List of logs

Logs information from the service responsible for adding reporting data to the report database, and generating scheduled reports.

Secure Email Gateway checks for new anti-virus definitions at frequent intervals. If new updates are available from Avira, it downloads them and validates them to ensure they are fit for live deployment. This log shows the messages output by the download and validation scripts.

When exported to a syslog server, the time stamp of this log represents the time of export, rather than the time the log was generated.

For information on how to update Avira offline, see Use the Gateway in an offline environment.

Logs details of backups.

Logs details of revoked certificates, certificates with warnings, and the results of certificate A digital means of proving your identity. When you send a digitally-signed message, you are sending your certificate and public key. Certificates are issued by a certification authority and can expire or be revoked. validation checks.

Logs the use of secure shell (sshd) to log in to the Secure Email Gateway Console, and the user of the su command from the Console.

Logs details of decryption.

Logs details of encryption.

Logs when FIPS mode is enabled.

Log output from syslog-ng.

Logs information about hardware events, such as disk-failures and temperature warnings.

Logs information about statistics displayed by the Health page.

Logs information from the service responsible for message area management, batch processing, managed downloads, and message tracking.

Logs Linux kernel information.

Logs information from the service responsible for updating LDAP Synchronized Address Lists.

Logs when synchronization of the data in the manager relationships file occurs.

Logs details of messages processed by Secure Email Gateway. The Message Transaction log displays the date and time of the event, the message ID, message event type and outcome, attachment names and sender and recipient information. Message Transaction logs are recorded once per hour, with a delay of approximately 10 minutes.

Logs details of message transactions between Secure Email Gateway and a connected Information Governance server (IGS) or Critical Information Protection server (CIPS).

Logs details of the usage of the MTA-STS service.

Logs details of peer communications.

Logs details of when Secure Email Gateway attempts to download the latest list of URLs from the PhishTank database.

Logs the following PMM operations:

• ARL: message automatically released because the sender was trusted
• NFY: message digest sent to a user
• DLT: message deleted by a user
• LNK: request to send a user a link to their trusted sender management page (PMM Lite mode only)
• RFP: false-positive reports when a message is released as Not Junk Email
• RLS: message released by a user
• Queries made to Active Directory as a result of users logging in to the PMM portal

Logs information from the service that generates PMM message digests and actions users' PMM deliver and delete requests.

Logs warnings for any discrepancies in the certificate used by the server.

Logs information from the web server that responds to users' PMM Deliver and Delete requests.

Logs information from the Secure Email Gateway Policy Engine.

Logs all alerts generated by the Secure Email Gateway Policy Engine, including those generated as a result of "Generate an Alert" actions in content rules.

Logs information on suspected or confirmed junk mail filtered by Rspamd anti-spam engine. This includes SpamAssassin Rules, which if enabled works to enhance spam detection rates.

Logs information about the Sandbox Mailstore Service.

Logs information about the Sandbox Manager Service.

Logs the starting and stopping of the system services during:

• System startup
• System shutdown
• Installation of a software upgrade

When exported to a syslog server, the time stamp of this log represents the time of export, rather than the time the log was generated.

Logs the status history of supported services, including managed lists, anti-virus updates and reputation uploads.

Logs information from the inbound and outbound Postfix.

AUTH: Successful SMTP authentication is indicated with details.

SegMilter, Anti-spam service, and Mailshell logs are also recorded.

Displays detected threats including the EICAR test, which is used by Sophos to validate updates to the anti-virus definitions.

When exported to a syslog server, the time stamp of this log represents the time of export, rather than the time the log was generated.

Secure Email Gateway checks for new anti-virus definitions at frequent intervals. If new updates are available from Sophos, it downloads them and validates them to ensure they are fit for live deployment. This log shows the messages output by the download and validation scripts.

When exported to a syslog server, the time stamp of this log represents the time of export, rather than the time the log was generated.

Logs information about the SQL database.

Logs all system errors collectively.

Logs output from general housekeeping (e.g. database optimization) and configuration deployment tasks

Logs data written to /var/log/cs-gateway/daemon.log, in particular from the Network Time Protocol service.

Logs information about the Transaction Log Export Log.

Logs information from the service responsible for automatic software upgrades.

Logs information relating to Active Directory user authentication.

Logs information from the Secure Email Gateway web server that handles user interface requests.

Logs user session navigation information.