I have been asked by a customer to look at creating some reporting based on Exchange Message Log files.
Some of what they want I think can be retrieved from these, other info can't. I have been sent an example log file but its not clear to me what some of the information contained actually means.
1. Can anyone point me to a schema which would explain what different elements mean?
#Fields: date-time,client-ip,client-hostname,server-ip,server-hostname,source-context,connector-id,source,event-id,internal-message-id,message-id,recipient-address,recipient-status,total-bytes,recipient-count,related-recipient-address,reference,message-subject,sender-address,return-path,message-info,directionality,tenant-id,original-client-ip,original-server-ip,custom-data
For example event-id contains: Receive, deliver, resolve, transfer...
2. Is there any way to determine if a message is a forward or a reply of a previous message (apart from looking at the subject for FW: RE: - and would that even work?)
3. Any advice (other than don't even think about starting this) or suggested reading - or other people who have done similar?