Audit CEF Fields
Focus
Focus
Strata Logging Service

Audit CEF Fields

Table of Contents

Audit CEF Fields

The following table identifies the Audit field names that the Log Forwarding app uses when you forward logs using the CEF log format.
CEF Name
Field Details
PanOSEventCategory
Query Name: event_category
Header Type: Custom
PanOSEventDescription
Query Name: event_description
Header Type: Custom
PanOSEventDestinationURL
Query Name: event_dest_url
Header Type: Custom
PanOSEventDestinationUserUserID
Header Type: Custom
Label: PanOSEventDestinationUserUserID
Label Text: PanOSEventDestinationUserUserID
PanOSDestinationVendor
Query Name: event_dest_vendor
Header Type: Custom
PanOSEventDetails
Query Name: event_detail
Header Type: Custom
PanOSEventID
Query Name: event_id
Header Type: Custom
PanOSEventName
Query Name: event_name
Header Type: Custom
PanOSEventResult
Query Name: event_result
Header Type: Custom
PanOSEventSourceUserUserID
Header Type: Custom
Label: PanOSEventSourceUserUserID
Label Text: PanOSEventSourceUserUserID
PanOSEventTime
Query Name: event_time
Header Type: Custom
PANOSLogSource
Query Name: log_source
Header Type: Custom
PanOSLogSourceGroupID
Header Type: Custom
Max Length: 255
deviceExternalID
Query Name: log_source_id
Header Type: Predefined
dvchost
Query Name: log_source_name
Header Type: Predefined
rt
Query Name: log_time
Header Type: Predefined
Device Event Class ID
Query Name: log_type.​value
Header Type: Custom
PlatformType
Query Name: platform_type
Header Type: Custom
Name
Query Name: sub_type.​value
Header Type: Custom
PanOSTSGID
Query Name: tsg_id
Header Type: Custom
Label: PanOSTSGID
Label Text: PanOSTSGID
Device Vendor
Query Name: vendor_name
Header Type: Custom
PanOSVendorSeverity
Header Type: Custom