A requirement to trace administrator activity within the Symantec Messaging Gateway has arisen. How is this activity logged?
Some administrative events are logged in the Control Center event logs. They can be viewed via the Status -> Logs page:
1. Go to Status -> Logs
2. Select “Control Center” as the component
3. Select “Event Logs” as the log type
4. Download the needed Brightmail_Admin_Events.yyyy.mm.dd.log
Below is a sample of what the event log can look like:
Nov 14 2011 06:10:32 - Messages older than 2011-11-14 00:10:32 have been released. User: HOLDING_QUEUE_EXPUNGER.
Nov 14 2011 06:13:05 - User 'admin' has logged in.
Nov 14 2011 06:14:34 - The content filtering policy 'Legal Disclaimer' has been changed by admin.
To identify the activity performed by different administrators, additional admin level login accounts need to be set up in advance.
Symantec Messaging Gateway 9.x
Symantec Messaging Gateway 10.x