Each Scanner maintains a database of log information. You can view these logs on the Control Center. This information lets you diagnose error conditions and keep track of many aspects of your system during its operation.
You can store the log data for the following Symantec Message Filter components:
You can designate the severity of errors that you want written to the log files. Symantec Message Filter provides several logging levels, with each successive level including all errors from the previous levels. The default logging level for each Symantec Message Filter software component is Warnings.
Symantec Message Filter provides a message auditing component that lets you save the message audit logs to bmserver logs or system logs. The Message audit log provides you with a trail of detailed information about every message that the Scanner has processed. Auditing information is used to track what decisions were made within a single Scanner framework. The Message audit log does not replace debug or information level logging. Unlike standard Scanner logging, the Message audit log provides information specifically associated with a message.
The configuration of the facilities lets you direct messages to various local files. The specified facility does all the logging when you use the Syslog. The default facility is mail. You can configure Syslog for the following facilities: kern, mail, user, daemon, auth, lpr, news, uucp, cron, local0, local1, local2, local2, local3, local4, local5, local6, local7.
To limit the size of the database that stores log data, Symantec Message Filter stores seven days of log data with a maximum storage allotment of 512 MB. If the database already has 512 MB of data or seven days of data, the oldest log data is deleted. To keep more log data for a longer period, you can change the default maximum log size and retention period settings.