McAfee MAP-3300-SWG Product Guide - Page 274
Table 272, Extended Syslog attributes for Splunk, Glossary, content_terms
UPC - 731944547008
View all McAfee MAP-3300-SWG manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 274 highlights
Overview of System features Logging, Alerting and SNMP Table 272 Extended Syslog attributes for Splunk (continued) Syslog entry Notes Example size Size of the message in bytes 231 attachments The attachments of the email (optional) file1.doc, file2.doc number_attachments The number of attachments of 2 the email (optional) virus_name The name of the detected virus EICAR test file file_name Filename in which the detection eicar_com.zip occurred spamscore The score this message achieved spamthreshold The threshold it exceeded spamrules A list of the rules to determine it's status as spam URL Url which caused the event to be http://www.eicar.org/download/ generated eicar.com contentrule The rule that caused the event content_terms The terms that caused the content filter event tz The timezone where the event is UTC generated tz_offset The timezone offset in use where the event is generated +0000 Table 273 Glossary event_id 50006 180000 180002 180002 180003 180004 180008 180010 180010 180012 180031 Name Email Status Anti-virus engine detection Anti-spam classification Anti-spam classification File format detection MIME format detection URL request denied Compliancy detection Data Loss Prevention detection Mail Size detection URL has been blocked due to categorization Scanner AV (Anti Virus) AS (Anti Spam) AP (Anti Phish) FF (Format Blocking) MF (Mime Format) UF (URL Filtering) PX (Compliance) DL (Data Loss Prevention) MS(Mail Size) SA (Site Advisor) reason_id 77 83 142 145 146 Text Email Delivered Email Deferred Access to the requested URL is not permitted clean replace 274 McAfee Email and Web Security Appliances 5.6.0 Product Guide