check a log name for names of distribution lists I pre-specify, and append the results to a text file.

Thus far, this is the code that I’ve created that does not work.


Set-Location \mycomputer\c$\users\myusername\desktop\messagelogs
$logfile:global = Read-Host "Enter log file name to check"
$distros:global = import-csv \mycomputer\c$\users\myusername\desktop\messagelogs\alldistros.csv
$getresults = Invoke-Item cmd find /i $name $logfile:global | find /c "ROUTING,EXPAND" >> results.txt

function startrunning {
$logfile:global
$distros:global | foreach ($name in $names) {$getresults}
}
startrunning


The error I get is as follows:

Unexpected token ‘in’ in expressions or statement.

Could someone help explain why this fails? Is there a better way (I’m sure) of finding this information without querying an Exchange transport server directly?

Thank you in advance, great ninjas of code.
by mjolinor at 2013-04-16 09:54:44
I’d do this:

get-messagetrackinglog -server <server name> -eventid expand -resultsize unlimited |
select -expandproperty RelatedRecipientAddress |
foreach {$DLs = @{}}{$DLs[$]++}{}

$DLs


Make one pass through the logs, collecting counts on all the instances of DL expansion, then filter out the ones you want to report on.
by GTRnPosh at 2013-04-16 13:29:54
Thank you for the suggestion mjolinor.

[quote]get-messagetrackinglog -server <server name> -eventid expand -resultsize unlimited |
select -expandproperty RelatedRecipientAddress |
foreach {$DLs = @{}}{$DLs[$
]++}{}

$DLs[/quote]

While the above suggestion of your would work, it doesn’t particularly answer my initial question. I’m not asking how to search a server’s message tracking logs directly.

My question is how to search a copy of those logs that I have on my local workstation, because the exchange server with the actual logs on it is suffering performance issues if queried that many times all at once, as that singular server serves multiple Exchange roles.

Thanks anyway
by mjolinor at 2013-04-16 14:02:06
[quote]My question is how to search a copy of those logs that I have on my local workstation, because the exchange server with the actual logs on it is suffering performance issues if queried that many times all at once, as that singular server serves multiple Exchange roles.
[/quote]

Working with a copy of the message tracking logs will be more difficult. I’d suggest you investgate LogParser for that.

I don’t quite understand the concern about performance issues if the server is queried "that many times’. The code I posted will only query the server once, and only for the Expand events.
by GTRnPosh at 2013-04-16 14:28:13
My apologies here, mjolinor.

In the past, this type of information regarding how often distribution lists were getting emailed was being gathered in a different manner through another person’s powershell script that was being run on the local Exchange server.

I am still fairly new to Powershell. Could you explain what the foreach statement on line 3 is doing exactly?
by mjolinor at 2013-04-16 14:39:33
It appears to be doing a simple text search of some .csv files.

It’s hard to say beyond that. I can’t tell if those are really .csv files, or copies of the log files. If they’re .csv, then there would be some process creating them that’s reading the messagetracking logs and exporting them to .csv.
by GTRnPosh at 2013-04-17 06:52:27
Thanks again.

Could you clarify the process(es) of the the command on line 3?

foreach {$DLs = @{}}{$DLs[$_]++}{}

Based on what was provided, how is this searching a CSV at all? I’m still somewhat confused about what your example code is actually doing.

Please help
by mjolinor at 2013-04-17 07:18:30
It’s not searching a .csv file.

It’s searching the message tracking logs (using get-messagetrackinglog) for Expand events, grabbing the RelatedRecipientAddress (that will be the smtp address of the DL that was expanded) and using a hash table accumulator to keep track of how many times each address appears in the events.

Some explanation of how a hash table accumulator works here:

http://mjolinor.wordpress.com/2012/01/29/powershell-hash-tables-as-accumulators/

I’m kind of finding the idea of an Exchange server that can’t handle doing that really odd. If it was that stressed for resources your users should be complaining about it constantly.
by GTRnPosh at 2013-04-17 07:39:09
Thanks for the link, wonderfully helpful!

I appreciate all of your advice, and I’ve definitely learned some cool new tricks that I will have to try out.