Log View Database Schema

The following table combines tblMsgEntries and tblFilterEntries.

View [vwMsgFilterEntriesTmp]

Field Name	From Table	From Field	Description
msg_entry_id	tblFilterEntries	msg_entry_id	Primary key of the table [tblMsgEntries]
msg_delivery_time	tblMsgEntries	msg_delivery_time	The message delivery time
msg_found_at	tblMsgEntries	msg_found_at	The place where this message is found at
msg_source	tblMsgEntries	msg_source	The semi-colon delimited sender list
msg_destination	tblMsgEntries	msg_destination	The semi-colon delimited recipient list
msg_subject	tblMsgEntries	msg_subject	The subject of this message
filter_id	tblFilterEntries	filter_id	Primary key of the table [tblFilterEntries]
filter_scan_time	tblFilterEntries	filter_scan_time	The scan time
filter_rule	tblFilterEntries	filter_rule	The filter rule triggered. Virus/malware name for security risk filter, rule name for content filter, and file type blocked by attachment blocking filter (such as .exe), risk level of a malicious URL for Web Reputation filter
file_original	tblFilterEntries	file_original	The original file name that triggered the rule
filter_action	tblFilterEntries	filter_action	The result of the action taken
filter_reason	tblFilterEntries	filter_reason	The detailed information about how the content is being detected for content violation, malicious URL for Web Reputation filter
filter_rule_supplement	tblFilterEntries	filter_rule_supplement	The virus/malware type, used to separate virus and spyware
url_category	tblFilterEntries	url_category	The category of the detected URL

The following table combines table tblStorageEntries and view vwMsgFilterEntriesTmp.

View [vwMsgFilterEntries]

Field Name	From Table	From Field	Description
filter_scan_time	vwMsgFilterEntriesTmp	filter_scan_time	The scan time
msg_delivery_time	vwMsgFilterEntriesTmp	msg_delivery_time	The message delivery time
msg_found_at	vwMsgFilterEntriesTmp	msg_found_at	The place where this message is found at
msg_source	vwMsgFilterEntriesTmp	msg_source	The semi-colon delimited sender list
msg_destination	vwMsgFilterEntriesTmp	msg_destination	The semi-colon delimited recipient list
msg_subject	vwMsgFilterEntriesTmp	msg_subject	The subject of this message
filter_rule	vwMsgFilterEntriesTmp	filter_rule	The filter rule triggered. Virus/malware name for security risk filter, rule name for content filter, and file type blocked by attachment blocking filter (such as .exe), risk level of a malicious URL for Web Reputation filter
filter_reason	vwMsgFilterEntriesTmp	filter_reason	Detailed information about how the content is being detected for content violation, malicious URL for Web Reputation filter.
file_original	vwMsgFilterEntriesTmp	file_original	The original filename that triggered the rule
msg_entry_id	vwMsgFilterEntriesTmp	msg_entry_id	Primary key of the table [tblMsgEntries]
filter_id	vwMsgFilterEntriesTmp	filter_id	Primary key of the table [tblFilterEntries]
filter_action	vwMsgFilterEntriesTmp	filter_action	The result of the action taken
storage_entry_id	tblStorageEntries	storage_entry_id	Primary key of the table [tblStorageEntries]
storage_path	tblStorageEntries	storage_path	The path the file saved to
storage_reason	tblStorageEntries	storage_reason	The reason (quarantine, archive, or backup) to make this storage entry.
filter_rule_supplement	vwMsgFilterEntriesTmp	filter_rule_supplement	The virus/malware type, used to separate virus and spyware.
url_category	tblFilterEntries	url_category	The category of the detected URL

The following table combines table tblMsgEntries and tblStorageEntries.

