How to use the CLI tool "malquery" on a Symantec Brightmail Gateway Appliance / Virtual Edition
Last Updated October 05, 2015
There is a need to query the Message Audit Log on a Symantec Messaging Gateway scanner on the Command Line Interface. It is possible to use "malquery" for that purpose. It is worth noting, that "malquery" does not have the limitation of 1,000 messages as it is exhibited on the Graphical User Interface (Status --> Message Audit Log). For more information, please visit "About message audit logging for the Symantec Messaging Gateway".
For Symantec Messaging Gateway 10.x
-l <start time YYYYMMDDHHMM>,<end time YYYYMMDDHHMM> -g <start time UTC>,<end time UTC> -u <uid> [-u <uid> ... ] -e <event name[,arg #]><=|*><string> [-e <event name[,arg #]><=|*><string> ... ] [-m #] [-o <filename>] [-d] [-v]
-m max_results Maximum number of messages to return. The default is 1000.
-i index_max The index (.idx file) will be used if the number of matching results is less than or equal to index_max. Otherwise, the index will be ignored. The default for index_max is 1000. This option exists because looking up large numbers of events in the index can actually be more time consuming than searching the flat file.
-o file Output matching results to the specified file.
-d Distributed option. The behavior of this option is undocumented.