Message Tracking Event

Vendor Documentation

Rule Name	Rule Type	Classification	Common Event
Message Tracking Event	Base Rule	Information	General Tracking Log
Message Tracking Event : Message Quarantined	Sub Rule	Failed Activity	Quarantined Message
Message Tracking Event : Message Delivered	Sub Rule	Information	Message Delivered
Message Tracking Event : Message Delivery Unsuccessful	Sub Rule	Error	Message Delivery Failed
Message Tracking Event : Message Processing Completed	Sub Rule	Activity	General Threat Message
Message Tracking Event : Message Deleted	Sub Rule	Information	Quarantined Message Deleted

Device Key in Log Message	LogRhythm Schema	Data Type	Schema Description
Header (logVer)	N/A	N/A	CEF format version
Header (vendor)	N/A	N/A	Appliance vendor
Header (pname)	N/A	N/A	Appliance product
Header (pver)	N/A	N/A	Appliance version
Header (eventid)	N/A	N/A	Signature ID
Header (eventName)	<vendorinfo>	Text/String	Description
Header (severity)	<severity>	Number	Severity
cs1	N/A	N/A	Email ID
cs1Label	N/A	N/A	Email ID label
cs2	N/A	N/A	Internal Email ID
cs2Label	N/A	N/A	Internal Email ID label
cs3	<action> <tag1>	Text/String	Details Examples: Quarantined Delivered Delivery unsuccessful Processing completed Deleted
cs3Label	N/A	N/A	Latest status label
cs4	N/A	N/A	Sender email address
cs4Label	N/A	N/A	Sender email address label
cs5	N/A	N/A	Recipient email address
cs5Label	N/A	N/A	Recipient email address label
cs6	<status>	Text/String	Process history
cs6Label	N/A	N/A	Process history label
destinationTranslatedAddress	N/A	N/A	Relay MTA IP address
deviceExternalId	N/A	N/A	Appliance GUID
duser	<recipient>	Text/String	Email recipients
dvc	N/A	N/A	Appliance IP address
dvchost	N/A	N/A	Appliance host name
dvcmac	N/A	N/A	Appliance MAC address
msg	<subject>	Text/String	Email subject
reason	<reason>	Text/String	Reason for block action
rt	N/A	N/A	Log generation time Format: Unix time stamp (number of milliseconds since Jan 01 1970 UTC)
src	<sip>	IP	Source IP address
suser	<sender>	Text/String	Email sender