RE: SMTP traffic monitoring - thanks Rob!
Agreed! I used to be pretty proficient with DOS back in the day and even today
I still write batch files to accomplish various tasks - barely a week goes by
that I don't create one), so Powershell isn't all that intimidating I just
don't need it very often.
From: Campbell, Rob [mailto:rob_campb...@centraltechnology.net]
Sent: Wednesday, March 10, 2010 2:33 PM
To: MS-Exchange Admin Issues
Subject: RE: SMTP traffic monitoring - thanks Rob!
Powershell is good stuff :)
From: David Lum [mailto:david@nwea.org]
Sent: Wednesday, March 10, 2010 4:31 PM
To: MS-Exchange Admin Issues
Subject: RE: SMTP traffic monitoring - thanks Rob!
I just needed to get a feel for what's hit the SMTP server in the last 30 days
(err, 350,000 records after changing the result size). Of course now I can also
find average message sizes, etc...
From: Campbell, Rob [mailto:rob_campb...@centraltechnology.net]
Sent: Wednesday, March 10, 2010 1:46 PM
To: MS-Exchange Admin Issues
Subject: RE: SMTP traffic monitoring - thanks Rob!
You're welcome!
Note - that's only getting a fixed number of log entries. If you want to do
daily reporting, we'll need to change that to use a startdate and enddate
calculated from the current datetime.
It should be fine for a quick look at what's hit it recently.
From: David Lum [mailto:david@nwea.org]
Sent: Wednesday, March 10, 2010 3:36 PM
To: MS-Exchange Admin Issues
Subject: RE: SMTP traffic monitoring - thanks Rob!
You sir, and the bomb! Thank you very much I am in business, I now have exactly
what I am looking for.
Thanks again,
Dave
From: Campbell, Rob [mailto:rob_campb...@centraltechnology.net]
Sent: Wednesday, March 10, 2010 12:00 PM
To: MS-Exchange Admin Issues
Subject: RE: SMTP traffic monitoring
There is a hostname field. Whether there's anything in it or not will depend
on whether the client reported it.
Add hostname to the select to add the column.
I could probably script a dns lookup to backfill it after the fact.
It truncates automatically on the screen display.
You can try adding | ft -wrap to make it not truncate.
You can also dump it to .csv with:
Get-messagetrackinglog -server servername -resultsize 100 -eventid RECEIVE
|? {$_.source -eq SMTP} | Select clientip,hostname,totalbytes,timestamp |
export-csv c:\somedir\stmplog.csv -notype
(that should be all on one line)
From: David Lum [mailto:david@nwea.org]
Sent: Wednesday, March 10, 2010 1:42 PM
To: MS-Exchange Admin Issues
Subject: RE: SMTP traffic monitoring
Yep! Is there a way to add 'hostname? Also, is there a way to make it not
truncate Sender - a way to make the default column with something different?
A formatting option I am sure.
From: Campbell, Rob [mailto:rob_campb...@centraltechnology.net]
Sent: Wednesday, March 10, 2010 9:25 AM
To: MS-Exchange Admin Issues
Subject: RE: SMTP traffic monitoring
Does it work with just
| select clientip,totalbytes,timestamp
?
From: David Lum [mailto:david@nwea.org]
Sent: Wednesday, March 10, 2010 11:20 AM
To: MS-Exchange Admin Issues
Subject: RE: SMTP traffic monitoring
Money, this works. Adding ft -auto breaks it though.
From: Campbell, Rob [mailto:rob_campb...@centraltechnology.net]
Sent: Tuesday, March 09, 2010 3:07 PM
To: MS-Exchange Admin Issues
Subject: RE: SMTP traffic monitoring
OK. Let's see if any of them are SMTP
Get-messagetrackinglog -server servername -resultsize 100 -eventid RECEIVE
|? {$_.source -eq SMTP}
From: David Lum [mailto:david@nwea.org]
Sent: Tuesday, March 09, 2010 3:55 PM
To: MS-Exchange Admin Issues
Subject: RE: SMTP traffic monitoring
A bunch of results
From: Campbell, Rob [mailto:rob_campb...@centraltechnology.net]
Sent: Tuesday, March 09, 2010 1:38 PM
To: MS-Exchange Admin Issues
Subject: RE: SMTP traffic monitoring
What does just this much get you?
Get-messagetrackinglog -server servername -resultsize 100 -eventid RECEIVE
From: David Lum [mailto:david@nwea.org]
Sent: Tuesday, March 09, 2010 3:35 PM
To: MS-Exchange Admin Issues
Subject: RE: SMTP traffic monitoring
My hub server. I can run the canned tracking tool GUI fine, but running that in
the PS window gives me nothing.
From: Campbell, Rob [mailto:rob_campb...@centraltechnology.net]
Sent: Tuesday, March 09, 2010 1:27 PM
To: MS-Exchange Admin Issues
Subject: RE: SMTP traffic monitoring
That's weird.
