McAfee MAP-3300-SWG Product Guide - Page 273

Overview of System features Logging, Alerting and SNMP Table 272 Extended Syslog attributes for Splunk (continued) Syslog entry Notes Example name A description of the event Anti-virus engine detection policy_name Name of in force policy My policy Note: __smtp_master refers to the default policy dvc_host Host responsible for scanning in Appliance1 a blade environment event_id Event ID 180000 reason_id Reason ID 145 - Clean 146 - Replace 624 PuP Detection 625 - Packer Detection direction Whether inbound (0) or 0, 1 outbound(1) as defined by the administrator for the policy src_ip Originating client IP address of the host sending the email src_host Originating client host name if available dest_ip Destination client IP address of the host sending the email dest_host Destination client host name if available is_primary_action Indicates if the action taken is 0,1 the main action defined for the event. 1 indicates primary action scanner Which scanner detected the event AV - Anti Virus action The action taken for the event ESERVICES:REPLACE - Replace with an alert WEBSHIELD:REFUSEORIGINAL Refuse the email WEBSHIELD:ACCEPTANDDROP Accept the email and then drop it ESERVICES:ALLOWTHRU Allow the email through WEBSHIELD:DENYCONNECTION - Refuse the email and deny the connection for a period of time status A descriptive message for the event The content was categorized as uncleanable content sender The sender of the email recipient A list of recipient email addresses , , msgid A unique id assigned to each mail message nrcpts Number of the recipients for the 3 mail relay Address of the next MTA the 172.16.140.118 mail would be sent to if known subject The subject of the email A subject line here McAfee Email and Web Security Appliances 5.6.0 Product Guide 273