This Splunk Technology Add-on (TA) enables parsing and normalization of logs from Symantec Mail Gateway (SMG) systems. It extracts structured fields from raw syslog data and assigns appropriate sourcetypes for accurate categorization and analysis in Splunk and assign sourcetype=symantec:mg:syslog, as default to all the incoming data. The TA supports multiple components of Symantec Mail Gateway including: bmserver – Verdicts, TrackerIDs, Attachments, Quarantine actions ecelerity – Email delivery, ORCPTS, TRACKERID, TRANS_FAILURE, DELIVERY_FAILURE audit – Quarantine Delete/Release events quarantine – Spam quarantine summary logs brightmail – Watchdog, URLAnalyzer, Spamhunter dns – Named (BIND) resolver responses system – CROND, rsyslogd-pstats, cron jobs mail – Message views by users (AuditEventLogManager) auth – Sudo session opens/closes syslog – Miscellaneous default logs.