Cortex Data Lake Schema Reference
  • Cortex Data Lake Schema Reference
  • Strata Logging Service Documentation
  • All Documentation
>
Configuration LEEF Fields
Focus
Download PDF
Focus
  1. Home
  2. Strata Logging Service
  3. Cortex Data Lake Schema Reference
  4. Common Logs
  5. Configuration
  6. Configuration LEEF Fields
Download PDF
Strata Logging Service

Configuration LEEF Fields

Table of Contents

Configuration LEEF Fields

Example Configuration log in LEEF: 
Sep 21 02:01:01 gke-standard-cluster-2-pool-3-f004381a-0gw6 732 <14>1 2021-09-21T02:01:01.316Z stream-logfwd20-d324e775--09201841-lxtx-harness-0cc4 logforwarder - panwlogs - LEEF:2.0|Palo Alto Networks|Next Generation Firewall|10.1|general|	|profileToken=Palotoken devTimeFormat=YYYY-MM-DDTHH:MM:SSZ
The following table identifies the Configuration field names that the Log Forwarding app uses when you forward logs using the LEEF log format.
When you create a syslog forwarding profile , you can optionally create a profile token that the Log Forwarding app uses when it sends logs to the syslog server. If you configure a profile token, it appears in the log line immediately after the log type information (for example, TRAFFIC, THREAT, HIPMATCH, and so forth). The token will appear on a parameter called profileToken.
LEEF Name
Query Name
Field Type
AdminUsername
admin_user
Custom
AdminUserDomain
admin_user_info.​domain
Custom
AdminUserName
admin_user_info.​name
Custom
AdminUserUUID
admin_user_info.​uuid
Custom
Client
client.​value
Custom
ConfigVersion
config_version.​value
Custom
TenantID
customer_id
Custom
DeviceGroup
device_group.​value
Custom
DGHierarchyLevel1
dg_hier_level_1
Custom
DGHierarchyLevel2
dg_hier_level_2
Custom
DGHierarchyLevel3
dg_hier_level_3
Custom
DGHierarchyLevel4
dg_hier_level_4
Custom
IPaddress
event_client_ip.​value
Custom
EventDescription
event_description
Custom
EventDetails
event_detail
Custom
EventID
event_name.​value
Header
EventPath
event_path
Custom
EventID
event_result.​value
Header
devTime
event_time
Predefined
IsDuplicateLog
is_dup_log
Custom
LogExported
is_exported
Custom
IsPrismaNetwork
is_prisma_branch
Custom
IsPrismaUsers
is_prisma_mobile
Custom
LogCategory
log_category.​value
Custom
LogSource
log_source
Custom
LogSourceGroupID
log_source_group_id
Custom
LogSourceID
log_source_id
Custom
LogSourceName
log_source_name
Custom
LogSourceTimeZoneOffset
log_source_tz_offset
Custom
LogTime
log_time
Custom
cat
log_type.​value
Predefined
PanoramaSN
panorama_serial
Custom
PlatformType
platform_type
Custom
SequenceNo
sequence_no
Custom
Severity
severity
Custom
SubType
sub_type.​value
Custom
Template
template.​value
Custom
TimeGeneratedHighResolution
time_generated_high_res
Custom
Vendor
vendor_name
Header
VendorSeverity
vendor_severity.​value
Custom
VirtualLocation
vsys
Custom
VirtualSystemID
vsys_id
Custom
VirtualSystemName
vsys_name
Custom

Technical Documentation

Company

Legal Notices

© 2025 Palo Alto Networks, Inc. All rights reserved.