The following article lists the log format of some administrative and system events recorded in the Symantec Messaging Gateway (SMG) through remote logging.

Symantec Messaging Gateway - Control Center

System Events

1. System Restart Initiated

• Event: The system was rebooted via the command line interface.

• Log Entry:
  CLI-reboot: Admin user has initiated a system reboot.
systemd-logind[735]: The system will reboot now!

2. System Shutdown Initiated

• Event: The system was powered off using CLI commands.

• Log Entry:
  CLI-reboot: Admin user has initiated a system shutdown.
systemd-logind[712]: The system will halt now!

User Authentication Events

3. Failed Login Attempt

• Event: Unsuccessful login by a user.

• Log Entry:
  AuditEventLogManager: User 'admin' is unable to log in.

4. Successful Login

• Event: Successful login by an administrator.

• Log Entry:
  AuditEventLogManager: User 'admin' has logged in.

User Account Management

5. User Account Deleted

• Event: An administrator account was deleted.

• Log Entry:
  AuditEventLogManager: An administrator 'admin' has been deleted by admin.

6. User Account Updated (Password Change)

• Event: User account configuration change and password update.

• Log Entry:
  AuditEventLogManager: An administrator 'admin3' has been changed by admin.
AuditEventLogManager: admin has changed the password for administrator 'admin3'.

Policy Management

7. Policy Creation

• Event: A new content filtering policy was introduced.

• Log Entry:
  AuditEventLogManager: The content filtering policy 'NEW-POLICY' has been added by admin.

8. Policy Modification

• Event: An existing policy was edited.

• Log Entry:
  AuditEventLogManager: The content filtering policy 'NEW-POLICY' has been modified by admin.

9. Policy Deletion

• Event: A content filtering policy was removed.

• Log Entry:
  AuditEventLogManager: The content filtering policy 'NEW-POLICY' has been deleted by admin.