Home
Products
Releases
Best Practices
Resources
By Type
EN
Location
Documentation Home
Palo Alto Networks
Support
Live Community
Knowledge Base
Products
Releases
Best Practices
Resources
By Type
Network Security
Cloud-Delivered Security Services
Advanced DNS Security
Advanced WildFire
Advanced Threat Prevention
Advanced URL Filtering
AI Access Security
Enterprise Data Loss Prevention
SaaS Security
IoT Security
Cloud Identity Engine
Cloud NGFW for AWS
Cloud NGFW for Azure
CN-Series
Common Services
License Activation & Subscription Management
Tenant Management
Identity & Access Management
Device Associations
FAQ
GlobalProtect
Next-Generation Firewall
PAN-OS
AIOps for NGFW
Firewalls
SD-WAN
Service Provider
Panorama
Strata Logging Service
Strata Cloud Manager
AI Runtime Security
VM-Series
Secure Access Service Edge
Common Services
License Activation & Subscription Management
Tenant Management
Identity & Access Management
Device Associations
FAQ
FedRAMP
Next-Generation CASB
Prisma Access
Autonomous DEM
Prisma Access Browser
Prisma SD-WAN
ION Devices
Remote Browser Isolation
Strata Cloud Manager
Strata Multitenant Cloud Manager
Cloud-Native Security
Prisma Cloud
Security Operations
Cortex XDR
Cortex XSOAR
Cortex XPANSE
Cortex XSIAM
What's New
What's New Releases
All Release Notes
View All Release Notes
Recently Updated Release Notes
Cloud NGFW for AWS Release Notes
Prisma Access CloudBlade Integration Release Notes (Cloud-Managed) (Prisma Access CloudBlade Cloud Managed )
Prisma SD-WAN CloudBlades Release Notes (Prisma SD-WAN CloudBlades)
Strata Logging Service Release Notes
GlobalProtect™ App Release Notes (6.2)
Strata Cloud Manager Release Notes
PAN-OS Release Notes (PAN-OS 10.1)
Release Notes
AI Runtime Security Release Notes
PAN-OS Release Notes (PAN-OS 10.2)
See All Recently Updated Release Notes
Recently Updated Documentation
WildFire Appliance Administration
Cloud NGFW for AWS Reference
Prisma Access Browser Administration
Cloud NGFW for AWS Administration
Cloud NGFW for Azure
Prisma SD-WAN Administrator’s Guide
Prisma SD-WAN CloudBlades Integration with Prisma Access (CloudBlades Integration with Prisma Access)
Prisma SD-WAN CloudBlade Integrations (CloudBlade Integrations)
Prisma SD-WAN Incidents and Alerts
Prisma SD-WAN Activation and Onboarding
See All Recent Updates
Applications and Threats Content Updates
Best Practices for Migrating to Application-Based Policy
Data Center
Decryption
DoS and Zone
Get Started
Internet Gateway Security Policy
Secure Administrative Access
Security Policy
WildFire
Zero Trust
VIEW ALL
All Release Notes
Blog
Compatibility Matrix
Experts Corner
Infographics
Licensing, Registration, and Activation
OSS Listings
Translated Documents
VIEW ALL
API Documentation
Release Notes
Cortex Data Lake Schema Reference
Cortex Data Lake Schema Reference
Strata Logging Service Documentation
All Documentation
>
Clear
Search
Loading
Clear
Endpoint Logs
Updated on
Fri Apr 04 04:29:06 PDT 2025
Focus
Download PDF
Updated on
Fri Apr 04 04:29:06 PDT 2025
Focus
Home
Strata Logging Service
Cortex Data Lake Schema Reference
Endpoint Logs
Download PDF
Strata Logging Service
Endpoint Logs
Table of Contents
Filter
Expand All
|
Collapse All
Strata Logging Service Docs
Activation & Onboarding
Strata Logging Service License
Strata Logging Service Deployment Prerequisites
Sizing for Strata Logging Service Storage
TCP Ports and FQDNs Required for Strata Logging Service
Activate Strata Logging Service
Onboard Firewalls to Strata Logging Service
Onboard Devices to Your Strata Logging Service Instance
Allocate Storage Based on Log Type
Allocate Log Retention Days
Start Sending Logs to Strata Logging Service
Administration
