Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


How do I get Exchange to write to the Event Log when email is received from a specific email address?

Posted on 2007-10-07
Medium Priority
Last Modified: 2010-03-06
We use a WIndows 2003 Server, with Exchange 2003 SP2 installed. This server often interfaces with an AIX based UNIX server.
Both of these servers utilise a high-speed link for real-time replication, our industry sector requirements forcing us to do so.
Sometimes, if there is an issue with the link or otherwise, the UNIX servers involved in the replication set can get out of sync or "stale". When this happens, the UNIX box initiates an email via Exchange to a group to inform us that the members of the set are stale.
We use monitoring software (Servers Alive, by Woodstone) to alert, via SMS and Email, ICQ etc... when various problems occur, but so far we have not been able to achieve this monitoring for when the set goes stale.
The monitoring software can watch the Event Log in Windows and alert when a certain event is logged.

I was wondering if anybody knew of a way to force Exchange to write an event in the Windows Server Event Log when an email is received from a certain specified email address?

Regards and Thanks In Advance

Question by:MMBS
LVL 58

Accepted Solution

tigermatt earned 1000 total points
ID: 20032550
Exchange doesn't have the ability to write events to the Event Log natively. Instead, it utilises its own event log which can be managed through System Manager known as "Message Tracking". http://www.amset.info/exchange/message-tracking.asp

That writes to event logs within the Exchange installation directory, so you would need to examine that file at regular intervals to see if the email address is present in there. It is a simple text file so searching should be very easy.

LVL 104

Assisted Solution

Sembee earned 1000 total points
ID: 20033573
The only problem with message tracking is that the file is locked by Exchange during the day that it is being used. Message tracking cannot be used for any real time monitoring unless the services are stopped to release the lock.

An event sink might do it, but you would probably have to get one written. Another option would be something watching the SMTP traffic flow. AV or Antispam software may be adapted to do that.


If your question has been answered, pleased remember to accept the answer and close the question.

Author Comment

ID: 20090924
Many thanks to both Tigermatt and Sembee.

I have given points for both answers as we ended up building a solution using flagging files to detect when something had happened.
Both of the answers given sparked the idea in my head and we built a solution from them.

Many thanks to you both for your information and insight.

Much appreciated - and we now sleep a little better knowing that if something goes wrong with a particular area of our system, we will shortly know.


Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, I will demonstrate that how to do a PST migration from Exchange Server to Office 365. This method allows importing one single PST, or multiple PST's at once.
Among the most obnoxious of Exchange errors is error 1216 – Attached Database Mismatch error of the Jet Database Engine. When faced with this error, users may have to suffer from mailbox inaccessibility and in worst situations, permanent data loss.
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
how to add IIS SMTP to handle application/Scanner relays into office 365.
Suggested Courses
Course of the Month10 days, 10 hours left to enroll

572 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question