Oct 13 01:21:17 gke-standard-cluster-2-pool-1-6ea9f13a-moqf 894 <142>1 2020-10-13T01:21:16.976Z stream-logfwd20-156653024-10121421-eq28-harness-16kn logforwarder - panwlogs - 1,2020-10-13T01:21:10.000000Z,007051000113358,AUTH,Unknown,10.0,2020-10-13T01:21:01.000000Z,vsys1,::11e:a8c0:ffff:0,paloaltonetwork\xxxxx,paloaltonetwork\xxxxx,Authentication object4,Captive Portal,16777216,-1295066367845728256,xxxxx,rs-logging,deny-attackers,www.test.com,1,user password failure,3,556392,-9223372036854775808,0,0,0,0,,PA-VM,1,0,,2020-10-13T01:21:02.391000Z,src_category_list-2,src_profile_list-0,src_model_list-2,src_vendor_list-2,src_osfamily_list-2,src_osversion_list-2,src_host_list-2,src_mac_list-0
The fields are identified in the default order that they appear in each log
line.
HEADER,
log_time,
log_source_id,
log_type.value,
sub_type.value,
config_version.value,
time_generated,
vsys,
source_ip.value,
user,
normalize_user,
object,
auth_policy,
count_of_repeats,
mfa_auth_id,
mfa_vendor,
log_set,
auth_server_profile,
auth_description,
client_type,
auth_event_name.value,
auth_factor_num,
sequence_no,
action_flags,
dg_hier_level_1,
dg_hier_level_2,
dg_hier_level_3,
dg_hier_level_4,
vsys_name,
log_source_name,
vsys_id,
auth_proto,
rule_matched_uuid,
time_generated_high_res,
source_device_category,
source_device_profile,
source_device_model,
source_device_vendor,
source_device_osfamily,
source_device_osversion,
source_device_host,
source_device_mac,
service_region, EMPTY,
user_agent,
session_id
