Strata Logging Service
Configuration CEF Fields
Table of Contents
Expand All
|
Collapse All
Configuration CEF Fields
Example Configuration log in CEF:
Mar 1 20:35:56 xxx.xx.x.xx 928 <14>1 2021-03-01T20:35:56.500Z stream-logfwd20-587718190-02280003-lvod-harness-mjdh logforwarder - panwlogs - CEF:0|Palo Alto Networks|LF|2.0|CONFIG|config|3|ProfileToken=xxxxx dtz=UTC rt=Mar 01 2021 20:35:54 deviceExternalId=xxxxxxxxxxxxx PanOSEventTime=Jul 25 2019 23:30:12 duser= dntdom= duid= PanOSEventDetails= PanOSIsDuplicateLog=false PanOSIsPrismaNetwork=false PanOSIsPrismaUsers=false cat=xxxxx PanOSLogExported=false PanOSLogSource=firewall PanOSLogSourceTimeZoneOffset= PanOSSeverity= PanOSTenantID=xxxxxxxxxxxxx PanOSVirtualSystemID=0 src=xxx.xx.x.xx cs3= cs3Label=VirtualLocation act=commit-all duser0=Panorama-admin destinationServiceName= PanOSEventResult=submitted msg= externalId=xxxxxxxxxxxxx PanOSDGHierarchyLevel1=0 PanOSDGHierarchyLevel2=0 PanOSDGHierarchyLevel3=0 PanOSDGHierarchyLevel4=0 PanOSVirtualSystemName=<{xwo X dvchost=PA-VM PanOSEventDescription=\r_IYr0r PanOSTimeGeneratedHighResolution=Jul 25 2019 23:30:12
The following table identifies the Configuration field names that the Log Forwarding app
uses when you forward logs using the CEF log format.
|
CEF Name
|
Field Details
|
|---|---|
|
duser
|
Query Name: admin_user
Header Type: Predefined
Max Length: 1023
|
|
dntdom
|
Query Name: admin_user_info.domain
Header Type: Predefined
Max Length: 1023
|
|
duser
|
Query Name: admin_user_info.name
Header Type: Predefined
Max Length: 1023
|
|
duid
|
Query Name: admin_user_info.uuid
Header Type: Predefined
Max Length: 1023
|
|
destinationServiceName
|
Query Name: client.value
Header Type: Predefined
Max Length: 1023
|
|
PanOSConfigVersion
|
Query Name: config_version.value
Header Type: Custom
|
|
PanOSTenantID
|
Query Name: customer_id
Header Type: Custom
|
|
PanOSDeviceGroup
|
Query Name: device_group.value
Header Type: Custom
|
|
PanOSDGHierarchyLevel1
|
Query Name: dg_hier_level_1
Header Type: Custom
|
|
PanOSDGHierarchyLevel2
|
Query Name: dg_hier_level_2
Header Type: Custom
|
|
PanOSDGHierarchyLevel3
|
Query Name: dg_hier_level_3
Header Type: Custom
|
|
PanOSDGHierarchyLevel4
|
Query Name: dg_hier_level_4
Header Type: Custom
|
|
src or c6a2 or shost
|
Query Name: event_client_ip.value
Header Type: Predefined
Label: || c6a2Label ||
Label Text: || Source IPv6 Address ||
|
|
PanOSEventDescription
|
Query Name: event_description
Header Type: Custom
|
|
PanOSEventDetails
|
Query Name: event_detail
Header Type: Custom
|
|
act
|
Query Name: event_name.value
Header Type: Predefined
Max Length: 63
|
|
msg
|
Query Name: event_path
Header Type: Predefined
Max Length: 1023
|
|
PanOSEventResult
|
Query Name: event_result.value
Header Type: Custom
|
|
PanOSEventTime
|
Query Name: event_time
Header Type: Custom
|
|
PanOSIsDuplicateLog
|
Query Name: is_dup_log
Header Type: Custom
|
|
PanOSLogExported
|
Query Name: is_exported
Header Type: Custom
|
|
PanOSIsPrismaNetwork
|
Query Name: is_prisma_branch
Header Type: Custom
|
|
PanOSIsPrismaUsers
|
Query Name: is_prisma_mobile
Header Type: Custom
|
|
cat
|
Query Name: log_category.value
Header Type: Predefined
Max Length: 1023
|
|
PanOSLogSource
|
Query Name: log_source
Header Type: Custom
|
|
LogSourceGroupID
|
Query Name: log_source_group_id
Header Type: Custom
Max Length: 255
|
|
deviceExternalId
|
Query Name: log_source_id
Header Type: Predefined
Max Length: 255
|
|
dvchost
|
Query Name: log_source_name
Header Type: Predefined
Max Length: 100
|
|
PanOSLogSourceTimeZoneOffset
|
Query Name: log_source_tz_offset
Header Type: Custom
|
|
rt
|
Query Name: log_time
Header Type: Predefined
|
|
Device Event Class ID
|
Query Name: log_type.value
Header Type: Custom
|
|
PanOSPanoramaSN
|
Query Name: panorama_serial
Header Type: Custom
|
|
PlatformType
|
Query Name: platform_type
Header Type: Custom
|
|
externalId
|
Query Name: sequence_no
Header Type: Predefined
Max Length: 40
|
|
PanOSSeverity
|
Query Name: severity
Header Type: Custom
|
|
Name
|
Query Name: sub_type.value
Header Type: Custom
|
|
PanOSTemplate
|
Query Name: template.value
Header Type: Custom
|
|
PanOSTimeGeneratedHighResolution
|
Query Name: time_generated_high_res
Header Type: Custom
|
|
Device Vendor
|
Query Name: vendor_name
Header Type: Custom
|
|
PanOSVendorSeverity
|
Query Name: vendor_severity.value
Header Type: Custom
|
|
cs3
|
Query Name: vsys
Header Type: Predefined
Label: cs3Label
Label Text: VirtualLocation
Max Length: 4000
|
|
PanOSVirtualSystemID
|
Query Name: vsys_id
Header Type: Custom
|
|
PanOSVirtualSystemName
|
Query Name: vsys_name
Header Type: Custom
|