Parsing exchange logs

Hello,

I'm trying to parse exchange logs with log parser.

Here I need to add, FROM and TO mail address. (RCPT To and MAIL From)

./LogParser.exe "SELECT EXTRACT_PREFIX(remote-endpoint,0,':') as IP,REVERSEDNS(EXTRACT_PREFIX(remote-endpoint,0,':')) as Name, COUNT(*) AS Hits, TO_LOCALTIME(TO_TIMESTAMP(EXTRACT_PREFIX(TO_STRING([#Fields: date-time]),0,'T'), 'yyyy-MM-dd')) AS LogDate from 'C:\Program Files\Microsoft\Exchange Server\V14\TransportRoles\Logs\ProtocolLog\SmtpReceive\*.log' WHERE data LIKE '%EHLO%' GROUP BY LogDate,IP ORDER BY Hits DESC" -i:CSV -nSkipLines:4 -O:CSV >> c:\temp\ReceiveConnectorMailFlow.csv

Log

#Fields: date-time,connector-id,session-id,sequence-number,local-endpoint,remote-endpoint,event,data,context
2020-03-10T09:39:04.347Z,X\Inbound SMTP relay,08D79C80806B8DD4,2,10.193.100.165:25,10.193.100.4:20706,>,"220 sxx Microsoft ESMTP MAIL Service ready at Tue, 10 Mar 2020 10:39:04 +0100",
2020-03-10T09:39:04.363Z,X\Inbound SMTP relay,08D79C80806B8DD4,3,10.193.100.165:25,10.193.100.4:20706,<,EHLO 
2020-03-10T09:39:04.363Z,X\Inbound SMTP relay,08D79C80806B8DD4,4,10.193.100.165:25,10.193.100.4:20706,>,
2020-03-10T09:39:04.378Z,X\Inbound SMTP relay,08D79C80806B8DD4,43,10.193.100.165:25,10.193.100.4:20706,<,MAIL From:<xx@xx.com> SIZE=12124,
2020-03-10T09:39:04.378Z,X\Inbound SMTP relay,08D79C80806B8DD4,46,10.193.100.165:25,10.193.100.4:20706,<,RCPT To:<xx@xx.com> NOTIFY=NEVER,

Thanks

Tomás Esteban Corey

0 Replies

Products (50)

Special Topics (27)

Video Hub (462)

Most Active Hubs

Most Active Hubs

Video Hub

Parsing exchange logs

Parsing exchange logs