search cancel

Only the first instance of matching test for a content filtering rule is logged in Message Audit Logs (MAL)


Article ID: 211280


Updated On:


Messaging Gateway


When matching content in the Messaging Gateway (SMG) content filtering rules, only the first instance of the matching text appears in the Message Audit Logs (MAL) rather than all instances or matching text.

For example, when searching for the string "the" in a message body, the string "The dog chased the cat across the yard" will result in a MAL entry that appears as follows.



This is expected behavior and by design in order optimize performance and to limit disk consumption by the Message Audit Logs.

In some use cases it is desirable for all instances of matching text, URLs for example, to be sent via Message Audit Logs to a SIEM but this was not originally a design consideration for the SMG content filtering rules. 


Release :

Component :


This is expected behavior and by design.

A modification to this limit is under consideration to meet new use cases introduced by the increase use of security information and event management (SIEM) solutions.