Message Tracking in Exchange Server 2007

Message Tracking in Exchange Server 2007

A message tracking log is a detailed log of all message activity as messages are transferred to and from a computer that is running Microsoft Exchange Server 2007 and that has the Hub Transport server role, the Mailbox server role, or the Edge Transport server role installed. Exchange servers that have the Client Access server role or Unified Messaging server role installed don't have message tracking logs. They can be utilized for message forensics, mail flow analysis, reporting, and troubleshooting.

The Set-TransportServer cmdlet is used for all message tracking configuration tasks on a Hub Transport server or Edge Transport server. The Set-MailboxServer cmdlet is used for all message tracking configuration tasks on a Mailbox server. For servers that have the Hub Transport server role and the Mailbox server role installed, the Set-TransportServer cmdlet or the Set-MailboxServer cmdlet can be used to make the following message tracking configuration changes:

• Enable or disable message tracking. The default is enabled.
• Specify the location of the message tracking log files.
• Specify a maximum size for the individual message tracking log files.
• Specify a maximum size for the directory that contains the message tracking log files.
• Specify maximum age for the message tracking log files. The default is 30 days.
• Enable or disable message subject logging in the message tracking logs. The default is enabled.

By default, the Exchange Server 2007 server uses circular logging to limit message tracking logs based on both file size and age. Circular logging helps control the hard disk space that is used by the log files. The naming convention for log files in the message tracking log directory is MSGTRKyyyymmdd-nnnn.log. The placeholders represent the following information:

• The placeholder yyyymmdd is the coordinated universal time (UTC) date on which the log file was created. yyyy = year, mm = month, and dd = day.
• The placeholder nnnn is an instance number that starts at the value of 1 for each day.

Information is written to the log file until the file size reaches its maximum specified value. Then a new log file that has an incremented instance number is opened. This process is repeated throughout the day. Circular logging deletes the oldest log files when either of the following conditions is true:

• The message tracking log directory reaches its maximum specified size.
• A log file reaches its maximum specified age.

The message tracking log files are text files that contain data in the comma separated value (CSV) format. Each message tracking log file has a header that contains the following information:

• #Software - The name of the software that created the message tracking log file. Typically, the value is Microsoft Exchange Server.
• #Version - The version number of the software that created the message tracking log file. Currently, the value is 8.0.0.0.
• #Log-Type - The value of this field is Message Tracking Log.
• #Date - The UTC date on which the log file was created yyyy-mm-ddhh:mm:ss.fffZ, where yyyy = year, mm = month, dd = day, hh = hour, mm = minute, ss = second, fff = fractions of a second, and Z signifies Zulu, which is another way to denote UTC.
• #Fields - The comma-delimited field names that are used in the message tracking log files.