Are you checking your mail server logs, or your hub transport logs?
These events will only show up on the hub transport servers.
From: David Lum [mailto:david@nwea.org]
Sent: Tuesday, March 09, 2010 2:35 PM
To: MS-Exchange Admin Issues
Subject: RE: SMTP traffic monitoring
Thanks for this. It just comes back with the prompt...no error, but no output..
From: Campbell, Rob [mailto:rob_campb...@centraltechnology.net]
Sent: Tuesday, March 09, 2010 8:30 AM
To: MS-Exchange Admin Issues
Subject: RE: SMTP traffic monitoring
Missed the closing quote on SMTP
Get-messagetrackinglog -server servername -resultsize 100 -eventid RECEIVE
RE: SMTP traffic monitoring - thanks Rob!
I use it every day. Once you get used to it, it's a lot quicker to just type
in get-mailbox username | fl * than to navigate through the gui to get to it.
Most of the cmdlets accept wildcards on the identity parameter, so I can do
get-mailbox rob*, get-mailbox *rob or even get-mailbox *rob* and find a mailbox
a lot quicker than I can by waiting for the EMC to populate and setting up a
search filter.
From: David Lum [mailto:david@nwea.org]
Sent: Thursday, March 11, 2010 8:16 AM
To: MS-Exchange Admin Issues
Subject: RE: SMTP traffic monitoring - thanks Rob!
Agreed! I used to be pretty proficient with DOS back in the day and even today
I still write batch files to accomplish various tasks - barely a week goes by
that I don't create one), so Powershell isn't all that intimidating I just
don't need it very often.
From: Campbell, Rob [mailto:rob_campb...@centraltechnology.net]
Sent: Wednesday, March 10, 2010 2:33 PM
To: MS-Exchange Admin Issues
Subject: RE: SMTP traffic monitoring - thanks Rob!
Powershell is good stuff :)
From: David Lum [mailto:david@nwea.org]
Sent: Wednesday, March 10, 2010 4:31 PM
To: MS-Exchange Admin Issues
Subject: RE: SMTP traffic monitoring - thanks Rob!
I just needed to get a feel for what's hit the SMTP server in the last 30 days
(err, 350,000 records after changing the result size). Of course now I can also
find average message sizes, etc...
From: Campbell, Rob [mailto:rob_campb...@centraltechnology.net]
Sent: Wednesday, March 10, 2010 1:46 PM
To: MS-Exchange Admin Issues
Subject: RE: SMTP traffic monitoring - thanks Rob!
You're welcome!
Note - that's only getting a fixed number of log entries. If you want to do
daily reporting, we'll need to change that to use a startdate and enddate
calculated from the current datetime.
It should be fine for a quick look at what's hit it recently.
From: David Lum [mailto:david@nwea.org]
Sent: Wednesday, March 10, 2010 3:36 PM
To: MS-Exchange Admin Issues
Subject: RE: SMTP traffic monitoring - thanks Rob!
You sir, and the bomb! Thank you very much I am in business, I now have exactly
what I am looking for.
Thanks again,
Dave
From: Campbell, Rob [mailto:rob_campb...@centraltechnology.net]
Sent: Wednesday, March 10, 2010 12:00 PM
To: MS-Exchange Admin Issues
Subject: RE: SMTP traffic monitoring
There is a hostname field. Whether there's anything in it or not will depend
on whether the client reported it.
Add hostname to the select to add the column.
I could probably script a dns lookup to backfill it after the fact.
It truncates automatically on the screen display.
You can try adding | ft -wrap to make it not truncate.
You can also dump it to .csv with:
Get-messagetrackinglog -server servername -resultsize 100 -eventid RECEIVE
|? {$_.source -eq SMTP} | Select clientip,hostname,totalbytes,timestamp |
export-csv c:\somedir\stmplog.csv -notype
(that should be all on one line)
From: David Lum [mailto:david@nwea.org]
Sent: Wednesday, March 10, 2010 1:42 PM
To: MS-Exchange Admin Issues
Subject: RE: SMTP traffic monitoring
Yep! Is there a way to add 'hostname? Also, is there a way to make it not
truncate Sender - a way to make the default column with something different?
A formatting option I am sure.
From: Campbell, Rob [mailto:rob_campb...@centraltechnology.net]
Sent: Wednesday, March 10, 2010 9:25 AM
To: MS-Exchange Admin Issues
Subject: RE: SMTP traffic monitoring
Does it work with just
| select clientip,totalbytes,timestamp
?
From: David Lum [mailto:david@nwea.org]
Sent: Wednesday, March 10, 2010 11:20 AM
To: MS-Exchange Admin Issues
Subject: RE: SMTP traffic monitoring
Money, this works. Adding ft -auto breaks it though.
