Search Exchange logs using wildcard values

[James]

Unfortunately the Exchange toolbox will not allow searching to or from fields with wildcard values, only with specific email addresses (or a list of addresses). However, using Exchange Management Shell, you can search the Exchange logs using wildcard values which is useful if you're trying to review all messages to/from a particular domain.

Open Exchange Management Shell

• Start > All Programs > Microsoft Exchange Server 20**
• Open Exchange Management Shell as an administrator (otherwise you may not be able to create your required log file)

Search for any messages sent TO any address at example.com

Get-MessageTrackingLog -ResultSize Unlimited -Start "5/1/2011" -End "5/12/2011" | where{$_.recipients -like "*@example.com"} | select-object Timestamp,SourceContext,Source,EventId,MessageSubject,Sender,{$_.Recipients} | export-csv C:\ExchangeLogResults.txt


Search for any messages sent FROM any address at example.com

Get-MessageTrackingLog -ResultSize Unlimited -Start "5/1/2011" -End "5/12/2011" | where{$_.sender -like "*@example.com"} | select-object Timestamp,SourceContext,Source,EventId,MessageSubject,Sender,{$_.Recipients} | export-csv C:\ExchangeLogResults.txt



*** This applies to Exchange 2003, 2007, & 2010 ***