o365 send/receive logs on smtp level / audit logs

%3CLINGO-SUB%20id%3D%22lingo-sub-878730%22%20slang%3D%22en-US%22%3Eo365%20send%2Freceive%20logs%20on%20smtp%20level%20%2F%20audit%20logs%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-878730%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Ewe%20are%20trying%20to%20grab%2Fdownload%20the%20send%20and%20receive%20logs%20on%20smtp%20level%20from%20o365.%20so%20we%20can%20track%26nbsp%3B%20mailbox%20send%2Frecv%20as%20audit.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMay%20i%20know%20how%20we%20can%20automate%20and%20download%20the%20logs%20from%20python%2Fpowershell%20except%20from%20the%20UI.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIs%20there%20any%20better%20way%20to%20pull%20this%20info%3F%20Please%20advise!%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-878730%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EExchange%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOffice%20365%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-879638%22%20slang%3D%22en-US%22%3ERe%3A%20o365%20send%2Freceive%20logs%20on%20smtp%20level%20%2F%20audit%20logs%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-879638%22%20slang%3D%22en-US%22%3E%3CP%3ENope%20afaik.%20You%20can%20automate%20requesting%20the%20logs%2C%20but%20the%20URL%20from%20which%20you%20can%20download%20them%20is%20behind%20an%20auth%20wall%2C%20and%20doesn't%20seem%20to%20accept%20any%20of%20the%20standard%20methods%20to%20authenticate%20(including%20via%20Graph).%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-880296%22%20slang%3D%22en-US%22%3ERe%3A%20o365%20send%2Freceive%20logs%20on%20smtp%20level%20%2F%20audit%20logs%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-880296%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F58%22%20target%3D%22_blank%22%3E%40Vasil%20Michev%3C%2FA%3EThanks%2C%20May%20i%20know%20what%20the%20API%20endpoint%20will%20to%20get%20the%26nbsp%3B%20SMTP%20send%2Frecv%20logs%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Ewe%20do%20have%20account%20for%200365%20and%20can%20automate%2C%20if%20we%20know%20the%20correct%20Endpoint%2Fsome%20method.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EFrom%20the%20GUI%2C%20we%20see%20the%20%22mail%20flow%22%20logs%2C%20but%20not%20sure%20how%20we%20get%20over%20the%26nbsp%3B%20correct%20API%2Fendpoint.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Ewe%20see%20we%20can%20get%20from%20the%20powershell%20as%20well%2FGUI%2C%20but%20somehow%20we%20want%20to%20automate%20this%20using%20API%20endpoint%3A%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fwww.codetwo.com%2Fadmins-blog%2Fmessage-tracking-office-365%2F%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fwww.codetwo.com%2Fadmins-blog%2Fmessage-tracking-office-365%2F%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fwww.urtech.ca%2F2018%2F11%2Fsolved-how-to-perform-a-message-trace-in-office365-exchange-online%2F%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fwww.urtech.ca%2F2018%2F11%2Fsolved-how-to-perform-a-message-trace-in-office365-exchange-online%2F%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Ewould%20be%20great%26nbsp%3B%20if%20you%2Fsomeone%20can%20help%20to%20point%20the%20correct%20API%20endpoint.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-880763%22%20slang%3D%22en-US%22%3ERe%3A%20o365%20send%2Freceive%20logs%20on%20smtp%20level%20%2F%20audit%20logs%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-880763%22%20slang%3D%22en-US%22%3E%3CP%3EThat's%20the%20issue%2C%20we%20simply%20don't%20know.%20Microsoft%20never%20published%20any%20details%20about%20it%2C%20and%20the%20only%20supported%20way%20for%20getting%20the%20CSV%20files%20is%20via%20the%20browser.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ENow%20if%20you%20are%20only%20interested%20in%20the%20%22regular%22%20message%20trace%2C%20that%20can%20be%20easily%20automated%2C%20here's%20a%20sample%20script%3A%26nbsp%3B%3CFONT%20style%3D%22background-color%3A%20%23ffffff%3B%22%3E%3CA%20href%3D%22https%3A%2F%2Fgallery.technet.microsoft.com%2Fscriptcenter%2FOffice-365-Mail-Traffic-afa37da1%23content%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fgallery.technet.microsoft.com%2Fscriptcenter%2FOffice-365-Mail-Traffic-afa37da1%23content%3C%2FA%3E%3C%2FFONT%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
New Contributor

Hi,

 

we are trying to grab/download the send and receive logs on smtp level from o365. so we can track  mailbox send/recv as audit.

 

May i know how we can automate and download the logs from python/powershell except from the UI.

 

Is there any better way to pull this info? Please advise!

 

3 Replies
Highlighted

Nope afaik. You can automate requesting the logs, but the URL from which you can download them is behind an auth wall, and doesn't seem to accept any of the standard methods to authenticate (including via Graph).

Highlighted

@Vasil MichevThanks, May i know what the API endpoint will to get the  SMTP send/recv logs?

 

we do have account for 0365 and can automate, if we know the correct Endpoint/some method.

 

From the GUI, we see the "mail flow" logs, but not sure how we get over the  correct API/endpoint.

 

we see we can get from the powershell as well/GUI, but somehow we want to automate this using API endpoint:

https://www.codetwo.com/admins-blog/message-tracking-office-365/

 

https://www.urtech.ca/2018/11/solved-how-to-perform-a-message-trace-in-office365-exchange-online/

 

would be great  if you/someone can help to point the correct API endpoint.

Highlighted

That's the issue, we simply don't know. Microsoft never published any details about it, and the only supported way for getting the CSV files is via the browser.

 

Now if you are only interested in the "regular" message trace, that can be easily automated, here's a sample script: https://gallery.technet.microsoft.com/scriptcenter/Office-365-Mail-Traffic-afa37da1#content