View [vwMsgStorageEntries]

Field Name	From Table	From Field	Description
storage_entry_id	tblStorageEntries	storage_entry_id	Primary key of the table [tblStorageEntries]
msg_source	tblMsgEntries	msg_source	The semi-colon delimited sender list
msg_destination	tblMsgEntries	msg_destination	The semi-colon delimited recipient list
msg_subject	tblMsgEntries	msg_subject	The subject of this message
filter_id	tblStorageEntries	filter_id	Primary key of the table [tblFilterEntries]
filter_scan_time	tblStorageEntries	filter_scan_time	The scan time
filter_rule	tblStorageEntries	filter_rule	The filter rule triggered. Virus/malware name for security risk filter, rule name for content filter, and file type blocked by attachment blocking filter (such as .exe), risk level of a malicious URL for Web Reputation filter
file_original	tblStorageEntries	file_original	The original filename that triggered the rule
filter_action	tblStorageEntries	filter_action	The result of the action taken
storage_reason	tblStorageEntries	storage_reason	The reason (quarantine, archive, or backup) for this storage entry
storage_resend_count	tblStorageEntries	storage_resend_count	The count of this entry has been resent

The following table selects blocked attachments data from view vwMsgFilterEntries.

View [vwABLogs]

Field Name

From Table

From Field

Description

storage_entry_id

vwMsgFilterEntries

storage_entry_id

Primary key of the table tblStorageEntries

filter_scan_time

vwMsgFilterEntries

filter_scan_time

The scan time

msg_delivery_time

vwMsgFilterEntries

msg_delivery_time

The message delivery time

msg_found_at

vwMsgFilterEntries

msg_found_at

The place where this message is found at

msg_source

vwMsgFilterEntries

msg_source

The semi-colon delimited sender list

msg_destination

vwMsgFilterEntries

msg_destination

The semi-colon delimited recipient list

msg_subject

vwMsgFilterEntries

msg_subject

The subject of this message

filter_rule_cf

vwMsgFilterEntries

filter_rule

File type blocked by attachment blocking filter(such as .exe)

filter_original

vwMsgFilterEntries

filter_original

The original filename that triggered the rule

filter_action

vwMsgFilterEntries

filter_action

The result of action taken. Reference [action_description.xml], which is located in %SMEX_HOME%\ web\xml.

Note

%SMEX_HOME% represents the SMEX installation directory. By default, this is C:\Program Files\Trend Micro\Smex\

filter_id

vwMsgFilterEntries

filter_id

Primary key of the table [tblFilterEntries]

The following table selects security risk scan data from view vwMsgFilterEntries.

View [vwAVLogs]

Field Name

From Table

From Field

Description

storage_entry_id

vwMsgFilterEntries

storage_entry_id

Primary key of the table tblStorageEntries

filter_scan_time

vwMsgFilterEntries

filter_scan_time

The scan time

msg_delivery_time

vwMsgFilterEntries

msg_delivery_time

The message delivery time

msg_found_at

vwMsgFilterEntries

msg_found_at

The place where this message is found at

msg_source

vwMsgFilterEntries

msg_source

The semi-colon delimited sender list

msg_destination

vwMsgFilterEntries

msg_destination

The semi-colon delimited recipient list

msg_subject

vwMsgFilterEntries

msg_subject

The subject of this message

filter_rule_av

vwMsgFilterEntries

filter_rule

Virus/malware name

filter_original

vwMsgFilterEntries

filter_original

The original filename that triggered the rule

filter_action

vwMsgFilterEntries

filter_action

The result of action taken. Reference [action_description.xml], which is located in %SMEX_HOME%\ web\xml.

Note

%SMEX_HOME% represents the SMEX installation directory. By default, this is C:\Program Files\Trend Micro\Smex\

filter_rule_supplement

vwMsgFilterEntries

filter_rule_supplement

The virus/malware type, used to separate virus and spyware.

filter_id

vwMsgFilterEntries

filter_id

Primary key of the table [tblFilterEntries]

storage_reason

vwMsgFilterEntries

storage_reason

The reason (quarantine, archive, or backup) for this storage entry.

The following table selects content violation data from view vwMsgFilterEntries.

