When performing a search in the Message Audit Logs via the Control Center web interface, the results do not appear to show all expected messages. Specifically, the latest logs within the selected timeframe are missing, and the total number of returned entries stops at a specific limit.

This is expected behavior within Symantec Messaging Gateway (SMG). To maintain optimal interface performance, the Control Center enforces a hard limit on the number of audit logs it can retrieve and display at once:

• The maximum limit is 1000 audit logs per Scanner.

If a search query triggers more than 1000 results on a single scanner, the system will only display the first 1000 logs it processes. Because of how the database indexes these records during a broad fetch, this often results in the most recent entries being omitted from the view once the threshold is reached.

While SMG is a premier mail security appliance, it is not designed to function as a high-volume logging or long-term forensics tool. If you find yourself hitting this limit, we recommend the following workarounds:

1. Narrow Your Search Queries

To view the "missing" latest logs, try to reduce the scope of your search so that the total results fall below the 1000-record limit. You can do this by:

• Shortening the Time Range (e.g., searching hour-by-hour instead of a full day).

• Filtering by specific Sender or Recipient addresses.

• Filtering by a specific Message-ID or Subject.

2. Export to a Remote Syslog Server

For environments that require powerful, unlimited querying capabilities or long-term data retention, we recommend configuring SMG to send audit logs to a third-party Syslog server.

• This allows you to offload the logging data to a dedicated platform where you can run complex queries without the 1000-record display constraint of the SMG Control Center.