From: Campbell, Rob [mailto:rob_campb...@centraltechnology.net]
Sent: Tuesday, March 09, 2010 3:07 PM
To: MS-Exchange Admin Issues
Subject: RE: SMTP traffic monitoring
OK. Let's see if any of them are SMTP
Get-messagetrackinglog -server servername -resultsize 100 -eventid RECEIVE
|? {$_.source -eq SMTP}
From: David Lum [mailto:david@nwea.org]
Sent: Tuesday, March 09, 2010 3:55 PM
To: MS-Exchange Admin Issues
Subject: RE: SMTP traffic monitoring
A bunch of results
From: Campbell, Rob [mailto:rob_campb...@centraltechnology.net]
Sent: Tuesday, March 09, 2010 1:38 PM
To: MS-Exchange Admin Issues
Subject: RE: SMTP traffic monitoring
What does just this much get you?
Get-messagetrackinglog -server servername -resultsize 100 -eventid RECEIVE
From: David Lum [mailto:david@nwea.org]
Sent: Tuesday, March 09, 2010 3:35 PM
To: MS-Exchange Admin Issues
Subject: RE: SMTP traffic monitoring
My hub server. I can run the canned tracking tool GUI fine, but running that in
the PS window gives me nothing.
From: Campbell, Rob [mailto:rob_campb...@centraltechnology.net]
Sent: Tuesday, March 09, 2010 1:27 PM
To: MS-Exchange Admin Issues
Subject: RE: SMTP traffic monitoring
That's weird.
Are you checking your mail server logs, or your hub transport logs
RE: SMTP traffic monitoring - thanks Rob!
Meant to send this to the list, but had a synapse misfire
Plug in the server names and email addresses, and schedule this to run on one
of your HT servers every morning, and it'll send you and email with a list of
who's gone over limit.
I send it to our help desk every day so they know who to expect calls from.
$ol = Get-MailboxStatistics -Server servername |? {$_.storagelimitstatus -ne
BelowLimit}
$ol += Get-MailboxStatistics -Server servername |? {$_.storagelimitstatus -ne
BelowLimit}
$disabled = $ol |? {$_.storagelimitstatus -eq MailboxDisabled} | select
displayname
$prohibit_send = $ol |? {$_.storagelimitstatus -eq ProhibitSend} | select
displayname
$report += Mailbox Disabled: `n***`n
foreach($user in $disabled){$report += $($user.displayname).tostring()+ `n}
$report += `n`nProhibit Send: `n***`n
foreach ($user in $prohibit_send){$report += $($user.displayname).tostring() +
`n}
Send email
$mailhost = localhost
$from = from address
$to = to address
$subj = Daily Mailbox Limit Report
$body = $report
$SmtpClient = new-object system.net.mail.smtpClient
$SmtpClient.Host = $mailhost
$mailmessage = New-Object system.net.mail.mailmessage
$mailmessage.from = ($from)
$mailmessage.To.add($to)
$mailmessage.Subject = $subj
$mailmessage.Body = $body
$smtpclient.Send($mailmessage)
From: Campbell, Rob [mailto:rob_campb...@centraltechnology.net]
Sent: Thursday, March 11, 2010 8:31 AM
To: MS-Exchange Admin Issues
Subject: RE: SMTP traffic monitoring - thanks Rob!
I use it every day. Once you get used to it, it's a lot quicker to just type
in get-mailbox username | fl * than to navigate through the gui to get to it.
Most of the cmdlets accept wildcards on the identity parameter, so I can do
get-mailbox rob*, get-mailbox *rob or even get-mailbox *rob* and find a mailbox
a lot quicker than I can by waiting for the EMC to populate and setting up a
search filter.
From: David Lum [mailto:david@nwea.org]
Sent: Thursday, March 11, 2010 8:16 AM
To: MS-Exchange Admin Issues
Subject: RE: SMTP traffic monitoring - thanks Rob!
Agreed! I used to be pretty proficient with DOS back in the day and even today
I still write batch files to accomplish various tasks - barely a week goes by
that I don't create one), so Powershell isn't all that intimidating I just
don't need it very often.
From: Campbell, Rob [mailto:rob_campb...@centraltechnology.net]
Sent: Wednesday, March 10, 2010 2:33 PM
To: MS-Exchange Admin Issues
Subject: RE: SMTP traffic monitoring - thanks Rob!
Powershell is good stuff :)
From: David Lum [mailto:david@nwea.org]
Sent: Wednesday, March 10, 2010 4:31 PM
To: MS-Exchange Admin Issues
Subject: RE: SMTP traffic monitoring - thanks Rob!
I just needed to get a feel for what's hit the SMTP server in the last 30 days
(err, 350,000 records after changing the result size). Of course now I can also
find average message sizes, etc...
From: Campbell, Rob [mailto:rob_campb...@centraltechnology.net]
Sent: Wednesday, March 10, 2010 1:46 PM
To: MS-Exchange Admin Issues
Subject: RE: SMTP traffic monitoring - thanks Rob!
