Fields specific to the "l_smtp" log
The fields described below appear in the web administration interface of the firewall under the Monitoring > Logs - Audit logs module, in the views: All logs, Network traffic and E-mails.
| ruleid |
Number of the filter rule applied. Example: “1”, “2” … Available from: SNS v1.0.0. |
|
Rule |
|
|
user |
E-mail address of the sender. String of characters in UTF-8 format. Example: "john.doe@company1.com" May be displayed anonymously depending on the administrator's access privileges. Available from: SNS v1.0.0. |
| User | |
|
dstname |
E-mail address of the recipient. String of characters in UTF-8 format. Example: "john.doe@company2.com" Available from: SNS v1.0.0. |
|
Destination name |
|
|
msg |
Message associated with the SMTP command executed. String of characters in UTF-8 format. Example: “Connection interrupted” |
|
Message |
|
|
spamlevel |
Results of antispam processing on the message. Values: "X": error while processing the message. "? ": the nature of the message could not be determined. "0": non-spam message. "1", "2" or "3": criticality of the spam message, 3 being the most critical. Available from: SNS v1.0.0. |
|
Spam |
|
|
virus |
Message indicating whether a virus has been detected (the antivirus has to be enabled) Example: “clean” |
|
Virus Example: “clean” |
|
| ads |
Indicates whether the antispam has detected an e-mail as an advertisement. Values: “0” or“1”. |
| Advertisement | |
| dstcontinent |
Continent to which the destination IP address of the connection belongs. Value: continent's ISO code Example: dstcontinent="eu" Available from: SNS v3.0.0. |
| Destination continent | |
| dstcountry |
Country to which the destination IP address of the connection belongs. Format: country's ISO code Example: dstcountry="fr" Available from: SNS v3.0.0. |
| Destination country | |
| dsthostrep |
Reputation of the connection's target host. Available only if reputation management has been enabled for the relevant host. Format: unrestricted integer. Example: dsthostrep=506 Available from: SNS v3.0.0. |
| Destination host reputation | |
| dstiprep |
Reputation of the destination IP address. Available only if this IP address is public and listed in the IP address reputation base. Value: "anonymizer", "botnet", "malware", "phishing", "tor", "scanner" or "spam". Example: dstiprep="spam" Available from: SNS v3.0.0. |
| Public reputation of the destination IP address | |
| srccontinent |
Continent to which the source IP address of the connection belongs. Value: continent's ISO code Example: srccontinent="eu" Available from: SNS v3.0.0. |
| Source continent | |
| srccountry |
Country to which the source IP address of the connection belongs. Format: country's ISO code Example: srccountry="fr" Available from: SNS v3.0.0. |
| Source country | |
| srchostrep |
Reputation of the connection's source host. Available only if reputation management has been enabled for the relevant host. Format: unrestricted integer. Example: srchostrep=26123 Available from: SNS v3.0.0. |
| Source host reputation | |
| srciprep |
Reputation of the source IP address. Available only if this IP address is public and listed in the IP address reputation base. Value: "anonymizer", "botnet", "malware", "phishing", "tor", "scanner" or "spam". Example: srciprep="anonymizer,tor" Available from: SNS v3.0.0. |
| Public reputation of the source IP address | |
| mailruleid |
Number of the mail filter rule applied. Digital format Example: mailruleid=48 Available from: SNS v3.2.0. |