You want to know how events are logged in Symantec Mail Security for Microsoft Exchange. 

Symantec Mail Security for Microsoft Exchange logs events to the following locations:

Windows Application Event Log
Symantec Mail Security for Microsoft Exchange reports server events and policy violations (such as threat detections and filtering violations) to the Windows Event Viewer Application Log.  The Symantec Mail Security for Microsoft Exchange console provides an Event Log page that lets you view Windows Event Viewer Application Log entries in chronological order with the most current event at the top.  The Event Log page displays information, warning, and error events.

Symantec Mail Security for Microsoft Exchange Reports database
Symantec Mail Security for Microsoft Exchange logs extensive report data on threats, security risks, violations, spam, and server information to a reports database.  You can use this data to generate summary or detailed reports based on different subsets of the data.  When you define a report, you specify criteria such as the time span of the collected data, whether to show specific violations or all violations, and the output format of the report.  You can specify how long Symantec Mail Security for Microsoft Exchange maintains data in the Reports database.  You can also purge the database at any time.


Viewing the Symantec Mail Security for Microsoft Exchange Event log
The Symantec Mail Security for Microsoft Exchange Event Log lets you view and sort event data that is generated by Symantec Mail Security for Microsoft Exchange and written to the Windows Event Viewer Application Log.  You can view the Symantec Mail Security for Microsoft Exchange Event Log from the console.  You can filter event data by categories.  You can also select a start date from which to begin displaying event data.  When you select an event in the Event Log table, details about the event appear in the preview pane.

The Symantec Mail Security for Microsoft Exchange Event Log displays the 5000 most recent Symantec Mail Security for Microsoft Exchange events from the Windows Event Viewer Application Log, per server.  For example, if your group contains five servers, the event log can display up to 25,000 events.

The Event Log displays the following information:

Server Name of the server on which the event occurred

Timestamp Date and time the event occurred

Severity Severity categories are as follows:

• Warning
• Information
• Error

Category Categories are as follows:

• Auto-protect
• Content Filtering Engine
• Content Filtering Rules
• Encrypted
• Error
• Licensing
• LiveUpdate/Rapid Release
• Manual and Scheduled Scanning
• Outbreak Management
• Premium AntiSpam
• Quarantine
• Scanning
• Service
• Settings
• Spam Filter Engine 
• Threat/Security Risk
• Unscannable
• VSAPI

Message Description of the event


Manually refresh the page if it is blank or to refresh the page to view the most recent events.  In a large group, refreshing the page might take several minutes.


To view the Symantec Mail Security for Microsoft Exchange Event Log

1. In the console on the primary navigation bar, click Monitors.
2. In the sidebar under Views, click Event Log.
3. Press F5 (or use the View > Refresh option on the Menu bar) to populate and refresh the Symantec Mail Security for Microsoft Exchange Event Log.
4. Click the column headers to sort the list data by different criteria.  

To filter the Symantec Mail Security for Microsoft Exchange Event Log

1. Under the Event Log table, in the Number of items per page list, select a number of items that you want to view per page using the drop-down menu.  The default value is 10.
2. In the List box, select a category on which to filter the event data using the drop-down menu.
3. In the entries since list, select a start date from which to begin displaying event data using the drop-down menu.

NOTE:
You can configure whether you want Symantec Mail Security for Microsoft Exchange to log spam events to the specified logging destinations.
This setting is in the Symantec Mail Security for Microsoft Exchange Console.

1. Go to Policies.
2. Select Premium AntiSpam Actions.
3. Enable or disable the Log option under Spam Messages, Suspected Spam and SCL, and Suspected Spam as desired.