Search message tracking logs

Message tracking records the message activity as mail flows through the transport pipeline on Mailbox servers and Edge Transport servers. You can use the Get-MessageTrackingLog cmdlet in the Exchange Management Shell to search for entries in the message tracking log by using specific search criteria. For example:

  • Find out what happened to a message that was sent by a user to a specific recipient.
  • Find out if a transport rule acted on a message.
  • Find out if a message sent from an Internet sender made it into your Exchange organization.
  • Find all messages sent by a specified user during a specified time period.

This example searches the message tracking logs on the local server for all entries from 2/20/2018 8:00 AM to 2/20/2015 5:00 PM for all FAIL events where the message sender was sender@mutega.se

Get-MessageTrackingLog -ResultSize Unlimited -Start ”2/20/2018 8:00AM” -End ”2/20/2018 5:00PM” -EventId ”Fail” -Sender ”sender@mutega.se”

This example searches the message tracking logs on the local server for all entries from 2/20/2018 8:00 AM to 2/20/2015 5:00 PM for all emails sent to to@mutega.com where the message sender was sender@mutega.se

Get-MessageTrackingLog -ResultSize Unlimited -Start ”2/20/2018 8:00AM” -End ”2/20/2018 5:00PM” -EventId ”Fail” -Sender ”sender@mutega.se” -Recipients ”to@mutega.com”

More info (Source article): https://technet.microsoft.com/en-us/library/bb124926%28v=exchg.160%29.aspx?f=255&MSPPError=-2147217396