Log Database Schema

The following table stores message information such as the sender, recipient, and message subject.

Table [tblMsgEntries]

Field Name	Data Type	Description
msg_entry_id	Auto increment	Primary key
msg_task_id	int	The scan task this message belongs to
msg_protocol	int	The protocol this message is sent with
msg_source	nvarchar(255)	The semi-colon delimited sender list
msg_destination	nvarchar(255)	The semi-colon delimited recipient list
msg_subject	nvarchar(255)	The subject of this message
msg_submit_time	datetime	The message submit time
msg_device_id	text	The device ID of the device that synced the message
msg_device_user	text	The user of the device that synced the message. For example, test.com\user.
msg_os_version	text	The operating system and version of the device that synced the message. For example, Android 4.1.2.

The following table stores scan logs that include two types of information. The first type includes information about detected security risks such as the security risk name and the name of the file that was infected. The second type includes information about the filter that detected the security risk.

Table [tblFilterEntries]

Field Name

Data Type

Description

filter_entry_id

Auto increment

Primary key

msg_entry_id

int

The foreign key for tblMsgEntries

filter_id

smallint

The id of the filter triggered

filter_rule

nvarchar(64)

The filter rule triggered. Virus/malware name for security risk filter, rule name for content filter, file type blocked by attachment blocking filter (such as.exe), risk level of a malicious URL detected by Web Reputation filter

filter_action

int

The result of action taken. Reference [action_description.xml], which is located in %SMMS_HOME%\ web\xml

Note

%SMMS_HOME% represents the ScanMail Mobile installation directory. By default, this is C:\Program Files\Trend Micro\ScanMail Mobile\

filter_scan_time

datetime

The scan time

filter_original

nvarchar(255)

The original file name that triggered the rule

filter_reason

ntext

Detailed information about how the content is being detected for content violation, malicious URL for Web Reputation filter.

sent_to_csm

smallint

(internal use)

The following table stores event log information. For example, information about the start, progress, and completion of manual update.

Table [tblActivityEntries]

Field Name	Data Type	Description
activity_entry_id	Auto increment	Primary key
activity_severity	int	The severity of this activity entry
activity_id	int	The id of this activity entry. Ref [`dbconf_log.xml`]
activity_time	datetime	The date and time that this activity entry began
activity_description	ntext	Activity description
activity_parameter	ntext	To indicate manual/scheduled update component type: pattern/engine/anti-spam rule
activity_duration_mark	smallint	To indicate this activity duration is either begin, end, or instant
sent_to_csm	smallint	(internal use)

The following table stores the configuration replication server list. Perform configuration replication from the Server Management console.

Table [tblCfgReplication]

Field Name	Data Type	Description
cr_session_guid	uniqueidentifier	The session GUID
cr_time	datetime	The start time
cr_server_list	ntext	The server list
cr_selection_list	ntext	The selection list
cr_id	int	(Not in use)

The following table stores the configuration replication status.

Table [tblCfgReplicationStatus]

Field Name	Data Type	Description
crs_id	Auto increment	Primary key
crs_session_guid	uniqueidentifier	The session GUID
crs_start_time	datetime	The start time of configuration replication
crs_end_time	datetime	The end time of configuration replication
crs_server	ntext	The server name which did the configuration replication
crs_status	int	The status of the configuration replication
crs_description	ntext	The description of the configuration replication

Note

For Event Tracking log query, System Center Operations Manager (SCOM) will not get the data directly from ScanMail Mobile, but the same information can be queried from the ScanMail Mobile database.

The following table stores all event tracking logs.

Table [tblAuditLog]

Field Name	Data Type	Description
id	Auto increment	Primary key
ServerName	nvarchar(255)	The virtual server name
UserName	nvarchar(255)	The user name
EventTime	datetime	The current time of Audit Event
IpAddress	nvarchar(255)	The remote host IP address
EventType	smallint	The event type (Three types: log in/out, configuration, operation)
SourceType	smallint	The source type (Three types: Configuration change through the UI(Value:1), Configuration change through Control Manager(Value: 2), Configuration change through Server Management(Value:3))
LogDescription	nvarchar(255)	The description of log

The following table is not used.

Table [tblManagementGroupList]

Field Name	Data Type	Description
mgl_id	Auto increment	Primary key
mgl_group_name	ntext	The group name in the management group list

The following table is not used.

Table [tblManagementServerList]

Field Name	Data Type	Description
msl_id	Auto increment	Primary key
msl_server_name	ntext	The server name in the management group list
msl_group_id	int	The group ID to which the server belongs.

The following table is not used.

Table [tblManagementGroupMemberList]

Field Name	Data Type	Description
mgml_id	Auto increment	Primary key
mgml_group_id	int	The group ID from table [tblManagementGroupList]
mgml_server_id	int	The server ID from table [tblManagementServerList]

The following table stores the time of the last configuration replication.

Table [tblCfgReplicationHistrory]

Field Name	Data Type	Description
crh_id	Auto increment	Primary key
crh_session_guid	uniqueidentifier	The session GUID
crh_time	datetime	The last time of configuration replication

$('#title').html($('meta[name=description]').attr('content'));