You're welcome!
Note - that's only getting a fixed number of log entries. If you want to do
daily reporting, we'll need to change that to use a startdate and enddate
calculated from the current datetime.
It should be fine for a quick look at what's hit it recently.
From: David Lum [mailto:david@nwea.org]
Sent: Wednesday, March 10, 2010 3:36 PM
To: MS-Exchange Admin Issues
Subject: RE: SMTP traffic monitoring - thanks Rob!
You sir, and the bomb! Thank you very much I am in business, I now have exactly
what I am looking for.
Thanks again,
Dave
From: Campbell, Rob [mailto:rob_campb...@centraltechnology.net]
Sent: Wednesday, March 10, 2010 12:00 PM
To: MS-Exchange Admin Issues
Subject: RE: SMTP traffic monitoring
There is a hostname field. Whether there's anything in it or not will depend
on whether the client reported it.
Add hostname to the select to add the column.
I could probably script a dns lookup to backfill it after the fact.
It truncates automatically on the screen display.
You can try adding | ft -wrap to make it not truncate.
You can also dump it to .csv with:
Get-messagetrackinglog -server servername -resultsize 100 -eventid RECEIVE
|? {$_.source -eq SMTP} | Select clientip,hostname,totalbytes,timestamp |
export-csv c:\somedir\stmplog.csv -notype
(that should be all on one line)
From: David Lum [mailto:david@nwea.org]
Sent: Wednesday, March 10, 2010 1:42 PM
To: MS-Exchange Admin Issues
Subject: RE: SMTP traffic monitoring
Yep! Is there a way to add 'hostname? Also, is there a way to make it not
truncate Sender - a way to make the default column with something different?
A formatting option I am sure.
From: Campbell, Rob [mailto:rob_campb...@centraltechnology.net]
Sent: Wednesday, March 10, 2010 9:25 AM
To: MS-Exchange Admin Issues
Subject: RE: SMTP traffic monitoring
Does it work with just
RE: SMTP traffic monitoring - thanks Rob!
You sir, and the bomb! Thank you very much I am in business, I now have exactly
what I am looking for.
Thanks again,
Dave
From: Campbell, Rob [mailto:rob_campb...@centraltechnology.net]
Sent: Wednesday, March 10, 2010 12:00 PM
To: MS-Exchange Admin Issues
Subject: RE: SMTP traffic monitoring
There is a hostname field. Whether there's anything in it or not will depend
on whether the client reported it.
Add hostname to the select to add the column.
I could probably script a dns lookup to backfill it after the fact.
It truncates automatically on the screen display.
You can try adding | ft -wrap to make it not truncate.
You can also dump it to .csv with:
Get-messagetrackinglog -server servername -resultsize 100 -eventid RECEIVE
|? {$_.source -eq SMTP} | Select clientip,hostname,totalbytes,timestamp |
export-csv c:\somedir\stmplog.csv -notype
(that should be all on one line)
From: David Lum [mailto:david@nwea.org]
Sent: Wednesday, March 10, 2010 1:42 PM
To: MS-Exchange Admin Issues
Subject: RE: SMTP traffic monitoring
Yep! Is there a way to add 'hostname? Also, is there a way to make it not
truncate Sender - a way to make the default column with something different?
A formatting option I am sure.
From: Campbell, Rob [mailto:rob_campb...@centraltechnology.net]
Sent: Wednesday, March 10, 2010 9:25 AM
To: MS-Exchange Admin Issues
Subject: RE: SMTP traffic monitoring
Does it work with just
| select clientip,totalbytes,timestamp
?
From: David Lum [mailto:david@nwea.org]
Sent: Wednesday, March 10, 2010 11:20 AM
To: MS-Exchange Admin Issues
Subject: RE: SMTP traffic monitoring
Money, this works. Adding ft -auto breaks it though.
From: Campbell, Rob [mailto:rob_campb...@centraltechnology.net]
Sent: Tuesday, March 09, 2010 3:07 PM
To: MS-Exchange Admin Issues
Subject: RE: SMTP traffic monitoring
OK. Let's see if any of them are SMTP
Get-messagetrackinglog -server servername -resultsize 100 -eventid RECEIVE
|? {$_.source -eq SMTP}
From: David Lum [mailto:david@nwea.org]
Sent: Tuesday, March 09, 2010 3:55 PM
To: MS-Exchange Admin Issues
Subject: RE: SMTP traffic monitoring
A bunch of results
From: Campbell, Rob [mailto:rob_campb...@centraltechnology.net]
Sent: Tuesday, March 09, 2010 1:38 PM
To: MS-Exchange Admin Issues
Subject: RE: SMTP traffic monitoring
What does just this much get you?
