Archive

Archive for the ‘Message Tracking’ Category

Version 2.1 of WizBang Exchange Message Tracker

October 18, 2012 24 comments

Version 2.1 of WizBang Exchange Message Tracker is now available.

Bug Fixes:

  • Fixed bug where hours on graph were sometimes wrong
  • Fixed bug where messages with multiple recipients were counted in sent totals for each recipient. Each unique sent message is now counted a maximum of once in internal sent total and once in external sent total.
  • Added code to check for null values in $unkey, $sndarray, and $recparray before attempting to add to collection

New Functionality:

  • Added export to html button on dashboard

Please see this post for details on the WizBang Exchange Message Tracker.

You can download the latest version here (change extension to .ps1).

Advertisements

WizBang Exchange Message Tracker 2.0

September 6, 2012 38 comments

UPDATE: Version 2.1 is available. For details, click here.

The Exchange tracking logs provide a wealth of information about mail flow through your organization. Unfortunately, the tools that ship with Exchange aren’t very good at leveraging this information in a useful way. You can use the message tracking tool that ships with EMC to search for specific logs but beyond viewing the raw log data, there isn’t much information available. Fortunately, Microsoft has provided us with powershell and powershell can be used in all sorts of interesting ways to gather, aggregate and present data in useful summaries and reports.

One of the great things about powershell and the IT community is that there are plenty of people who have built powershell scripts to solve problems, automate or streamline tasks, and gather and present data. Most people are more than happy to share their scripts with anyone who would like to use them. Those scripts are then sometimes improved or built upon by someone else. I was recently searching for a way to analyze message tracking logs and I came across this blog post. Glen Scales built a powershell script that uses a Windows form GUI to gather Exchange message tracking logs and present a summary of mail flow statistics, including graphs and charts that are built with the Google Charts API. Glen called his script “WizBang 2007 Message Tracker”. While I really like Glen’s script, I decided to make some changes and improvements to better suite the information I needed to get out of the script. Thus “WinzBang Exchange Message Tracker 2.0” was born.

Overview

This script uses Windows forms to accept input and display output. There are five tabs on the form (explained in detail below). The user selects query setting for the search on the first tab. Once the search has been completed, the summary results are displayed on the dashboard tab. The email summaries tab shows a summary of email statistics for each internal recipient. Message tracking logs for a specific user can also be displayed on this tab. The tracking data tab shows raw tracking logs for the period of the search. The final tab is used to find and display individual messages using the EWS service.

Changes in Version 2.0

  • Changed Server Name drop-down list
    • Limited server list to Exchange 2007/2010 Hub Transport, Mailbox, and Edge Transport roles (Previously contained all Exchange servers in org, even legacy)
    • Added “All” to server list to enable searching all servers
  • Added quick date range options for Last Hour, Today, Previous 24 hours, and Previous 7 days (Previously only option was to manually pick starting and end time)
  • Added filter options to match default Exchange Message Tracker
  • Added check box to determine if raw data should be displayed (Raw data collection is system resource intensive)
  • Changed graphs and charts
    • Changed graph from vertical to horizontal
    • Changed graph to display internal, sent to external, and received from external (Previously just sent and received)
    • Changed graph to display data for full time of search query (Was previously last 6 hours max)
      • When time frame is less than 31 minutes, data is graphed in minute increments
      • When time frame is between 31 minutes and 8 hours, data is graphed in 15 minute increments
      • When time frame is between 9 and 24 hours, data is graphed in hourly increments
      • When time frame is greater than 24 hours, data is graphed in daily increments
    • Consolidated pie charts into one, which now displays totals for internal, sent to external, and received from external for total time frame
  • Broke out top senders/receivers report into four separate reports: top internal sender, top internal receiver, top external sender, top external receiver, which covers search time frame (Previously consolidated into one report that covered previous hour)
  • On Organizational Totals report, consolidated total internal received and total internal sent into just total internal as these two values are always equal
  • Excluded message journaling messages from reports (except raw data)
  • Raw tracking data now includes all events; not just SENT and RECEIVED

Prerequisites

To run this script, you need to have the Exchange 2007 or Exchange 2010 management tools installed.

To use the message find functionality, you need to have EWSUtil.dll in C:\temp. You can get the file here.

Query Settings Tab

Server Name

Message tracking logs are stored on Exchange servers with the Mailbox, Hub Transport, and Edge Transport roles. The server name drop-down is automatically populated with servers in your organization that hold those roles. You can select an individual server to search against, or you can search against all servers. Being able to search all servers is a major advantage over the message tracking feature in the Exchange tools, which is only able to search one server at a time.

Date Range

The date range to search tracking logs can be selected here. There are quick selection options for last hour, today, previous 24 hours, and previous 7 days. Additionally, custom date ranges can be selected.

Filter Criteria

Tracking logs can be filtered based on the same criteria used in the message tracking log searcher built into the Exchange tools. For example, logs can be filtered to look for a specific, sender, recipient, or message subject. This is helpful is you are trying to find information on a specific sender, recipient, or message.

Presentation Options

This option allows the user to choose whether or not to show raw tracking data. This option should only be selected for narrow searches as displaying large amounts of raw tracking date is system memory intensive.

Dashboard Tab

The dashboard tab displays a summary of message tracking log data, based on the search criteria. A graph of mail flow is displayed at the top of the window. Below the graph, there are four tables which show the top 5 internal recipients, internal senders, external recipients, and external senders. A table also shows the organizational totals broken down by internal email, received from external, and sent to external email. This table is accompanied by a pie chart.

Email Summaries Tab

This tab displays a summary of the number and size of emails sent and received by individual internal users in the top table. A user can be highlighted and the “Get Messages” button pressed to to display all the tracking logs related to that user in the bottom table. If the option to show raw tracking data was selected on the query settings tab, an individual cell is highlighted in the bottom table, the “Show Message” button can be pressed to populate fields on the Message Find tab. Both tables can be exported to csv files but pressing the appropriate export button.

Tracking Data Raw Tab

If the option to show raw tracking data was selected on the query settings tab, this tab displays the full raw message tracking data. This data is filtered based on the settings on the Query Settings tab.

Message Find Tab

You can use the Message Find tab to search a mailbox for a specific message, if you have the message ID. This will display the To, From, Subject, and body of the message. You can also download any attachments and view the message headers.

Note: There is an issue when Outlook users are in cached mode, as described in this KB article. You won’t be able to find messages in the user’s sent items folder if they are in cached mode.

DOWNLOAD SCRIPT (Change extension from to ps1)