CEF Message Tracking Logs
| CEF Key | Description | Value  | 
| Header (logVer) | CEF format version | CEF: 0 | 
| Header (vendor) | Appliance vendor | Trend Micro | 
| Header (pname) | Appliance product | Deep Discovery Director | 
| Header (pver) | Appliance version | Example: 5.3.0.1212 | 
| Header (eventid) | Signature ID | 100136 | 
| Header (eventName) | Description | MESSAGE_TRACKING | 
| Header (severity) | Email severity | 
 | 
| dvc | Appliance IP address | Example: 10.1.144.199 | 
| dvcmac | Appliance MAC address | Example: 00:0C:29:6E:CB:F9 | 
| dvchost | Appliance host name | Example: localhost | 
| deviceExternalId | Appliance GUID | Example: 6B593E17AFB7-40FBBB28-A4CE-0462-A536 | 
| rt | Log generation time Format: Unix time stamp (number of milliseconds since Jan
                                 01 1970 UTC) | Example: 1593761104000 | 
| cs1Label | Label for Email ID | messageId | 
| cs1 | Email ID | Example:
                                 <20150414032514.494EF1E9A365@internalbeta.bcc.ddei> | 
| cs2Label | Internal email ID | msgUuid | 
| cs2 | Internal email ID | Example: 6965222B-13A6-C705-89D4-6251B6C41E03 | 
| suser | Email sender | Example: user2@domain.com | 
| duser | Email recipients | Example: user1@domain2.com;test@163.com | 
| msg | Email subject | Example: hello | 
| reason | Reason for block action | Example: Timeout period expired | 
| cs3Label | Latest status | latestStatus | 
| cs3 | Details | 
 | 
| src | Source IP address | Example: 10.1.144.199 | 
| cs4Label | Label for sender email address | senderMail | 
| cs4 | Sender email address | Example: user1@domain.com | 
| cs5Label | Label for recipient email address | rcptMail | 
| cs5 | Recipient email address | Example: user2@domain.com | 
| deviceTranslatedAddress | Relay MTA IP address | Example: 204.92.31.146 | 
| cs6Label | Label for process history | procHistory | 
| cs6 | Process history | Example: Action taken by the device. The format: "timestamp1
                                 act1,timestamp2 act2,…, timestampn actn" | 
Log sample:
May 15 16:00:47 localhost CEF:0|Trend Micro|Deep Discovery Dir ector|5.3.0.1212|100136|MESSAGE_TRACKING|2|rt=1593761104000 cs 3Label=latestStatus cs3=Delivery unsuccessful dvchost=localhos t.localdomain deviceExternalId=9ceb7be2-3ec5-4b80-8697-6b4913e b044b dvc=10.204.63.177 duser=test@test.com dvcmac=00:50:56:A7 :5F:AD reason=host 10.204.253.179[10.204.253.179] said: 552 te st@test.com mailbox full (in reply to end of DATA command) cs1 Label=messageId cs1=20180427025553.4D771D6135F@localhost.local domain cs4Label=senderMail cs4=marks@relay.ddei.com suser=fake @test.test msg=plain_text_upper_case.HTML/HTM cs2Label=msgUuid cs2=EB715918-6ACB-A405-BF46-56F53CE3FD86 cs6Label=procHistory cs6=Apr 27 2018 02:55:53 GMT+00:00 Received,Apr 27 2018 02:55: 53 GMT+00:00 Sent for analysis,Apr 27 2018 02:56:48 GMT+00:00 Action set to 'pass',Apr 27 2018 02:56:48 GMT+00:00 Delivery u nsuccessful,Reason:host 10.204.253.179[10.204.253.179] said: 5 52 test@test.com mailbox full (in reply to end of DATA command )
 
		