Retrieve Message Tracking Logs from Exchange Online and EOP
Organizations moving from on-premises to Exchange Online sometimes have requirements to retrieve and store message tracking logs for a non-negotiable period of time.
Exchange Online Protection stores logs for upwards of 30 days, but if you need to store them for longer, you can download logs from Exchange Online using PowerShell.
First connect a PowerShell session to Exchange Online using the following commands, entering administrative credentials when prompted:
$cred = Get-Credential
$session = New-PSSession -ConfigurationName Microsoft.Exchange -Authentication Basic -ConnectionUri https://ps.outlook.com/powershell -AllowRedirection:$true -Credential $credImport-PSSession $session
After connecting to the service, we can then download the previous days logs, for example:
Get-MessageTrace -StartDate "09/15/2013 00:00:00" -EndDate "09/16/2013 00:00:00" | Select MessageID,Received,*Address,*IP,Subject,Status,Size | Export-Csv 20130915.csv -NoTypeInformation
If you wish to automate this into a script, you can use the following command which will automatically populate yesterday's date. You'll see the following script retrieves the previous days log files with the date fields automatically populated.
Get-MessageTrace -StartDate ([DateTime]::Today.AddDays(-1)) -EndDate ([DateTime]::Today) | Select MessageID,Received,*Address,*IP,Subject,Status,Size | Export-Csv "$((get-date ([DateTime]::Today.AddDays(-1)) -Format yyyyMMdd)).csv" -NoTypeInformation
This will allow you to keep logs on local storage and meet requirements that require you to keep logs for longer than Exchange Online / Exchange Online Protection for Exchange allows.