Log Types: SMTPSvcLog (MailLog)
Overview
The Microsoft SMTP Service is a loadable component of Windows Server systems.
Collection
The SMTP service generates text-based logs, which can be collected using the Epilog agent for Windows. Events from the SMTP Service will be included in the “MailLog” table, but will be tagged with SMTPSvc in the “SOURCE” field.
Sample Events
cbisa.myorg.net SMTPSvcLog 3 2005-11-01 12:58:32 10.226.2.67 OutboundConnectionCommand SMTPSVC1 CAL068 - 25 QUIT - - 0 0 4 0 94 SMTP - - - -cbisa.myorg.net SMTPSvcLog 3 2005-11-01 12:58:32 10.226.2.67 OutboundConnectionCommand SMTPSVC1 CAL068 - 25 RCPT - +TO:email@example.com 0 0 4 0 94 SMTP - - - -cbisa.myorg.net SMTPSvcLog 3 2005-11-01 12:58:32 10.226.2.67 OutboundConnectionCommand SMTPSVC1 CAL068 - 25 MAIL - FROM:email@example.com 0 0 4 0 94 SMTP - - - -cbisa.myorg.net SMTPSvcLog 3 2005-11-01 12:58:32 10.226.2.67 OutboundConnectionCommand SMTPSVC1 CAL068 - 25 DATA - email@example.com 0 0 4 0 94 SMTP - - - -cbisa.myorg.net SMTPSvcLog 3 2005-11-01 12:58:32 - - SMTPSVC1 - - 25 - - <email@example.com> 0 0 4 0 94 SMTP - - - -cbisa.myorg.net SMTPSvcLog 3 2005-11-01 12:58:32 - - SMTPSVC1 - - 25 - - <email@example.com> 0 0 0 4 94 SMTP - - - -
Fields
Field | Description |
|---|---|
DATE | Event date, in the format YYYY-MM-DD |
TIME | Event time, in the format HH:MM:SS |
SYSTEM | The source system |
TABLE | MailLog |
SOURCE | SMTPSvc |
EVENTID | Event Identifier - eg: QUIT, RCPT, MAIL, DATA |
USER | Username (if provided), or category of message (eg: OutboundConnectionCommmand) |
SOURCEADDR | Source address |
DESTADDR |
|
SOURCESYSTEM | Generally an IP address or domain name of the source system. |
DESTSYSTEM |
|
MESSAGEID |
|
BYTES |
|
STATUS |
|
STRING | Any content in the event that does not fit into one of the existing fields |
Notes
-