CEF: Time-of-Click Protection Logs
| CEF Key | Description | Value  | 
| Header (timestamp) | Local time in the format: "Mmm dd
                                 hh:mm:ss" | Example: Dec 5 05:26:45 | 
| Header (host) | Hostname without the domain information | Example: internalAP1 | 
| Header (logVer) | CEF format version | CEF: 0 | 
| Header (vendor) | Appliance vendor | Trend Micro | 
| Header (pname) | Appliance product | Deep Discovery Email
                                    Inspector | 
| Header (pver) | Appliance version | Example: 5.1.0.1110 | 
| Header (eventid) | Signature ID | 100139 | 
| Header (eventName) | Description | CTP_DETECTION | 
| Header (severity) | Email severity | 
 | 
| deviceExternalId | Appliance GUID | Example: 6B593E17AFB7-40FBBB28-A4CE-0462-A536 | 
| dvc | Appliance IP address | Example: 10.1.144.199 | 
| dvchost | Appliance host name | Example: localhost | 
| dvcmac | Appliance MAC address | Example: 00:0C:29:6E:CB:F9 | 
| rt | Log generation time | Example: Mar 09 2015 17:05:21 GMT+00:00 | 
| request | URL | Example: http://www.rainking.net/?utm_campaign=4-21-2014
                                 |http://images.rainking.net/eloquaimage | 
| act | The action in the event | Examples: 
 | 
| msg | Email subject | Example: hello | 
| cs1 | Names of threats in the email | Example: <20150414032514.494EF1E9A365@internalbeta.bcc.ddei> | 
| cs1Label | Names of threats in the email | messageId | 
| cs2 | Sender email address | Example: user1@domain.com | 
| cs2Label | Label for sender email address | senderMail | 
| cs3 | Recipient email address | Example: user2@domain.com | 
| cs3Label | Label for recipient email address | rcptMail | 
| cs4 | The time of URL click | Example: Mar 09 2015 17:05:21 GMT+00:00 | 
| cs4Label | Label for time of URL click | timeOfClick  | 
| suser | Email sender | Example: user2@domain.com | 
| duser | Email recipients | Example: user1@domain2.com;test@163.com | 
Log sample:
Dec 16 06:32:36 ddei-172 CEF:0|Trend Micro|Deep Discovery Email Inspector|5.1.0.1110|100139|CTP_DETECTION|8|rt=Dec 16 2020 06:30:08 GMT+00:00 cs2Label=senderMail cs2=tarek@ test.com request=http://g9yxzah7yu23n.com suser=tarek@tes t.com dvchost=ddei-172 dvc=10.204.63.172 deviceExternalId =2bcbcc98-3f99-40e3-864f-e5f102511631 duser=ddei_test1@de mo.com msg=syslog - ctp cs3Label=rcptMail cs3=ddei_test1@ demo.com cs1Label=messageId cs1=2020121613571222594383@te st.com act=blocked dvcmac=00:50:56:A7:D9:FD cs4Label=time OfClick cs4=Dec 16 2020 06:30:36 GMT+00:00
 
		