Get-messagetrackinglog -server servername -resultsize 100 -eventid RECEIVE
From: David Lum [mailto:david@nwea.org]
Sent: Tuesday, March 09, 2010 3:35 PM
To: MS-Exchange Admin Issues
Subject: RE: SMTP traffic monitoring
My hub server. I can run the canned tracking tool GUI fine, but running that in
the PS window gives me nothing.
From: Campbell, Rob [mailto:rob_campb...@centraltechnology.net]
Sent: Tuesday, March 09, 2010 1:27 PM
To: MS-Exchange Admin Issues
Subject: RE: SMTP traffic monitoring
That's weird.
Are you checking your mail server logs, or your hub transport logs?
These events will only show up on the hub transport servers.
From: David Lum [mailto:david@nwea.org]
Sent: Tuesday, March 09, 2010 2:35 PM
To: MS-Exchange Admin Issues
Subject: RE: SMTP traffic monitoring
Thanks for this. It just comes back with the prompt...no error, but no output..
From: Campbell, Rob [mailto:rob_campb...@centraltechnology.net]
Sent: Tuesday, March 09, 2010 8:30 AM
To: MS-Exchange Admin Issues
Subject: RE: SMTP traffic monitoring
Missed the closing quote on SMTP
Get-messagetrackinglog -server servername -resultsize 100 -eventid RECEIVE |
? {$_.source -eq SMTP} |
Select clientip,totalbytes,timestamp | ft -auto
From: Campbell, Rob [mailto:rob_campb...@centraltechnology.net]
Sent: Tuesday, March 09, 2010 10:26 AM
To: MS-Exchange Admin Issues
Subject: RE: SMTP traffic monitoring
You can check the SMTP RECEIVE events in the Message Tracking Logs on the hub
transport servers.
Get-messagetrackinglog -server servername -resultsize 100 -eventid RECEIVE |
? {$_.source -eq SMTP} |
Select clientip,totalbytes,timestamp | ft -auto
From: David Lum [mailto:david@nwea.org]
Sent: Tuesday, March 09, 2010 10:09 AM
To: MS-Exchange Admin Issues
Subject: SMTP traffic monitoring
We have Exchange 2007 here and I'd like to be able to see what machines are
passing SMTP traffic though it - how do I do that? it appears that it can
create a CONNECTLOGn.LOG file - is there something that can parse it so I
can view the connections easily?
David Lum // SYSTEMS ENGINEER
NORTHWEST EVALUATION ASSOCIATION
(Desk) 971.222.1025 // (Cell) 503.267.9764
RE: SMTP traffic monitoring - thanks Rob!
You're welcome!
Note - that's only getting a fixed number of log entries. If you want to do
daily reporting, we'll need to change that to use a startdate and enddate
calculated from the current datetime.
It should be fine for a quick look at what's hit it recently.
From: David Lum [mailto:david@nwea.org]
Sent: Wednesday, March 10, 2010 3:36 PM
To: MS-Exchange Admin Issues
Subject: RE: SMTP traffic monitoring - thanks Rob!
You sir, and the bomb! Thank you very much I am in business, I now have exactly
what I am looking for.
Thanks again,
Dave
From: Campbell, Rob [mailto:rob_campb...@centraltechnology.net]
Sent: Wednesday, March 10, 2010 12:00 PM
To: MS-Exchange Admin Issues
Subject: RE: SMTP traffic monitoring
There is a hostname field. Whether there's anything in it or not will depend
on whether the client reported it.
Add hostname to the select to add the column.
I could probably script a dns lookup to backfill it after the fact.
It truncates automatically on the screen display.
You can try adding | ft -wrap to make it not truncate.
You can also dump it to .csv with:
Get-messagetrackinglog -server servername -resultsize 100 -eventid RECEIVE
|? {$_.source -eq SMTP} | Select clientip,hostname,totalbytes,timestamp |
export-csv c:\somedir\stmplog.csv -notype
(that should be all on one line)
From: David Lum [mailto:david@nwea.org]
Sent: Wednesday, March 10, 2010 1:42 PM
To: MS-Exchange Admin Issues
Subject: RE: SMTP traffic monitoring
Yep! Is there a way to add 'hostname? Also, is there a way to make it not
truncate Sender - a way to make the default column with something different?
A formatting option I am sure.
From: Campbell, Rob [mailto:rob_campb...@centraltechnology.net]
Sent: Wednesday, March 10, 2010 9:25 AM
To: MS-Exchange Admin Issues
Subject: RE: SMTP traffic monitoring
Does it work with just
| select clientip,totalbytes,timestamp
?
From: David Lum [mailto:david@nwea.org]
Sent: Wednesday, March 10, 2010 11:20 AM
To: MS-Exchange Admin Issues
Subject: RE: SMTP traffic monitoring
Money, this works. Adding ft -auto breaks it though.
