Messaging Gateway (SMG) logs administrative actions taken in the Control Center to a local Brightmail_Admin_Events log file. Admin audit events can also be logged to a remote syslog server through the configuration of Administration > Logs > Remote.

Messaging Gateway

To configure remote logging of admin event logs, the Control Center will need to be configured to use syslog logging to a remote server. Once remote logging is configured, admin audit events will be remotely logged using the syslog authpriv facility.

1. Log into the Control Center as an administrator
2. Go to Administration > Logs > Remote
3. Select Control Center from the server list
4. Configure the syslog server IP
5. Configure the port. The default is set to the standard syslog port of 514
6. Select either the UDP (recommended) or TCP protocol
7. Click Save

You can configure one SIEM per one SMG host. It means if your only host is a combo box (Control Center + Scanner) you can sync only one SIEM with it. If you have two hosts - a Control Center and a Scanner - you can sync two different SIEMs.

Please keep in mind that Control Center and Scanners are providing different logs.