Message Tracking Event

Message Tracking Event

Base Rule

Information 

General Tracking Log

Message Tracking Event : Message Quarantined

Sub Rule

Failed Activity

Quarantined Message

Message Tracking Event : Message Delivered

Sub Rule

Information

Message Delivered

Message Tracking Event : Message Delivery Unsuccessful

Sub Rule

Error

Message Delivery Failed

Message Tracking Event : Message Processing Completed

Sub Rule

Activity

General Threat Message

Message Tracking Event : Message Deleted

Sub Rule

Information

Quarantined Message Deleted

Header (logVer)

N/A

N/A

CEF format version

Header (vendor)

N/A

N/A

Appliance vendor

Header (pname)

N/A

N/A

Appliance product

Header (pver)

N/A

N/A

Appliance version

Header (eventid)

N/A

N/A

Signature ID

Header (eventName)

<vendorinfo>

Text/String

Description

Header (severity)

<severity>

Number

Severity

cs1

N/A

N/A

Email ID

cs1Label

N/A

N/A

Email ID label

cs2

N/A

N/A

Internal Email ID

cs2Label

N/A

N/A

Internal Email ID label

cs3

<action>
<tag1>

Text/String

Details
Examples:

• Quarantined

• Delivered

• Delivery unsuccessful

• Processing completed

• Deleted

cs3Label

N/A

N/A

Latest status label

cs4

N/A

N/A

Sender email address

cs4Label

N/A

N/A

Sender email address label

cs5

N/A

N/A

Recipient email address

cs5Label

N/A

N/A

Recipient email address label

cs6

<status>

Text/String

Process history

cs6Label

N/A

N/A

Process history label

destinationTranslatedAddress

N/A

N/A

Relay MTA IP address

deviceExternalId

N/A

N/A

Appliance GUID

duser

<recipient>

Text/String

Email recipients

dvc

N/A

N/A

Appliance IP address

dvchost

N/A

N/A

Appliance host name

dvcmac

N/A

N/A

Appliance MAC address

msg

<subject>

Text/String

Email subject

reason

<reason>

Text/String

Reason for block action

rt

N/A

N/A

Log generation time
Format: Unix time stamp (number of milliseconds since Jan 01 1970 UTC)

src

<sip>

IP

Source IP address

suser

<sender>

Text/String

Email sender