Strata Logging Service
Audit CEF Fields
Table of Contents
Expand All
|
Collapse All
Strata Logging Service Docs
-
-
- Forward Logs to a Syslog Server
- Forward Logs to an HTTPS Server
- Forward Logs to an Email Server
- Forward Logs to Amazon Security Lake
- Forward Logs to AWS S3 Bucket
- Forward Logs to Snowflake
- Create Log Filters
- Server Certificate Validation
- List of Trusted Certificates for Syslog and HTTPS Forwarding
- Log Forwarding Errors
- Forward Logs With Log Replay
Audit CEF Fields
The following table identifies the Audit field names that the Log Forwarding app
uses when you forward logs using the CEF log format.
|
CEF Name
|
Field Details
|
|---|---|
|
PanOSEventCategory
|
Query Name: event_category
Header Type: Custom
|
|
PanOSEventDescription
|
Query Name: event_description
Header Type: Custom
|
|
PanOSEventDestinationURL
|
Query Name: event_dest_url
Header Type: Custom
|
|
PanOSEventDestinationUserUserID
|
Query Name: event_dest_user.user_id
Header Type: Custom
Label: PanOSEventDestinationUserUserID
Label Text: PanOSEventDestinationUserUserID
|
|
PanOSDestinationVendor
|
Query Name: event_dest_vendor
Header Type: Custom
|
|
PanOSEventDetails
|
Query Name: event_detail
Header Type: Custom
|
|
PanOSEventID
|
Query Name: event_id
Header Type: Custom
|
|
PanOSEventName
|
Query Name: event_name
Header Type: Custom
|
|
PanOSEventResult
|
Query Name: event_result
Header Type: Custom
|
|
PanOSEventSourceUserUserID
|
Query Name: event_source_user.user_id
Header Type: Custom
Label: PanOSEventSourceUserUserID
Label Text: PanOSEventSourceUserUserID
|
|
PanOSEventTime
|
Query Name: event_time
Header Type: Custom
|
|
PANOSLogSource
|
Query Name: log_source
Header Type: Custom
|
|
PanOSLogSourceGroupID
|
Query Name: log_source_group_id
Header Type: Custom
Max Length: 255
|
|
deviceExternalID
|
Query Name: log_source_id
Header Type: Predefined
|
|
dvchost
|
Query Name: log_source_name
Header Type: Predefined
|
|
rt
|
Query Name: log_time
Header Type: Predefined
|
|
Device Event Class ID
|
Query Name: log_type.value
Header Type: Custom
|
|
PlatformType
|
Query Name: platform_type
Header Type: Custom
|
|
Name
|
Query Name: sub_type.value
Header Type: Custom
|
|
PanOSTSGID
|
Query Name: tsg_id
Header Type: Custom
Label: PanOSTSGID
Label Text: PanOSTSGID
|
|
Device Vendor
|
Query Name: vendor_name
Header Type: Custom
|
|
PanOSVendorSeverity
|
Query Name: vendor_severity.value
Header Type: Custom
|