In the body of CEF messages for classes of Quarantine group events, you can use keys in accordance with their semantics (see the table below).
Permissible values of the fields for classes of Quarantine group events
Key |
Value |
|---|---|
cs1 |
Message ID. |
cs1Label |
Its value is always |
cs2 |
List of rules separated with commas. |
cs2Label |
Its value is always |
cs3 |
Account under which the action was performed on the message. |
cs3Label |
Its value is always |
src |
IP address from which the message was received. |
duser |
List of message recipients. The addresses are taken from the SMTP session. |
suser |
Mail sender. The address is taken from the SMTP session. |
act |
Action performed on the message ( |
Each class of Quarantine group events can contain only keys that are relevant to it (see the table below).
Relevant keys for classes of Quarantine group events
Event class |
Relevant keys |
|---|---|
LMS_EV_ASP_QUARANTINE |
cs1, cs1Label, src, suser, cs3, cs3Label, act |
LMS_EV_KATA_QUARANTINE |
cs1, cs1Label, cs2, cs2Label, scr, suser, duser, act, cs3, cs3Label |