Processing Exchange 2010 Message Tracking Log files with Python

So my day job includes doing some work on MS Exchange 2010.  I'm a stats guy and like digging in the log files to get details on the systems I work with.

I was asked to pull some stats out of Exchange and went straight into the Message Tracking logs.

By the unwritten laws of loggiles you will get a ton of information, some of which you don't need.  I identified the fields important to me and wrote this python script to parse a folder full of log files into a summarised set of .csv files that you can process further.

In my test case, I copy the log files from 4 production servers into a dev box and then run the script there.  This way there is a minimal performance / disk impact to the production users.

I am *NOT* a python programmer so make fun of the code if you wish, I won't be offended.  This script is basically a product of much googling and reading of docs.python.org.


# parse Exchange 2010 MessageTracker Log Files
# (c) Ian Stoffberg
# 0) make folders source and output in the same folder as the script
# 1) put all the exchange logs you want to strip down into the source folder 
# 2) delete the output filename output\output.csv
# 3) run script (i use cygwin)
# 4) import output.csv into excel


import os
import string

# sourcefolder
logdir = ".\source"

# outputfile contains the message events
outputfile = ".\output\output.csv"

# outputfile2 contains the expanded list of recipients and the domain per message
outputfile2 = ".\output\messages.csv"

writer = open(outputfile,"a")
messagewriter = open(outputfile2,"a")

# wanted is the list of columns you want to keep
wanted = [1,3,5,9,10,14,15,18,19,20,22]
logs = os.listdir(logdir)
messagewriter.write('emaildate,messageid,recipientemail,domain\n')

for log in logs:
        logfiles = open("%s%s%s" % (logdir, os.sep, log)).readlines()
        for line in logfiles:
                try:
                  # next line discards commented lines
                  if line[1] != '#':
                    myinputrow = line.split(',')
                    eventid = myinputrow[8]
                    # I am discard other event types ( you might want to see those )
                    if eventid == 'SEND' or eventid == 'RECEIVE':

                      myoutputline = ''
                      for item in wanted:
                        myoutputline = myoutputline + myinputrow[item-1] + ','
                      writer.write(myoutputline + '\n')
                      recips = myinputrow[11].split(';')
                      i = 0
                      while recips[i] != '' :
                          emaildate = myinputrow[0].split('T')
                                         emaildate = emaildate[0]
                         domain = recips[i].split('@')
                                         domain = domain[1]
                          messagewriter.write(emaildate + ',' + myinputrow[9] + ',' + recips[i] + ',' + domain + '\n')
                          i = i + 1
                      
                except:
                    print ''

writer.close


--------------------
This is the basic version I first wrote.  I have since tweaked it for my needs, but i figure any scripting guy could adapt this to their needs.

Once you have this info, the sky's the limit.

I imported the data into SQL, created some views based on it and linked to other system data.
I then created reports in Reporting Services which will be available for Managers/Administrators to query.

Why I prefer python to other scripting tools in this instance.  The code executes fairly quickly.  Its very readable and logical to follow).  Its easy to move the python interpreter between machines.  

There is a big bug which I will fix and post later.  If subject field has comma's in, the script might get confused.  need to test.

Final note:  If you're not too familiar with python, some words of advice.  WHITE SPACE MATTERS.  Every indent is there for a reason.  if , while, for statements have indents to indicate program structure.  It affects logic and is not there to make the code readable, but affect its function.  Mix spaces & tabs at your peril.

I hope this is of use to admins out there and can easily be adapted for any type of .csv log.

Tested on Exchange 2010 SP1.  Log formats may differ in other systems.
----
edit: version 2 on the way.  substantially improved.  fixed the subject comma bug, etc.

Comments

Post a Comment

Popular posts from this blog

Are any of you interest in being part of a coding sub-community of GGG+ One of the things I enjoy most about G+ and the communities that formed around Elite Dangerous has been the gathering of personalities that seem to share a lot of hobbies and interests. Many walks of life and philosophies interested in overlapping topics like music, tv, movies, humour, food, wine, etc. One of my hobbies has always been coding. The past is littered with 100's of started projects and abandoned code. Clearly, I haven't been an 'completionist' or 'achievement unlocked' kind of person in this regard. I guess in my case, I was not able to sustain that level of drive and enthusiasm for most of those pet projects. With Unity, I've found a system that allows me to express my gameplay idle thoughts as something tangible and I've started watching tutorials and putting objects on the screen and animating them. The results have been quick and rewarding and I'm starting t
Read more

Unlocking Hera Tani

Unlocking Hera Tani This is just so pointless. 4 trips for no good reason other than waste time. It's probably going to take me 4 days. I can't imagine that the same people who brought my favourite game back to life could come up with such a useless system as the various engineering unlocks and crafting system that you HAVE to do to progress meaningfully. I'm just in a miserable mood. Sorry. God knows if I'm ever going to mine the necessary 250t of whotsits...
Read more

So, in the spirit of Elite Stories, thought I'd share my perspective of last night.

So, in the spirit of Elite Stories, thought I'd share my perspective of last night. We had barely met and there we were suiting up and using our limited funds to buy guns, ammo and gear for the mission we'd been thrust into. It wasn't an honour we'd earned. Others had died, we were next. There were no reinforcements. Nobody was coming to save us. In fact, quite the opposite was true. We were going in to rescue a squad who were sheltered and taking fire. They had sustained heavy losses and couldn't hang on much longer. We headed purposefully down the streets, checking our guns and making sure we had our grenades and medpacks on standby. It was brutal, but we made it to the rendezvous, battling past waves of patrols sent to stop us. We were in trouble, but there was always a teammate to lend a hand or a hail of bullets. Somehow we made it. Learning to watch our for each other and keeping a wary eye out for signs of sniper activity. We scavenged more ammo and m
Read more