Customise Exchange 2016/9 tracking logs to include values from X-headers

Question

Customise Exchange 2016/9 tracking logs to include values from X-headers

NASH Martyn 6

Hi,

Does anyone know how to I can enhance the message tracking logs of Exchange 2016/9 to include the value of a custom X-Header in the emails?

For example, my customer has Outlook automatically put an x-header in every message. They have now asked me to produce audit data of all mails, to, from date, time etc, but to also include the value of this X-header.

Message tracking Logs contain all the other values they want audited.

Thanks in advance.

Martyn

Joyce Shen - MSFT 16,366 Reputation points Microsoft Vendor

2020-12-04T07:45:02.027+00:00

Hi @NASH Martyn

Do suggestions below help?
Joyce Shen - MSFT 16,366 Reputation points Microsoft Vendor

2020-12-10T01:55:29.617+00:00

Hi @NASH Martyn

Any update?
NASH Martyn 6 Reputation points

2020-12-10T21:14:36.137+00:00

So far I have not managed to work out how to do this, i appreciate the guidance to say you can't customize the tracking logs, but my issue still remains. Currently looking at the possibility of using a third party add-on Trustwave for Exchange, which has far more capabilities to interrogate message content on the fly and produce detailed logs.
Andy David - MVP 115.3K Reputation points MVP

2020-12-10T21:55:34.077+00:00

Thats probably a reasonable way to go. Nothing native in Exchange on-prem can really be leveraged here to do this other than some really clunky solution.

Joyce Shen - MSFT 16,366 Reputation points Microsoft Vendor

2020-12-04T07:45:02.027+00:00

Hi @NASH Martyn

Do suggestions below help?
Joyce Shen - MSFT 16,366 Reputation points Microsoft Vendor

2020-12-10T01:55:29.617+00:00

Hi @NASH Martyn

Any update?
NASH Martyn 6 Reputation points

2020-12-10T21:14:36.137+00:00

So far I have not managed to work out how to do this, i appreciate the guidance to say you can't customize the tracking logs, but my issue still remains. Currently looking at the possibility of using a third party add-on Trustwave for Exchange, which has far more capabilities to interrogate message content on the fly and produce detailed logs.
Andy David - MVP 115.3K Reputation points MVP

2020-12-10T21:55:34.077+00:00

Thats probably a reasonable way to go. Nothing native in Exchange on-prem can really be leveraged here to do this other than some really clunky solution.

Answer 1

You arent going to be able to grab those from the message logs
If you were in Exchange Online, you could see what rules were triggered for a message in message tracking, but that funcationality doesnt exist on-prem

https://learn.microsoft.com/en-us/archive/blogs/eopfieldnotes/auditing-transport-rules

(Even though in on-prem EAC the option is there, that option on-prem is for incident report generation and that gets stamped in the message tracking logs. )

Answer 2

Hi @NASH Martyn

I agree with Andy, your requirement is hard to achieve. X-header is not recorded in the message tracking log.

And the information recorded in the message tracking log here: Fields in the message tracking log files

We are not able to customize the fields in message tracking log.

If an Answer is helpful, please click "Accept Answer" and upvote it.

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Customise Exchange 2016/9 tracking logs to include values from X-headers

2 answers

Activity