This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(166.4, 17%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENM%3C/text%3E%3C/svg%3E)
Hi,
Does anyone know how to I can enhance the message tracking logs of Exchange 2016/9 to include the value of a custom X-Header in the emails?
For example, my customer has Outlook automatically put an x-header in every message. They have now asked me to produce audit data of all mails, to, from date, time etc, but to also include the value of this X-header.
Message tracking Logs contain all the other values they want audited.
Thanks in advance.
Martyn
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(25.6, 67%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJS%3C/text%3E%3C/svg%3E)
Hi @NASH Martyn
Do suggestions below help?
Hi @NASH Martyn
Any update?
So far I have not managed to work out how to do this, i appreciate the guidance to say you can't customize the tracking logs, but my issue still remains. Currently looking at the possibility of using a third party add-on Trustwave for Exchange, which has far more capabilities to interrogate message content on the fly and produce detailed logs.
Thats probably a reasonable way to go. Nothing native in Exchange on-prem can really be leveraged here to do this other than some really clunky solution.
You arent going to be able to grab those from the message logs
If you were in Exchange Online, you could see what rules were triggered for a message in message tracking, but that funcationality doesnt exist on-prem
https://learn.microsoft.com/en-us/archive/blogs/eopfieldnotes/auditing-transport-rules
(Even though in on-prem EAC the option is there, that option on-prem is for incident report generation and that gets stamped in the message tracking logs. )
Hi @NASH Martyn
I agree with Andy, your requirement is hard to achieve. X-header is not recorded in the message tracking log.
And the information recorded in the message tracking log here: Fields in the message tracking log files
We are not able to customize the fields in message tracking log.
If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.