LEEF: Time-of-Click Protection Logs
| LEEF Key | Description | Value  | 
| Header (timestamp) | Local time in the format: "Mmm dd
                                 hh:mm:ss" | Example: Dec 5 05:26:45 | 
| Header (host) | Hostname without the domain information | Example: internalAP1 | 
| Header (logVer) | LEEF format version | LEEF: 1.0 | 
| Header (vendor) | Appliance vendor | Trend Micro | 
| Header (pname) | Appliance product | Deep Discovery Email
                                    Inspector | 
| Header (pver) | Appliance version | Example: 5.1.0.1110 | 
| Header (eventName) | Description | CTP_DETECTION | 
| Header (severity) | Email severity | 
 | 
| deviceGUID | Appliance GUID | Example: 6B593E17AFB7-40FBBB28-A4CE-0462-A536 | 
| dvc | Appliance IP address | Example: 10.1.144.199 | 
| dvchost | Appliance host name | Example: localhost | 
| dvcmac | Appliance MAC address | Example: 00:0C:29:6E:CB:F9 | 
| devTime | Log generation time | Example: Jan 28 2015 02:00:36 GMT+00:00 | 
| devTimeFormat | Time format | MMM dd yyyy HH:mm:ss z | 
| url | URL | Example: http://1.2.3.4/query?term=value | 
| act | The action in the event | Examples: 
 | 
| mailMsgSubject | Email subject | Example: hello | 
| messageId | Email ID | Example:
                                 <20150414032514.494EF1E9A365@internalbeta.bcc.ddei> | 
| senderMail | Sender email address | Example: user1@domain.com | 
| rcptMail | Recipient email address | Example: user2@domain.com | 
| timeOfClick  | The time of URL click | Example: Mar 09 2015 17:05:21 GMT+00:00 | 
| suser | Email sender | Example: user2@domain.com | 
| duser | Email recipients | Example: user1@domain2.com;test@163.com | 
Log sample:
Dec 16 06:38:57 ddei-172 LEEF:1.0|Trend Micro|Deep Discovery Email Inspector|5.1.0.1110|CTP_DETECTION|deviceGUID=2bcbcc9 8-3f99-40e3-864f-e5f102511631<009>mailMsgSubject=syslog - ct p<009>url=http://g9yxzah7yu23n.com<009>dvchost=ddei-172<009> messageId=2020121613571222594383@test.com<009>senderMail=tar ek@test.com<009>dvc=10.204.63.172<009>act=blocked<009>duser= ddei_test1@demo.com<009>rcptMail=ddei_test1@demo.com<009>dev Time=Dec 16 2020 06:30:08 GMT+00:00<009>timeOfClick=Dec 16 2 020 06:36:56 GMT+00:00<009>dvcmac=00:50:56:A7:D9:FD<009>devT imeFormat=MMM dd yyyy HH:mm:ss z<009>suser=tarek@test.com
 
		