-
Notifications
You must be signed in to change notification settings - Fork 375
/
test-antispam.log-expected.json
88 lines (88 loc) · 2.96 KB
/
test-antispam.log-expected.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
{
"expected": [
{
"@timestamp": "2023-01-30T16:09:16.825Z",
"destination": {
"ip": "10.50.2.225"
},
"ecs": {
"version": "8.11.0"
},
"email": {
"from": {
"address": [
"user1@example.com"
]
},
"subject": "Test1516",
"to": {
"address": [
"user2@example.com"
]
}
},
"event": {
"code": "0300003065",
"kind": "event",
"original": "<190>date=2023-01-30,time=16:09:16.825,device_id=FEVM02TM23000064,log_id=0300003065,type=spam,subtype=default,pri=information,session_id=\"q6OL7fsQ018870-q6OL7fsR018870\",client_name=\"\",client_ip=\"192.168.100.1\",dst_ip=\"10.50.2.225\",from=\"user1@example.com\",to=\"user2@example.com\",subject=\"Test1516\",msg=\"mailfilterd: Starting\""
},
"fortinet_fortimail": {
"log": {
"client": {
"ip": "192.168.100.1"
},
"date": "2023-01-30",
"destination_ip": "10.50.2.225",
"device_id": "FEVM02TM23000064",
"from": "user1@example.com",
"id": "0300003065",
"message": "mailfilterd: Starting",
"priority": "information",
"priority_number": 190,
"session_id": "q6OL7fsQ018870-q6OL7fsR018870",
"sub_type": "default",
"subject": "Test1516",
"time": "16:09:16.825",
"to": "user2@example.com",
"type": "spam"
}
},
"log": {
"level": "information",
"syslog": {
"facility": {
"code": 23
},
"priority": 190,
"severity": {
"code": 6
}
}
},
"message": "mailfilterd: Starting",
"observer": {
"product": "FortiMail",
"serial_number": "FEVM02TM23000064",
"type": "firewall",
"vendor": "Fortinet"
},
"related": {
"ip": [
"192.168.100.1",
"10.50.2.225"
],
"user": [
"user1@example.com",
"user2@example.com"
]
},
"source": {
"ip": "192.168.100.1"
},
"tags": [
"preserve_original_event",
"preserve_duplicate_custom_fields"
]
}
]
}