I'm decommissioning a couple of Exchange 2010 CAS/HT servers that have a couple of weeks of message tracking logs on them. I'd like to move the logs somewhere where they can still be searched using the Get-MessageTrackingLogs cmdlet.
My first thought was to just move them to another CAS/HT server but apparently they are named exactly the same on all of the servers.
Are there any other options?
Best Answer
The "Search Message Tracking Logs" section from the documentation states:
But as the logs are plain text files in a simplistic structure you would be able to rename the log files to integrate them with the existing ones on a different server. The file name is something along
MSTRKyyymmdd-n.logwherenis an increment with a maximum of 9999. If you have not used a copy method which would pertain the last write access time stamp, you probably would want to set the copied files' last write timestamps e.g. using theLastWriteTimeproperty of theFileInfoobject accordingly.Events obviously would not be in a chronological order - this might impact searchability by time (not sure if it really is going to be the case). I simply would try it out with a couple of manually renamed log files and script a renaming function for the rest, if it works out.
You also could pull the data using
Get-MessageTrackingLogand dump it to a file usingExport-Clixmlso you could reload it later and filter on the results using Powershell functions, if needed. This however would require you to use a different function to load the object and deprive you ofGet-MessageTrackingLog-specific filters.