From: Campbell, Rob [mailto:rob_campb...@centraltechnology.net]
Sent: Tuesday, March 09, 2010 3:07 PM
To: MS-Exchange Admin Issues
Subject: RE: SMTP traffic monitoring
OK. Let's see if any of them are SMTP
Get-messagetrackinglog -server servername -resultsize 100 -eventid RECEIVE
|? {$_.source -eq SMTP}
From: David Lum [mailto:david@nwea.org]
Sent: Tuesday, March 09, 2010 3:55 PM
To: MS-Exchange Admin Issues
Subject: RE: SMTP traffic monitoring
A bunch of results
From: Campbell, Rob [mailto:rob_campb...@centraltechnology.net]
Sent: Tuesday, March 09, 2010 1:38 PM
To: MS-Exchange Admin Issues
Subject: RE: SMTP traffic monitoring
What does just this much get you?
Get-messagetrackinglog -server servername -resultsize 100 -eventid RECEIVE
From: David Lum [mailto:david@nwea.org]
Sent: Tuesday, March 09, 2010 3:35 PM
To: MS-Exchange Admin Issues
Subject: RE: SMTP traffic monitoring
My hub server. I can run the canned tracking tool GUI fine, but running that in
the PS window gives me nothing.
From: Campbell, Rob [mailto:rob_campb...@centraltechnology.net]
Sent: Tuesday, March 09, 2010 1:27 PM
To: MS-Exchange Admin Issues
Subject: RE: SMTP traffic monitoring
That's weird.
Are you checking your mail server logs, or your hub transport logs?
These events will only show up on the hub transport servers.
From: David Lum [mailto:david@nwea.org]
Sent: Tuesday, March 09, 2010 2:35 PM
To: MS-Exchange Admin Issues
Subject: RE: SMTP traffic monitoring
Thanks for this. It just comes back with the prompt...no error, but no output..
From: Campbell, Rob [mailto:rob_campb...@centraltechnology.net]
Sent: Tuesday, March 09, 2010 8:30 AM
To: MS-Exchange Admin Issues
Subject: RE: SMTP traffic monitoring
Missed the closing quote on SMTP
Get-messagetrackinglog -server servername -resultsize 100 -eventid RECEIVE |
? {$_.source -eq SMTP} |
Select clientip,totalbytes,timestamp | ft -auto
From: Campbell, Rob [mailto:rob_campb...@centraltechnology.net]
Sent: Tuesday, March 09, 2010 10:26 AM
To: MS-Exchange Admin Issues
Subject: RE: SMTP traffic monitoring
You can check the SMTP RECEIVE events in the Message Tracking Logs on the hub
transport servers.
Get-messagetrackinglog -server servername -resultsize 100 -eventid RECEIVE |
? {$_.source -eq SMTP} |
Select clientip,totalbytes,timestamp | ft -auto
From: David Lum [mailto:david@nwea.org]
Sent: Tuesday, March 09, 2010 10:09 AM
To: MS-Exchange Admin Issues
Subject: SMTP traffic monitoring
We have Exchange 2007 here and I'd like to be able to see what machines are
passing SMTP traffic though it - how do I do that? it appears that it can
create a CONNECTLOGn.LOG file - is there something that can parse it so I
can view the connections easily?
David Lum // SYSTEMS ENGINEER
NORTHWEST EVALUATION ASSOCIATION
(Desk) 971.222.1025 // (Cell) 503.267.9764
RE: SMTP traffic monitoring - thanks Rob!
I just needed to get a feel for what's hit the SMTP server in the last 30 days
(err, 350,000 records after changing the result size). Of course now I can also
find average message sizes, etc...
From: Campbell, Rob [mailto:rob_campb...@centraltechnology.net]
Sent: Wednesday, March 10, 2010 1:46 PM
To: MS-Exchange Admin Issues
Subject: RE: SMTP traffic monitoring - thanks Rob!
You're welcome!
Note - that's only getting a fixed number of log entries. If you want to do
daily reporting, we'll need to change that to use a startdate and enddate
calculated from the current datetime.
It should be fine for a quick look at what's hit it recently.
From: David Lum [mailto:david@nwea.org]
Sent: Wednesday, March 10, 2010 3:36 PM
To: MS-Exchange Admin Issues
Subject: RE: SMTP traffic monitoring - thanks Rob!
You sir, and the bomb! Thank you very much I am in business, I now have exactly
what I am looking for.
Thanks again,
Dave
From: Campbell, Rob [mailto:rob_campb...@centraltechnology.net]
Sent: Wednesday, March 10, 2010 12:00 PM
To: MS-Exchange Admin Issues
Subject: RE: SMTP traffic monitoring
There is a hostname field. Whether there's anything in it or not will depend
on whether the client reported it.
Add hostname to the select to add the column.
I could probably script a dns lookup to backfill it after the fact.
It truncates automatically on the screen display.
You can try adding | ft -wrap to make it not truncate.
