The SOC log level has been introduced to support easier parsing or exporting data to 3rd party aggregators, such as Syslog. The SOC log level has the following entries:
| Event | Log identifier | Fields |
|---|---|---|
| Email received | email.receive | email_id, ip_address, sender, recipients, subject, processing_id, message_id |
| Email refused | email.refuse | ip_address, sender, recipient, response |
| Email scanned | email.scan | email_id, sender, recipients, subject, processing_id, message_id, classifications, scan_result, anti_spam_result, rule_name, scan_result_urls |
| Email completed | email.complete | email_id, sender, recipients, subject, processing_id, message_id, classifications, status |
| Email quarantined | email.quarantine | email_id, sender, recipients, subject, processing_id, message_id, classifications |
| Email retrying | email.retry | email_id sender, recipients, subject, processing_id, message_id, classifications, retry_count, next_retry |
| Email failed | email.failure | email_id, sender, recipients, subject, processing_id, message_id, classifications |
processing_id: Unique message identifier on the Email Gateway Security REST API (internal; for support).
message_id: The Message-ID field according to RFC 5322 that contains a single unique message identifier.
email_id: Unique message identifier inside Email Gateway Security (internal; for support).
classifications: Classifications according to Email classifications.
scan_result: Over scan result by MetaDefender Core. The value may be Allowed or Blocked based on the setting in the Allowed processing results on MetaDefender Core image below.
antispam_result: Anti-spam and Anti-phishing classifications according to Spam classifications and Phishing classifications respectively.
scanresult_urls: URLs to the scan results on MetaDefender core for each email component (headers, bodies, each attachments).
status: Status of the email according to Processing status values.
retry_count: Number of retry attempts have done in case of a processing or delivery failure.
next_retry: The time of the next retry attempt in case of a processing or delivery failure.
Allowed processing results on MetaDefender Core
