SOC log level


The SOC log level has been introduced to support easier parsing or exporting data to 3rd party aggregators, such as Syslog. The SOC log level has the following entries:

Event

Log identifier

Fields

Email received

email.receive

email_id, ip_address, sender, recipients, subject, processing_id, message_id

Email refused

email.refuse

ip_address, sender, recipient, response

Email scanned

email.scan

email_id, sender, recipients, subject, processing_id, message_id, classifications, scan_result, anti_spam_result, rule_name, scan_result_urls

Email completed

email.complete

email_id, sender, recipients, subject, processing_id, message_id, classifications, status

Email quarantined

email.quarantine

email_id, sender, recipients, subject, processing_id, message_id, classifications

Email retrying

email.retry

email_id sender, recipients, subject, processing_id, message_id, classifications, retry_count, next_retry

Email failed

email.failure

email_id, sender, recipients, subject, processing_id, message_id, classifications

Fields

processing_id: Unique message identifier on the Email Gateway Security REST API (internal; for support).

message_id: The Message-ID field according to RFC 5322 that contains a single unique message identifier.

email_id: Unique message identifier inside Email Gateway Security (internal; for support).

classifications: Classifications according to Email classifications.

scan_result: Over scan result by MetaDefender Core. The value may be Allowed or Blocked based on the setting in the Allowed processing results on MetaDefender Core image below.

antispam_result: Anti-spam and Anti-phishing classifications according to Spam classifications and Phishing classifications respectively.

scanresult_urls: URLs to the scan results on MetaDefender core for each email component (headers, bodies, each attachments).

status: Status of the email according to Processing status values.

retry_count: Number of retry attempts have done in case of a processing or delivery failure.

next_retry: The time of the next retry attempt in case of a processing or delivery failure.

Allowed processing results on MetaDefender Core


On This Page
SOC log level