<p>Commentary on Point 1.   The 30 char limit on email address in the Syslog (I and O records) will truncate this : <font face="Arial, Helvetica" size="-1"><font color="#008800">Symantec_Mail_Security_for_SMTP@workorder.se</font></font>   Changing to variable-length records will also allow the addition of new fields more easily.</p><p>Commentary on Point 2 relating to mail stats.    In trying to determine bandwidth usage per user, I have been examining the "I" and "O" records from the Syslog.    2.1  Mail between Local users only generates an "I" record.    2.2  A Local / Non-Local identifier on each address would be most useful for reporting (as indicated in the Core display)           This to be able to split reporting between Local and Non-Local traffic.    2.3  Inbound mail indicates the TO address as the "mailbox" name and not the "alias" (email address)          Outbound mail shows the FROM address as the email address and not eh "mailbox" name.          Correlating the two is not possible by looking at the data only - a matching table is required. </p><p> </p><p> </p><p> </p>

<P>1) Log files should not use fixed length fields, but variable length ones with separators, to avoid to lose part of the informations, besides wasting some space.</P> <P>2) Compared to other products some informations are missing and/or can't easily be parsed to generate statistics, i,e, via AWStats.</P>