Video Screencast Help

audit logs number do not match,

Created: 10 Jun 2013 | 3 comments
MiRzA's picture

Dear All,

We are facing issue with Symantec Messaging Gateway’s audit logs, we generating three types of logs,

  • first one is total number of email messages by selecting domain as recipient and total number of email are 4,066
  • Second report is normal delivered emails  

Recipient is Option filter is Action takenOption filter value is message delivered normally .

Total number is 3,508

  • Third log is deleted messages
  • Recipient is àOption filter is Action takenàOption filter value is Deleted messages

Total deleted messages are 2.841

The issue is deleted email and normally delivered emails should be equal to total emails orless thane total emails. But in this case numbers are not equal.

Kindly guide me how can we get this ,,,

Operating Systems:
Discussion Filed Under:

Comments 3 CommentsJump to latest comment

MiRzA's picture

Any body ,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,

Luigi81's picture

First at all, Message Audit Logs are used to search specific messages and is not designed to work like a database like SQL, where you can do querys of unlimited entries. Message audit logs have limitations.

While searching, the following rules are used:

  • No more than 1,000 messages are allowed per search on each Scanner being searched.

  • Freeform text fields are non-case-sensitive substring searches.


The Message Audit Log provides information on each message received by each recipient. For example, if the same message is received by 10 recipients, you see 10 entries in the Message Audit Log. To reach the limit of 1,000 messages returned, Symantec Messaging Gateway counts multiple entries for the different recipients of the same message as one message.

This is an extract from the KB

If you need gather all the logs, you will need configurate a syslog, in it you will have the results that you expected.