TA-Symantec Mail Gateway

This Splunk Technology Add-on (TA) enables parsing and normalization of logs from Symantec Mail Gateway (SMG) systems. It extracts structured fields from raw syslog data and assigns appropriate sourcetypes for accurate categorization and analysis in Splunk and assign sourcetype=symantec:mg:syslog, as default to all the incoming data. The TA supports multiple components of Symantec Mail Gateway including: bmserver – Verdicts, TrackerIDs, Attachments, Quarantine actions ecelerity – Email delivery, ORCPTS, TRACKERID, TRANS_FAILURE, DELIVERY_FAILURE audit – Quarantine Delete/Release events quarantine – Spam quarantine summary logs brightmail – Watchdog, URLAnalyzer, Spamhunter dns – Named (BIND) resolver responses system – CROND, rsyslogd-pstats, cron jobs mail – Message views by users (AuditEventLogManager) auth – Sudo session opens/closes syslog – Miscellaneous default logs.

Built by ARAFAT MALIK

Latest Version 1.0.0

April 14, 2025

Compatibility

Not Available

Platform Version: 9.4, 9.3, 9.2, 9.1, 9.0, 8.2, 8.1, 8.0, 7.3, 7.2, 7.1, 7.0

CIM Version: 6.x, 5.x, 4.x, 3.x

Rating

0

(0)

Log in to rate this app

Support

Developer Supported addon

Learn more

Ranking

#28

in Email

This Splunk Technology Add-on (TA) enables parsing and normalization of logs from Symantec Mail Gateway (SMG) systems. It extracts structured fields from raw syslog data and assigns appropriate sourcetypes for accurate categorization and analysis in Splunk and assign sourcetype=symantec:mg:syslog, as default to all the incoming data. The TA supports multiple components of Symantec Mail Gateway including: bmserver – Verdicts, TrackerIDs, Attachments, Quarantine actions ecelerity – Email delivery, ORCPTS, TRACKERID, TRANS_FAILURE, DELIVERY_FAILURE audit – Quarantine Delete/Release events quarantine – Spam quarantine summary logs brightmail – Watchdog, URLAnalyzer, Spamhunter dns – Named (BIND) resolver responses system – CROND, rsyslogd-pstats, cron jobs mail – Message views by users (AuditEventLogManager) auth – Sudo session opens/closes syslog – Miscellaneous default logs.