Read Message Tracking Logs from Exchange Online using Powershell

In this article, I am going explain how to retrieve message tracking logs from Office 365 and export message traffic logs to csv file. We can use the Exchange Online powershell cmdlet Get-MessageTrace to get logs. Exchange Online stores logs for 30 days, but if you need to store them for longer, you can download logs and store it in your own database.

Before proceed, first connect a PowerShell session to Exchange Online by using the following commands, enter Office 365 admin credentials when prompted:

$365Logon = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $365Logon -Authentication Basic -AllowRedirection
Import-PSSession $Session

After connecting Exchange Online service, run the following command to retrieve message trace logs for last 7 days:

$dateStart = ([system.DateTime]::Now.AddDays(-7))
$dateEnd = ([system.DateTime]::Now) 
Get-MessageTrace -StartDate $dateStart -EndDate $dateEnd | Select Received,SenderAddress,
RecipientAddress,Subject,Status | FT

Export message trace logs to CSV

You can export the message tracking logs to csv file by using below command:

$dateStart = ([system.DateTime]::Now.AddDays(-7))
$dateEnd = ([system.DateTime]::Now) 
Get-MessageTrace -StartDate $dateStart -EndDate $dateEnd | Select Received,SenderAddress,
RecipientAddress,Subject,Status,Size | Export-Csv C:MessageTraceLogs.csv -NoTypeInformation

Filter message trace Logs

You can apply filter by using the options available in Get-MessageTrace cmdlet. The following command retrieves message trace logs sent by [email protected] between Mar 1, 2016 and Mar 10, 2016.

Get-MessageTrace -SenderAddress [email protected] -StartDate 03/01/2016 -EndDate 03/10/2016

The following command retrieves only successfully Delivered messages for last 7 days:

Get-MessageTrace -Status Delivered -StartDate 03/01/2016 -EndDate 03/10/2016

You can also filter logs by using Where-Object cmdlet after getting logs from Get-MessageTrace. The following command retrieves logs that successfully delivered and sent by [email protected]

Get-MessageTrace -StartDate 03/01/2016 -EndDate 03/10/2016 |
Where-Object {$_.SenderAddress -eq '[email protected]' -and $_.Status -eq 'Delivered' }

Page Size (Result Size)

By default the Get-MessageTrace cmdlet returns only 1000 logs, you can control this size by using the parameter PageSize. The PageSize parameter specifies the maximum number of entries per page. Valid input for this parameter is an integer between 1 and 5000.

Get-MessageTrace -StartDate 03/01/2016 -EndDate 03/10/2016 -PageSize 5000

The Get-MessageTrace cmdlet will returns only maximum of 5000 logs. You have to restrict results by using the options available in the cmdlet ( like Status,SenderAddress.StartDate,etc… ) to get more specific logs.

If you have large number of records (over 5000) to fetch in last 30 days, you have to read logs page by page and store results in csv. You can achieve this by downloading this technet gallery script: https://gallery.technet.microsoft.com/scriptcenter/Export-Mail-logs-to-CSV-d5b6c2d6