Exchange Mail Logs

The sample scripts below allows extracting mail logs from Office 365 Exchange.

NOTE: You need to have an existing O365 PSSession. To connect to an O365 PSSession, check my other article for Connecting to Exchange Online PS Session

Getting Mail Logs based on Sender Email Address

Param (
    [Parameter(Mandatory=$True)]
    [string]$senderEmailAddress,
    [Parameter(Mandatory=$True)]
    [string]$hours_to_track_back
    )

$dateEnd = get-date 
$dateStart = $dateEnd.AddHours($("-" + $hours_to_track_back))
$message = Get-MessageTrace -StartDate $dateStart -EndDate $dateEnd -SenderAddress $senderEmailAddress -Pagesize 5000 -Page 1 | Select-Object Received,SenderAddress,RecipientAddress,Subject,Status

echo ""
echo "===== ===== ===== ====== ====="
echo "Basis: SENDER -> $senderEmailAddress"
echo "Back tracking $hours_to_track_back hour(s) from present."
echo "... ..."
echo "Begin Mail Delivery Log"
echo ""
echo "Status,Received,RecipientAddress,Subject"

foreach($x in $message)
{$($($x.Status)+"`t"+$($x.Received)+"`t"+$($x.RecipientAddress)+"`t"+$($x.Subject))}

echo ""
echo "===== ===== END OF OUTPUT ====== ====="

Getting Mail Logs Based on Recipients

Param (
    [Parameter(Mandatory=$True)]
    [string]$RecipientAddress,
    [Parameter(Mandatory=$True)]
    [string]$hours_to_track_back
    )

$dateEnd = get-date 
$dateStart = $dateEnd.AddHours($("-" + $hours_to_track_back))
 
$message = Get-MessageTrace -StartDate $dateStart -EndDate $dateEnd -RecipientAddress $RecipientAddress -Pagesize 5000 -Page 1 | Select-Object Received,SenderAddress,RecipientAddress,Subject,Status

echo ""
echo "===== ===== ===== ====== ====="
echo "Basis: RECIPIENT -> $RecipientAddress"
echo "Back tracking $hours_to_track_back hour(s) from present."
echo "... ..."
echo "Begin Mail Delivery Log"
echo "... ..."
echo ""
echo "Status, Received,SenderAddress,Subject"
foreach($x in $message)
{ $($($x.Status)+"`t"+$($x.Received)+"`t"+$($x.SenderAddress)+"`t"+$($x.Subject))}

echo ""
echo "===== ===== END OF OUTPUT ====== ====="

Getting Mail Logs Based on Sender, Filter by Subject

Param (
    [Parameter(Mandatory=$True)]
    [string]$SenderAddress,
    [Parameter(Mandatory=$True)]
    [string]$Subject,
    [Parameter(Mandatory=$True)]
    [string]$hours_to_track_back
    )
$dateEnd = get-date 
$dateStart = $dateEnd.AddHours($("-" + $hours_to_track_back))
$message = Get-MessageTrace -StartDate $dateStart -EndDate $dateEnd -SenderAddress $SenderAddress -Pagesize 5000 -Page 1 | Select-Object Received,SenderAddress,RecipientAddress,Subject,Status
echo ""
echo "===== ===== ===== ====== ====="
echo "Basis: RECIPIENT -> $SenderAddress"
echo "Back tracking $hours_to_track_back hour(s) from present."
echo "... ..."
echo "Begin Mail Delivery Log"
echo "... ..."
echo ""
echo "Status, Received,RecipientAddress,Subject"
foreach($x in $message)
{ if($($x.Subject) -like "*$Subject*")
  { $($($x.Status)+"`t"+$($x.Received)+"`t"+$($x.RecipientAddress)+"`t"+$($x.Subject))}

}
echo ""
echo "===== ===== END OF OUTPUT ====== ====="

Exchange Mail Logs

Share this: