IT STORYs

Exchange 서버에서 메시지 추적 로그 파워쉘 본문

M365

Exchange 서버에서 메시지 추적 로그 파워쉘

295~ 2023. 6. 26. 16:16

Exchange on-prem 서버에서 수행

Get-ExchangeServer  | where {$_.serverRole -eq 'Mailbox'} | Get-MessageTrackingLog -Resultsize unlimited -sender <사용자계정> -Start 'YYYY-MM-DD hh:mm:ss' -End 'YYYY-MM-DD hh:mm:ss' | Select timestamp, sender, {$_.recipients}, messagesubject, internalmessageid, clinetip, clienthostname, serverip, serverhostname, connectorid, totalbytes, recipientcount, relatedrecipientaddress, EventID, Source, MessageID, NetworkMessageID, {$_.EventData}, {$_.recipientstatus},{$_.messageinfo}, MessagLatency, MessageLatencyType, ReturnPath, {$_.sourceContext}  | export-csv c:\temp\senderTrackingLog.csv -encoding utf8
 
Get-ExchangeServer  | where {$_.serverRole -eq 'Mailbox'} | Get-MessageTrackingLog -Resultsize unlimited -Recipients<사용자계정> -Start 'YYYY-MM-DD hh:mm:ss' -End 'YYYY-MM-DD hh:mm:ss' | Select timestamp, sender, {$_.recipients}, messagesubject, internalmessageid, clinetip, clienthostname, serverip, serverhostname, connectorid, totalbytes, recipientcount, relatedrecipientaddress, EventID, Source, MessageID, NetworkMessageID, {$_.EventData}, {$_.recipientstatus},{$_.messageinfo}, MessagLatency, MessageLatencyType, ReturnPath, {$_.sourceContext}  | export-csv c:\temp\RecipientsTrackingLog.csv -encoding utf8
 

 

EXO 파워쉘 연결 후 수행

Start-HistoricalSearch -ReportTitle "MessageTraceDetail01" -ReportType MessageTraceDetail  -RecipientAddress <사용자계정>  -StartDate <시작날짜> -EndDate <끝날짜>  -NotifyAddress  <관리자계정>
Start-HistoricalSearch -ReportTitle "MessageTraceDetail01" -ReportType MessageTraceDetail  -SenderAddress <사용자계정> -StartDate <시작날짜> -EndDate <끝날짜>  -NotifyAddress  <관리자계정>




위 명령 실행 후 Get-HistoricalSearch 를 실행하여 진행 상태 확인



Status done 이 되면 아래의 명령을 사용하여 나오는 fileurl 경로를 인터넷 주소창에 입력하여 다운로드
Get-HistoricalSearch Jobid xxxxx-xxxx-xxx-xxxxxx | fl

 

Exchange on-prem 서버에서 수행

Get-ExchangeServer  | where {$_.serverRole -eq 'Mailbox'} | Get-MessageTrackingLog -Resultsize unlimited -sender <사용자계정> -Start 'YYYY-MM-DD hh:mm:ss' -End 'YYYY-MM-DD hh:mm:ss' | Select timestamp, sender, {$_.recipients}, messagesubject, internalmessageid, clinetip, clienthostname, serverip, serverhostname, connectorid, totalbytes, recipientcount, relatedrecipientaddress, EventID, Source, MessageID, NetworkMessageID, {$_.EventData}, {$_.recipientstatus},{$_.messageinfo}, MessagLatency, MessageLatencyType, ReturnPath, {$_.sourceContext}  | export-csv c:\temp\senderTrackingLog.csv -encoding utf8
 
Get-ExchangeServer  | where {$_.serverRole -eq 'Mailbox'} | Get-MessageTrackingLog -Resultsize unlimited -Recipients<사용자계정> -Start 'YYYY-MM-DD hh:mm:ss' -End 'YYYY-MM-DD hh:mm:ss' | Select timestamp, sender, {$_.recipients}, messagesubject, internalmessageid, clinetip, clienthostname, serverip, serverhostname, connectorid, totalbytes, recipientcount, relatedrecipientaddress, EventID, Source, MessageID, NetworkMessageID, {$_.EventData}, {$_.recipientstatus},{$_.messageinfo}, MessagLatency, MessageLatencyType, ReturnPath, {$_.sourceContext}  | export-csv c:\temp\RecipientsTrackingLog.csv -encoding utf8
 
저작자표시
'M365' Related Articles more
Comments