You want to retrieve all message audit logs for a specific time frame from Symantec Messaging Gateway (SMG).
This is not possible on a high traffic system since the MAL is limited to 1,000 returned messages.
It is possible to retrieve a very high number of MAL entries through the command line and the command malquery.
Malquery takes the following format:
The output format of malquery is XML, so you can send it to an ftp server and then import it into a database and continue working with it.
A suggestion for a daily (scripted) retrieval for all messages would be:
malquery -p 1d -e "RCPTS*@" -m 1000000000 -o ftp://user:password@<ipofyourftpserver>/path/filename
If you want all messages and all attempted connections:
malquery -p 1d -q "ACCEPT*." -m 1000000000 -o ftp://user:password@<ipofyourftpserver>/path/filename
For the retrieval of all messages with attachments, an example could be:
malquery -p 1d -q "ATTACH*." -m 1000000000 -o ftp://user:password@<ipofyourftpserver>/path/filename
Retrieving all messages that permanently failed in the last day: