Previous Topic

Next Topic

Book Contents

Book Index

Database Tables and Fields

ILA Tables

Log data is stored in database tables with the following structure:

SMTP Table

lg_AI recordID

The record ID

lg_ATRN

The domain name for which the ATRN command is executed

lg_ATRN_res

The result of the ATRN command execution:
"N" not an ATRN session;
"S" there were messages for the domain;
"F" there wasn't any message for the domain;

lg_AUTH

The result of the AUTH command execution:
"N" no authentication took place;
"S" user authenticated successfully;
"F" authentication failed;

lg_AV

Antivirus response if delivered message had infected content.

lg_AccessNotAllowed

"Y" the message was stopped by a black list or a helo filter;
"N" this condition didn't apply;

lg_ClientSession

"Y" the session was a client session;
"N" the session was a server session;

lg_DNSBL

If present, this is the hostname of the DNSBL system that listed the sender's IP address.

lg_Date

The date of the session.

lg_DeletedByFilter

If present, this is the name of the filter which rejected the message.

lg_DomainSenderMustExist

"Y", the message was rejected because the sender domain doesn't exist.

lg_Duration

The duration of the session in seconds.

lg_ETRN

The domain name for which the ETRN command is executed.

lg_Error

"OK" no error occurred;
otherwise can be one of the following values "TARP","ANA","UNK","SDME","SCAN","AV","DNSBL","DBF","WDNR","ERROR".

lg_FromAccount

Sender's alias.

lg_FromDomain

Sender's domain.

lg_FromIP

The IP address of the remote system.

lg_Helo

If present, this is the HELO value submitted to the server.

lg_Incomplete

"Y" the session wasn't completed;
"N" the session was completed correctly.

lg_Log

Raw session data, compressed with the ZLib algorithm.

lg_LogRows

Raw session data line count.

lg_MessageID

The Message ID, if any message has been accepted.

lg_Relay

"N" the message was not to be relayed or relaying was denied;
"Y" the message was correctly relayed.

lg_Scan

"PROT" the remote system only asked for server capabilities and disconnected.
"PORT" no actual session took place, the remote system merely connected and disconnected.
"N" the session had a normal behavior.

lg_Server

The Server ID.

lg_Size

The size of the mail in bytes.

lg_TLS

The response to a TLS command:
"N" no TLS was requested;
"S" the TLS command completed successfully;
"N" the TLS command reported an error.

lg_TS

The time-stamp of log processed by ILA

lg_Tarpitting

"Y" the remote IP address was rejected by the Tarpitting system;
"N" Tarpitting was not triggered or was not active.

lg_ThreadID

The Thread ID of the connection.

lg_Time

The time the connection started at.

lg_ToAccount

Recipient's alias.

lg_ToDomain

Recipient's domain.

lg_UserUnknown

"Y" destination address doesn't exist on the server;
"N" the destination address was accepted by the server.


POP3 Table

pop_AI

The record ID.

pop_Server

The Server ID.

pop_ThreadID

The Thread ID of the connection.

pop_FromIP

The IP address of the remote system.

pop_Date

The date of the session.

pop_Time

The time the connection started at.

pop_Duration

The duration of the session in seconds.

pop_RETR_Count

Number of messages retrieved from the server.

pop_RETR_Size

Total size of messages retrieved from the server.

pop_DELE_Count

Number of messages deleted.

pop_AUTH

The result of the AUTH command execution:
"N" the command was not submitted;
"S" authentication successful;
"F" authentication failed.

pop_Account

Mailbox username.

pop_Password

Mailbox password.

pop_Log

Raw session data, compressed with ZLib algorithm.

pop_LogRows

Raw session data line count.

pop_MsgSize

The size of messages contained in the mailbox.

pop_MsgCount

The number of messages contained in the mailbox.

pop_Error

The error, in case of failure.

pop_ClientSession

"Y" a client session (remote account);
"N" a normal POP3 session;

Antispam Table

as_AI

The record ID

as_Server

The server ID.

as_ThreadID

The Thread ID of the connection.

as_FromIP

The IP address of the remote system.

as_FromAccount

Sender's alias.

as_FromDomain

Sender's domain.

as_Date

The date of the session.

as_Time

The time the session started at.

as_MessageID

The Message ID.

as_Log

Raw session data, compressed with ZLib algorithm.

as_LogRows

Raw session data line count.

as_ToAccount

Recipient's alias.

as_ToDomain

Recipient's domain.

as_Score

The overall spam score.

as_Action

The action performed by the server.

as_RSBody

A bitmask of the following values:
Parts = 0x0001
External = 0x0002
NoText = 0x0004
Script = 0x0008
Differ = 0x0010
NoBodyNoSubject = 0x0020
Filters = 0x0040

as_RSByPass

A bitmask of the following values:
License = 0x0001
WhiteList = 0x0002
Trusted = 0x0004
Outgoing = 0x0008
Size = 0x0010
Bypass = 0x0020
NoUser = 0x0040
Mode = 0x0080

as_RSCharset

A bitmask of the following values:
CharsetFilter = 0x0001
CharsetMissing = 0x0002

as_RSBayes

Bayesian filter score.

as_RSSpamAssassin

SpamAssassin score.

as_RSBW

"Y" black & white list has been applied;
"N" no black & white list was involved;

as_RSContentFilter

"Y" a content filter has been applied;
"N" no content filter was involved;

as_RSStaticFilter

"Y" a static filter has affected the action;
"N" none static filter was involved;

as_RSChallengeResponse

"Y" challenge/response has been applied;
"N" no challenge/response was involved;


Antivirus Table

av_AI

The record ID.

av_Server

The server ID.

av_ThreadID

The Thread ID of the connection.

av_FromIP

The IP address of the remote system.

av_FromAccount

Sender's alias.

av_FromDomain

Sender's domain.

av_Date

The date of the session.

av_Time

The time the session started at.

av_MessageID

The Message ID.

av_Log

Raw session data, compressed with ZLib algorithm.

av_LogRows

Raw session data line count.

av_ToAccount

Recipient's alias.

av_ToDomain

Recipient's name.

av_Virusname

The name of the virus found.

av_Filename

The name of the file containing the virus.