View [vwCFLogs]

Field Name

From Table

From Field

Description

storage_entry_id

vwMsgFilterEntries

storage_entry_id

Primary key of the table tblStorageEntries

filter_scan_time

vwMsgFilterEntries

filter_scan_time

The scan time

msg_delivery_time

vwMsgFilterEntries

msg_delivery_time

The message delivery time

msg_found_at

vwMsgFilterEntries

msg_found_at

The place where this message is found at

msg_source

vwMsgFilterEntries

msg_source

The semi-colon delimited sender list

msg_destination

vwMsgFilterEntries

msg_destination

The semi-colon delimited recipient list

msg_subject

vwMsgFilterEntries

msg_subject

The subject of this message

filter_rule_cf

vwMsgFilterEntries

filter_rule

Rule name for content filter

filter_original

vwMsgFilterEntries

filter_original

The original filename that triggered the rule

filter_action

vwMsgFilterEntries

filter_action

The result of action taken. Reference [action_description.xml], which is located in %SMEX_HOME%\ web\xml.

Note

%SMEX_HOME% represents the SMEX installation directory. By default, this is C:\Program Files\Trend Micro\Smex\

filter_reason

vwMsgFilterEntries

filter_reason

Detailed information about how the content is being detected for content violation, malicious URL for Web Reputation filter

filter_id

vwMsgFilterEntries

filter_id

Primary key of the table [tblFilterEntries]

The following table selects Data Loss Prevention incident data from view vwMsgFilterEntries.

View [vwDLPLogs]

Field Name

From Table

From Field

Description

storage_entry_id

vwMsgFilterEntries

storage_entry_id

Primary key of the table tblStorageEntries

filter_scan_time

vwMsgFilterEntries

filter_scan_time

The scan time

msg_delivery_time

vwMsgFilterEntries

msg_delivery_time

The message delivery time

msg_found_at

vwMsgFilterEntries

msg_found_at

The place where this message is found at

msg_source

vwMsgFilterEntries

msg_source

The semi-colon delimited sender list

msg_destination

vwMsgFilterEntries

msg_destination

The semi-colon delimited recipient list

msg_subject

vwMsgFilterEntries

msg_subject

The subject of this message

filter_rule_dlp

vwMsgFilterEntries

filter_rule

Rule name for Data Loss Prevention

filter_action

vwMsgFilterEntries

filter_action

The result of action taken. Reference [action_description.xml], which is located in %SMEX_HOME%\web\xml.

Note

%SMEX_HOME% represents the SMEX installation directory. By default, this is C:\Program Files\Trend Micro\Smex\

file_original

vwMsgFilterEntries

file_original

The original filename that triggered the rule

filter_template

vwMsgFilterEntries

filter_reason

The triggered Data Loss Prevention template

The following table selects unscannable message data from view vwMsgFilterEntries.

View [vwUSLogs]

Field Name

From Table

From Field

Description

storage_entry_id

vwMsgFilterEntries

storage_entry_id

Primary key of the table tblStorageEntries

filter_scan_time

vwMsgFilterEntries

filter_scan_time

The scan time

msg_delivery_time

vwMsgFilterEntries

msg_delivery_time

The message delivery time

msg_found_at

vwMsgFilterEntries

msg_found_at

The place where this message is found at

msg_source

vwMsgFilterEntries

msg_source

The semi-colon delimited sender list

msg_destination

vwMsgFilterEntries

msg_destination

The semi-colon delimited recipient list

msg_subject

vwMsgFilterEntries

msg_subject

The subject of this message

filter_rule_us

vwMsgFilterEntries

filter_rule

Unscannable reason

filter_original

vwMsgFilterEntries

filter_original

The original filename that triggered the rule

filter_action

vwMsgFilterEntries

filter_action

The result of action taken. Reference [action_description.xml], which is located in %SMEX_HOME%\ web\xml.

