You can use the SEG V2 Admin page to monitor the health, logging levels, and diagnostics of your SEG.

You can access the Admin page at https://localhost:44444/seg/admin. If SSL is not enabled for SEG, use http.

After you install the SEG, you can perform the following tasks from the SEG Admin page:

  • Change logging levels for the different SEG processes
  • Call diagnostics endpoints


The information related to the SEG processes is recorded in different log files. The level of logging determines the amount of information that is logged for a particular log file. The duration specifies how long an elevated logging level persists before reverting to the default level of the log.

The SEG generates the following logs:

Log Name Description of the Log Contents
Transaction Summary Overview information of each email request that passes through the SEG including information such as user, HTTP response code, and request processing time.
Device Transactions (All) Detailed information about the individual EAS requests that including allow or block reasons and HTTP headers.
Kerberos Service Manager Information from the Kerberos Service Manager.
Ews transactions (All) Detailed information of each EWS request served by the SEG.
Ews Transaction Summary Overview information of each EWS request served by the SEG.
Device Transactions (Blocked) Detailed information about individual EAS requests including allowed or blocked reason and HTTP headers for blocked devices.
Policy Cache Information on the state of the policy cache.
Policy Updates Information related to real-time and bulk policy updates.
Console Transaction Reporting Information about reporting data used by MEM dashboards in the UEM console.
Content Transformation Detailed information related to the content transformations.
Certificate Authentication Information related to the certificate validation and retrieval of the UPN.


On the Diagnostics page you can view the diagnostic information for the SEG and invoke diagnostic endpoints to see other SEG-related information such as the SEG configuration settings, look up the policies in the SEG cache, and download records related to specific policy types.

To use these endpoints, enter the API endpoints as shown in the following table into the REST API URI field on the diagnostic page and click the GET button. Information related to the endpoint is either displayed in the text area on the diagnostics page or a .csv file of the information is downloaded.

API Endpoint   Description

Returns SEG diagnostic information.

By default, the SEG diagnostic information is displayed on the diagnostics page.

/policy/segconfig Returns the SEG configuration settings.
/policy/<Policy Type>/<Policy Lookup Key>  Look up the policies in the SEG cache.
/cache/<Policy Type>/ Download records related to policy types including devices, accounts, managed attachments, unmanaged attachments, and 451 redirect mappings.

The following table contains policy types and their respective lookup keys you use to view these policies in the SEG cache. Replace the <Policy Type> and the <Policy Lookup Key> in the API endpoint, /policy/<Policy Type>/<Policy Lookup Key>.

PoIicy Type Policy Lookup Key Description
segconfig No lookup key required Look up the SEG configuration settings.
generalaccess No lookup key required Look up the general access policy.
device EAS Device Identifier

Look up the device policy by providing the EAS Device Identifier as the lookup key.

For example, /policy/device/SMKG1KBHQ53H39TFTNQQ10JDES

account User name Look up the account policy by providing user name as the lookup key.
easdevicetype EAS device type

Look up the EAS device type policy by providing EAS device type as the lookup key.


Mail Client

Look up the mail client policy by providing mail client as the lookup key.

You must have all characters in the encoded URL form.

For example, /policy/mailclient/Apple-iPhone5C3%2F1405.526000002

hyperlink No lookup key required Look up the hyperlink policy.


AirWatch Device ID Look up the encryption key data payload by providing the Workspace ONE UEM Device ID as the lookup key.