Hello, I have a client who wants some stats on an email address - I think they want to know how popular it has been or what the take up has been, so they want to know how many emails it has received, what times etc etc. To the best of my knowledge you can't do this simply with exchange? and I doubt we will be able to do it retrospectively, but going forward, what would be the best way to achieve this?
You can parse the transaction logs, although if you've got them set to cyclical then you'll have to adjust your logging retention periods
Well this box is set log cyclical, and for a week, problem is client wants this as a going forward thing - as in, from now until they say stop, they want statistics for that period - which would mean logging from now until that point and I just don't think there is space on the box, there is a 50gb log partition, but I think they are going to want this analysis run for quite along time, the only option doing it that way would be to manually collate the info from the logs on a weekly basis, and I don't think I want to do that! The emails go through trend micro hosted email security, which logs all transactions again, but this is only for a week also and that isn't something I can change.
Can you create a powershell script that pulls out the information use >> to add it to a log and then collect those logs when required?
Hmm dunno if you'd get any success with sucking the pertinent parts of the txn logs into a SQL database with the timestamp? Then doing some simple SQL reports? The client has a new requirement, sure enough it requires more disk space to achieve. Have him set how long he wants retention to and then cost to implement it! And don't forget the implications on backups!!! If he accepts the cost, all good. If he doesn't, then he'll have to pick a shorter retention period! You might get away with setting the txn logs to say 10 days instead of 7 days, and every sunday having an automated task run the report. That gives three days to check and re-run it if there's a problem. The report could be stored as a PDF or anything really, and just kept. The downside to this method is unless the report sucks in the whole txn log, it won't have the full level of detail, and then you may as well just buy a couple hard drives and run 'live' reports.
just set exchange to send him detailed server/network reports, then laugh at him, when he complains about all the errors it shows