Introduction to Strata Logging Service
Strata Logging Service Regions
User Roles for Strata Logging Service
Launch Strata Logging Service
Monitor Strata Logging Service
View Status of your Strata Logging Service Instance
View Strata Logging Service Status
Strata Logging Service Log Types
Troubleshooting Firewall Connectivity
View Logs in Strata Logging Service
View Strata Logging Service Logs in Explore
Using Query Builder
Interact with Query Results
Forward Logs from Strata Logging Service
Forward Logs to a Syslog Server
Forward Logs to an HTTPS Server
Forward Logs to an Email Server
Forward Logs to Amazon Security Lake
Forward Logs to AWS S3 Bucket
Forward Logs to Snowflake
Create Log Filters
Server Certificate Validation
List of Trusted Certificates for Syslog and HTTPS Forwarding
Log Forwarding Errors
Forward Logs With Log Replay
Release Notes
New Features in Strata Logging Service
Strata Logging Service Addressed Issues
Strata Logging Service Known Issues
Getting Help
Log Reference
Schema Overview
Common Logs
Audit
Audit CEF Fields
Audit EMAIL Fields
Audit HTTPS Fields
Audit LEEF Fields
Configuration
Configuration Syslog Default Field Order
Configuration CEF Fields
Configuration EMAIL Fields
Configuration HTTPS Fields
Configuration LEEF Fields
System
System Syslog Default Field Order
System CEF Fields
System EMAIL Fields
System HTTPS Fields
System LEEF Fields
Endpoint Logs
Events
Events CEF Fields
Events EMAIL Fields
Events HTTPS Fields
Events LEEF Fields
GlobalProtect App Troubleshooting
GlobalProtect App Troubleshooting Syslog Default Field Order
GlobalProtect App Troubleshooting CEF Fields
GlobalProtect App Troubleshooting EMAIL Fields
GlobalProtect App Troubleshooting HTTPS Fields
GlobalProtect App Troubleshooting LEEF Fields
Network Logs
AI Security
Authentication
Authentication Syslog Default Field Order
Authentication CEF Fields
Authentication EMAIL Fields
Authentication HTTPS Fields
Authentication LEEF Fields
DNS Security
DNS Security Syslog Default Field Order
DNS Security CEF Fields
DNS Security EMAIL Fields
DNS Security HTTPS Fields
DNS Security LEEF Fields
Decryption
Decryption Syslog Default Field Order
Decryption CEF Fields
Decryption EMAIL Fields
Decryption HTTPS Fields
Decryption LEEF Fields
File
File Syslog Default Field Order
File CEF Fields
File EMAIL Fields
File HTTPS Fields
File LEEF Fields
GlobalProtect
GlobalProtect Syslog Default Field Order
GlobalProtect CEF Fields
GlobalProtect EMAIL Fields
GlobalProtect HTTPS Fields
GlobalProtect LEEF Fields
HIP Match
HIP Match Syslog Default Field Order
HIP Match CEF Fields
HIP Match EMAIL Fields
HIP Match HTTPS Fields
HIP Match LEEF Fields
IPtag
IPtag Syslog Default Field Order
IPtag CEF Fields
IPtag EMAIL Fields
IPtag HTTPS Fields
IPtag LEEF Fields
Remote Browser Isolation
SCTP
SCTP Syslog Default Field Order
SCTP CEF Fields
SCTP EMAIL Fields
SCTP HTTPS Fields
SCTP LEEF Fields
Threat
Threat Syslog Default Field Order
Threat CEF Fields
Threat EMAIL Fields
Threat HTTPS Fields
Threat LEEF Fields
Traffic
Traffic Syslog Default Field Order
Traffic CEF Fields
Traffic EMAIL Fields
Traffic HTTPS Fields
Traffic LEEF Fields
Tunnel
Tunnel Syslog Default Field Order
Tunnel CEF Fields
Tunnel EMAIL Fields
Tunnel HTTPS Fields
Tunnel LEEF Fields
URL
URL Syslog Default Field Order
URL CEF Fields
URL EMAIL Fields
URL HTTPS Fields
URL LEEF Fields
UserID
UserID Syslog Default Field Order
UserID CEF Fields
UserID EMAIL Fields
UserID HTTPS Fields
UserID LEEF Fields
Previous
System LEEF Fields
Next
Events
Endpoint Logs
Endpoint logs are written by applications running on an endpoint.
Endpoints have the following types of logs:
Events
GlobalProtect App Troubleshooting
Previous
System LEEF Fields
Next
Events
