Home
EN
Location
Documentation Home
Palo Alto Networks
Support
Live Community
Knowledge Base
>
Clear
Audit Log Fields
Updated on
Thu Sep 19 20:02:43 UTC 2024
Focus
Download PDF
Updated on
Thu Sep 19 20:02:43 UTC 2024
Focus
Home
PAN-OS
Monitoring
Use Syslog for Monitoring
Syslog Field Descriptions
Audit Log Fields
Download PDF
Audit Log Fields
Table of Contents
Filter
Expand All
|
Collapse All
Next-Generation Firewall Docs
Getting Started
Administration
Version
Cloud Management of NGFWs
PAN-OS 10.0 (EoL)
PAN-OS 10.1
PAN-OS 10.2
PAN-OS 11.0
PAN-OS 11.1 & Later
PAN-OS 9.1 (EoL)
Networking
Version
PAN-OS 10.1
PAN-OS 10.2
PAN-OS 11.0
PAN-OS 11.1 & Later
AIOps
Incidents & Alerts
Release Notes
Version
Cloud Management and AIOps for NGFW
PAN-OS 10.0 (EoL)
PAN-OS 10.1
PAN-OS 10.2
PAN-OS 11.0
PAN-OS 11.1
PAN-OS 11.2
PAN-OS 8.1 (EoL)
PAN-OS 9.0 (EoL)
PAN-OS 9.1 (EoL)
Previous
GTP Log Fields
Next
Syslog Severity
Audit Log Fields
Details about the fields in the Next-Gen firewall Audit logs.
Where Can I Use This?
What Do I Need?
Next-Gen Firewall
Panorama™ management server
Support license
(
Panorama
) Device management license
Format
: Serial Number, Generate Time, Threat/Content Type, FUTURE_USE, Event ID, Object, CLI Command, Severity
Field Name
Description
Serial Number
Serial number of the firewall or Panorama that generated the log.
Generate Time
Time the log was generated on the dataplane.
Threat/Content Type (subtype)
Specifies the type of log; value is AUDIT.
Audit logs are a subytpe of
System logs
.
Event ID
Source of the command that generated the audit log. Values include the following as a source of the command:
cli
—Firewall or Panorama command line.
gui
—Navigation in the firewall or Panorama web interface.
gui-op
—Operational command from the firewall or Panorama web interface.
gnmi
—OpenConfig plugin.
rest
—PAN-OS REST API.
Object
Name of the administrator which executed the command that generated the log.
CLI Command
Command executed that generated the log.
Severity
Completion status for the command that generated the log; value can be none, success, or failure.
Previous
GTP Log Fields
Next
Syslog Severity