You can also dump it to .csv with:
Get-messagetrackinglog -server servername -resultsize 100 -eventid RECEIVE
|? {$_.source -eq SMTP} | Select clientip,hostname,totalbytes,timestamp |
export-csv c:\somedir\stmplog.csv -notype
(that should be all on one line)
From: David Lum [mailto:david@nwea.org]
Sent: Wednesday, March 10, 2010 1:42 PM
To: MS-Exchange Admin Issues
Subject: RE: SMTP traffic monitoring
Yep! Is there a way to add 'hostname? Also, is there a way to make it not
truncate Sender - a way to make the default column with something different?
A formatting option I am sure.
From: Campbell, Rob [mailto:rob_campb...@centraltechnology.net]
Sent: Wednesday, March 10, 2010 9:25 AM
To: MS-Exchange Admin Issues
Subject: RE: SMTP traffic monitoring
Does it work with just
| select clientip,totalbytes,timestamp
?
From: David Lum [mailto:david@nwea.org]
Sent: Wednesday, March 10, 2010 11:20 AM
To: MS-Exchange Admin Issues
Subject: RE: SMTP traffic monitoring
Money, this works. Adding ft -auto breaks it though.
From: Campbell, Rob [mailto:rob_campb...@centraltechnology.net]
Sent: Tuesday, March 09, 2010 3:07 PM
To: MS-Exchange Admin Issues
Subject: RE: SMTP traffic monitoring
OK. Let's see if any of them are SMTP
Get-messagetrackinglog -server servername -resultsize 100 -eventid RECEIVE
|? {$_.source -eq SMTP}
From: David Lum [mailto:david@nwea.org]
Sent: Tuesday, March 09, 2010 3:55 PM
To: MS-Exchange Admin Issues
Subject: RE: SMTP traffic monitoring
A bunch of results
From: Campbell, Rob [mailto:rob_campb...@centraltechnology.net]
Sent: Tuesday, March 09, 2010 1:38 PM
To: MS-Exchange Admin Issues
Subject: RE: SMTP traffic monitoring
What does just this much get you?
Get-messagetrackinglog -server servername -resultsize 100 -eventid RECEIVE
From: David Lum [mailto:david@nwea.org]
Sent: Tuesday, March 09, 2010 3:35 PM
To: MS-Exchange Admin Issues
Subject: RE: SMTP traffic monitoring
My hub server. I can run the canned tracking tool GUI fine, but running that in
the PS window gives me nothing.
From: Campbell, Rob [mailto:rob_campb...@centraltechnology.net]
Sent: Tuesday, March 09, 2010 1:27 PM
To: MS-Exchange Admin Issues
Subject: RE: SMTP traffic monitoring
That's weird.
Are you checking your mail server logs, or your hub transport logs?
These events will only show up on the hub transport servers.
From: David Lum [mailto:david@nwea.org]
Sent: Tuesday, March 09, 2010 2:35 PM
To: MS-Exchange Admin Issues
Subject: RE: SMTP traffic monitoring
Thanks for this. It just comes back with the prompt...no error, but no output..
From: Campbell, Rob [mailto:rob_campb...@centraltechnology.net]
Sent: Tuesday, March 09, 2010 8:30 AM
To: MS-Exchange Admin Issues
Subject: RE: SMTP traffic monitoring
Missed the closing quote on SMTP
Get-messagetrackinglog -server servername -resultsize 100 -eventid RECEIVE |
? {$_.source -eq SMTP} |
Select clientip,totalbytes,timestamp | ft -auto
From: Campbell, Rob [mailto:rob_campb...@centraltechnology.net]
Sent: Tuesday, March 09, 2010 10:26 AM
To: MS-Exchange Admin Issues
Subject: RE: SMTP traffic monitoring
You can check the SMTP RECEIVE events in the Message Tracking Logs on the hub
transport servers.
Get-messagetrackinglog -server servername -resultsize 100 -eventid RECEIVE |
? {$_.source -eq SMTP} |
Select clientip,totalbytes,timestamp | ft -auto
From: David Lum [mailto:david@nwea.org]
Sent: Tuesday, March 09, 2010 10:09 AM
To: MS-Exchange Admin Issues
Subject: SMTP traffic monitoring
We have
RE: SMTP traffic monitoring - thanks Rob!
Powershell is good stuff :)
From: David Lum [mailto:david@nwea.org]
Sent: Wednesday, March 10, 2010 4:31 PM
To: MS-Exchange Admin Issues
Subject: RE: SMTP traffic monitoring - thanks Rob!
I just needed to get a feel for what's hit the SMTP server in the last 30 days
(err, 350,000 records after changing the result size). Of course now I can also
find average message sizes, etc...
From: Campbell, Rob [mailto:rob_campb...@centraltechnology.net]
Sent: Wednesday, March 10, 2010 1:46 PM
To: MS-Exchange Admin Issues
Subject: RE: SMTP traffic monitoring - thanks Rob!
You're welcome!
Note - that's only getting a fixed number of log entries. If you want to do
daily reporting, we'll need to change that to use a startdate and enddate
calculated from the current datetime.
