The SOC log level has been introduced to support easier parsing or exporting data to 3rd party aggregators, such as Syslog. The SOC log level has the following entries:
| Event | Log identifier | Fields |
|---|---|---|
| Email received | email.receive | email_id, ip_address, sender, recipients, subject, processing_id, message_id |
| Email refused | email.refuse | ip_address, sender, recipient, response |
| Email scanned Email rescanned | email.scan email.rescan | email_id, sender, recipients, subject, processing_id, message_id, classifications, scan_result, anti_spam_result, rule_name, scan_result_details |
| Email completed | email.complete | email_id, sender, recipients, subject, processing_id, message_id, classifications, status |
| Email quarantined | email.quarantine | email_id, sender, recipients, subject, processing_id, message_id, classifications |
| Email retrying | email.retry | email_id , sender, recipients, subject, processing_id, message_id, classifications, retry_count, next_retry |
| Email failed | email.failure | email_id, sender, recipients, subject, processing_id, message_id, classifications |
processing_id: Unique message identifier on the Email Gateway Security REST API (internal; for support).
message_id: The Message-ID field according to RFC 5322 that contains a single unique message identifier.
email_id: Unique message identifier inside Email Gateway Security (internal; for support).
classifications: Classifications according to Email classifications.
scan_result: Over scan result by MetaDefender Core. The value may be Allowed or Blocked based on the setting in the Allowed processing results on MetaDefender Core image below.
antispam_result: Anti-spam and Anti-phishing classifications according to Spam classifications and Phishing classifications respectively.
scan_result_details: scan details (URLs, data IDs, verdicts, etc.) on MetaDefender Core for each email component (headers, bodies, each attachments).
status: Status of the email according to Processing status values.
retry_count: Number of retry attempts have done in case of a processing or delivery failure.
next_retry: The time of the next retry attempt in case of a processing or delivery failure.
Allowed processing results on MetaDefender Core
Certain SOC level logs contain parameters of that entry. For example the ip_address parameter below:
Sep 23 10:32:06 UTC LE11-D8766 CEF:0|OPSWAT|MDEMAIL|6.1.2RC1|email.receive|Email receive, email_id='804cc4c0-226f-45bc-800f-29a88ee94caf', ip_address='127.0.0.1', message_id='e842c3d7-0694-4ba5-97f1-03eed504f62a@remo.te', processing_id='a9b68d415e754798b63ab274f47177f4', recipients='joe@loc.al', sender='dan@remo.te', subject='bec'|5|OMStid=6976 OMSmsgid=0
The values of these parameters might contain the delimiter single qoute ' character. In these cases the single quote ' characters are escaped by doubling each single qoute character (e.g. ''' , '''''' , etc.).
