SOC log level
The SOC log level has been introduced to support easier parsing or exporting data to 3rd party aggregators, such as Syslog. The SOC log level has the following entries:
| Event | Log identifier | Fields |
|---|---|---|
| Email received | email.receive | email_id, ip_address, sender, recipients, subject, processing_id, message_id |
| Email refused | email.refuse | ip_address, sender, recipient, response |
| Email scanned | email.scan | email_id, sender, recipients, subject, processing_id, message_id, classifications, scan_result, anti_spam_result, rule_name, scan_result_urls |
| Email completed | email.complete | email_id, sender, recipients, subject, processing_id, message_id, classifications, status |
| Email quarantined | email.quarantine | email_id, sender, recipients, subject, processing_id, message_id, classifications |
| Email retrying | email.retry | email_id sender, recipients, subject, processing_id, message_id, classifications, retry_count, next_retry |
| Email failed | email.failure | email_id, sender, recipients, subject, processing_id, message_id, classifications |
processing_id: Unique message identifier on the Email Gateway Security REST API (internal; for support).
message_id: The Message-ID field according to RFC 5322 that contains a single unique message identifier.
email_id: Unique message identifier inside Email Gateway Security (internal; for support).
classifications: Classifications according to Email classifications.
scan_result: Over scan result by MetaDefender Core. The value may be Allowed or Blocked based on the setting in the Allowed processing results on MetaDefender Core image below.
antispam_result: Anti-spam and Anti-phishing classifications according to Spam classifications and Phishing classifications respectively.
scanresult_urls: URLs to the scan results on MetaDefender core for each email component (headers, bodies, each attachments).
status: Status of the email according to Processing status values.
retry_count: Number of retry attempts have done in case of a processing or delivery failure.
next_retry: The time of the next retry attempt in case of a processing or delivery failure.
Allowed processing results on MetaDefender Core