It should be fine for a quick look at what's hit it recently.
From: David Lum [mailto:david@nwea.org]
Sent: Wednesday, March 10, 2010 3:36 PM
To: MS-Exchange Admin Issues
Subject: RE: SMTP traffic monitoring - thanks Rob!
You sir, and the bomb! Thank you very much I am in business, I now have exactly
what I am looking for.
Thanks again,
Dave
From: Campbell, Rob [mailto:rob_campb...@centraltechnology.net]
Sent: Wednesday, March 10, 2010 12:00 PM
To: MS-Exchange Admin Issues
Subject: RE: SMTP traffic monitoring
There is a hostname field. Whether there's anything in it or not will depend
on whether the client reported it.
Add hostname to the select to add the column.
I could probably script a dns lookup to backfill it after the fact.
It truncates automatically on the screen display.
You can try adding | ft -wrap to make it not truncate.
You can also dump it to .csv with:
Get-messagetrackinglog -server servername -resultsize 100 -eventid RECEIVE
|? {$_.source -eq SMTP} | Select clientip,hostname,totalbytes,timestamp |
export-csv c:\somedir\stmplog.csv -notype
(that should be all on one line)
From: David Lum [mailto:david@nwea.org]
Sent: Wednesday, March 10, 2010 1:42 PM
To: MS-Exchange Admin Issues
Subject: RE: SMTP traffic monitoring
Yep! Is there a way to add 'hostname? Also, is there a way to make it not
truncate Sender - a way to make the default column with something different?
A formatting option I am sure.
From: Campbell, Rob [mailto:rob_campb...@centraltechnology.net]
Sent: Wednesday, March 10, 2010 9:25 AM
To: MS-Exchange Admin Issues
Subject: RE: SMTP traffic monitoring
Does it work with just
| select clientip,totalbytes,timestamp
?
From: David Lum [mailto:david@nwea.org]
Sent: Wednesday, March 10, 2010 11:20 AM
To: MS-Exchange Admin Issues
Subject: RE: SMTP traffic monitoring
Money, this works. Adding ft -auto breaks it though.
From: Campbell, Rob [mailto:rob_campb...@centraltechnology.net]
Sent: Tuesday, March 09, 2010 3:07 PM
To: MS-Exchange Admin Issues
Subject: RE: SMTP traffic monitoring
OK. Let's see if any of them are SMTP
Get-messagetrackinglog -server servername -resultsize 100 -eventid RECEIVE
|? {$_.source -eq SMTP}
From: David Lum [mailto:david@nwea.org]
Sent: Tuesday, March 09, 2010 3:55 PM
To: MS-Exchange Admin Issues
Subject: RE: SMTP traffic monitoring
A bunch of results
From: Campbell, Rob [mailto:rob_campb...@centraltechnology.net]
Sent: Tuesday, March 09, 2010 1:38 PM
To: MS-Exchange Admin Issues
Subject: RE: SMTP traffic monitoring
What does just this much get you?
Get-messagetrackinglog -server servername -resultsize 100 -eventid RECEIVE
From: David Lum [mailto:david@nwea.org]
Sent: Tuesday, March 09, 2010 3:35 PM
To: MS-Exchange Admin Issues
Subject: RE: SMTP traffic monitoring
My hub server. I can run the canned tracking tool GUI fine, but running that in
the PS window gives me nothing.
From: Campbell, Rob [mailto:rob_campb...@centraltechnology.net]
Sent: Tuesday, March 09, 2010 1:27 PM
To: MS-Exchange Admin Issues
Subject: RE: SMTP traffic monitoring
That's weird.
Are you checking your mail server logs, or your hub transport logs?
These events will only show up on the hub transport servers.
From: David Lum [mailto:david@nwea.org]
Sent: Tuesday, March 09, 2010 2:35 PM
To: MS-Exchange Admin Issues
Subject: RE: SMTP traffic monitoring
Thanks for this. It just comes back with the prompt...no error, but no output..
From: Campbell, Rob [mailto:rob_campb...@centraltechnology.net]
Sent: Tuesday, March 09, 2010 8:30 AM
To: MS-Exchange Admin Issues
Subject: RE: SMTP traffic monitoring
Missed the closing quote on SMTP
Get-messagetrackinglog -server servername -resultsize 100 -eventid RECEIVE |
? {$_.source -eq SMTP} |
Select clientip,totalbytes,timestamp | ft -auto
From: Campbell, Rob [mailto:rob_campb...@centraltechnology.net]
Sent: Tuesday, March 09, 2010 10:26 AM
To: MS-Exchange Admin Issues
Subject: RE: SMTP traffic monitoring
You can check the SMTP RECEIVE events in the Message Tracking Logs on the hub
transport servers.
Get-messagetrackinglog -server servername -resultsize 100 -eventid RECEIVE |
? {$_.source -eq SMTP} |
Select