Note

%SMEX_HOME% represents the SMEX installation directory. By default, this is C:\Program Files\Trend Micro\Smex\

filter_id

vwMsgFilterEntries

filter_id

Primary key of the table [tblFilterEntries]

storage_reason

vwMsgFilterEntries

storage_reason

The reason (quarantine, archive, or backup) for this storage entry.

The following table selects storage data from view vwMsgFilterEntries.

View [vwQuarantineLogs]

Field Name	From Table	From Field	Description
storage_entry_id	vwMsgFilterEntries	storage_entry_id	Primary key of the table [tblStorageEntries]
filter_scan_time	vwMsgFilterEntries	filter_scan_time	The scan time
msg_source	vwMsgFilterEntries	msg_source	The semi-colon delimited sender list
msg_destination	vwMsgFilterEntries	msg_destination	The semi-colon delimited recipient list
msg_subject	vwMsgFilterEntries	msg_subject	The subject of this message
filter_rule	vwMsgFilterEntries	filter_rule	The filter rule triggered. Virus/malware name for security risk filter, rule name for content filter, and file type blocked by attachment blocking filter(such as .exe), risk level of a malicious URL for Web Reputation filter
storage_resend_count	vwMsgFilterEntries	storage_resend_count	The count of this entry has been resent
storage_reason	vwMsgFilterEntries	storage_reason	The reason (quarantine, archive, or backup) for this storage entry.

The following table selects data about malicious URL from view vwMsgStorageEntries.

View [vwWTPLogs]

Field Name

From Table

From Field

Description

filter_scan_time

vwMsgFilterEntries

filter_scan_time

The scan time

msg_delivery_time

vwMsgFilterEntries

msg_delivery_time

The message delivery time

msg_source

vwMsgFilterEntries

msg_source

The semi-colon delimited sender list

msg_destination

vwMsgFilterEntries

msg_destination

The semi-colon delimited recipient list

msg_subject

vwMsgFilterEntries

msg_subject

The subject of this message

filter_rule_uf

vwMsgFilterEntries

filter_rule_uf

Risk level of a malicious URL for Web Reputation filter

Suspicious_url

vwMsgFilterEntries

filter_reason

Suspicious URL

filter_action

The result of action taken. Reference [action_description.xml], which is located in %SMEX_HOME%\ web\xml.

Note

%SMEX_HOME% represents the SMEX installation directory. By default, this is C:\Program Files\Trend Micro\Smex\

filter_id

vwMsgFilterEntries

filter_id

Primary key of the table [tblFilterEntries]

storage_entry_id

vwMsgFilterEntries

storage_entry_id

Primary key of the table [tblStorageEntries]

url_category

tblFilterEntries

url_category

The category of the detected URL

Example 1: Query information about the virus log, content filtering log, or attachment blocking log from tables ‘vwAVLogs’,‘vwCFLogs’, ‘vwABLogs’ between 12/12/2008 09:00:00’ AND ‘12/18/2008 09:00:00’

SELECT msg_source,msg_destination,filter_rule_av
FROM vwAVLogs
WHERE filter_scan_time 
BETWEEN ‘2008-12-12 09:00:00’ AND ‘2008-12-19 09:00:00’
ORDER BY filter_scan_time;

SELECT *
FROM vwCFLogs
WHERE filter_scan_time 
BETWEEN ‘2008-12-12 09:00:00’ AND ‘2008-12-19 09:00:00’
ORDER BY filter_scan_time;

SELECT *
FROM vwABLogs
WHERE filter_scan_time 
BETWEEN ‘2008-12-12 09:00:00’ AND ‘2008-12-19 09:00:00’
ORDER BY filter_scan_time;

Example 2: Get Storage Log

SELECT * 
FROM vwMsgStorageEntries 
WHERE filter_scan_time 
BETWEEN  ‘2008-12-12 09:00:00’ AND ‘2008-12-19 09:00:00’
ORDER BY filter_scan_time;

$('#title').html($('meta[name=description]').attr('content'));