If you ever need to work directly with Exchange 2007 Message Tracking Logs, you'll need to parse out the fields from the log entries.  It's a csv file so you should be able to just split it at the commas, right?  Maybe, and then again maybe not.  If you've got subject logging enabled, then you've got subject lines which might contain commas, and suddenly you can't trust that field or anything downstream from it to split properly.

It seems that Exchange will quote any subject lines that contain commas or quotes, and re-quotes existing quotes in a subject line.  Otherwise it leaves everything unquoted.  This splits the record at the commas, then checks to see if the subject line begins with a quote.  If it does, it reverts to parsing out the subject line and remaing fields in the record with a capturing regex.  So far it's produced reliable results with the sample log files I've given it.

$log = gc $logfile
foreach ($record in $log){
if ($record.startswith("2")){

$rec = $record -split ","

$date_time = $recΎ]
$client_ip = $recΏ]
$client_hostname = $recΐ]
$server_ip = $recΑ]
$server_hostname = $recΒ]
$source_context = $recΓ]
$connector_id = $recΔ]
$source = $recΕ]
$event_id = $recΖ]
$internal_message_id = $recΗ]
$message_id = $rec⎖]
$recipient_address = $rec⎗]
$recipient_status = $rec⎘]
$total_bytes = $rec⎙]
$recipient_count = $rec⎚]
$related_recipient_address = $rec⎛]
$reference = $rec⎜]
$message_subject = $rec⎝]
$sender_address = $rec⎞]
$return_path = $rec⎟]
$message_info = $rec⎠]

if ($message_subject.startswith('"')){
$record -match '^.+\,(".+")\,(.+)\,(.+)\,(.*)$'
$message_subject = $matchesΏ]
$sender_address = $matchesΐ]
$return_path = $matchesΑ]
$message_info = $matchesΒ]
}

}

}