Strata Logging Service
Tunnel CEF Fields
Table of Contents
Expand All
|
Collapse All
Strata Logging Service Docs
Tunnel CEF Fields
The following table identifies the Tunnel field names that the Log Forwarding app
uses when you forward logs using the CEF log format.
|
CEF Name
|
Field Details
|
|---|---|
|
PanOSAccessPointName
|
Query Name: access_point_name
Header Type: Custom
|
|
act
|
Query Name: action.value
Header Type: Predefined
Max Length: 63
|
|
cat
|
Query Name: action_source.value
Header Type: Predefined
Max Length: 1023
|
|
app
|
Query Name: app
Header Type: Predefined
Max Length: 31
|
|
PanOSApplicationCategory
|
Query Name: app_category
Header Type: Custom
|
|
PanOSApplicationSubcategory
|
Query Name: app_sub_category
Header Type: Custom
|
|
in
|
Query Name: bytes_received
Header Type: Predefined
|
|
out
|
Query Name: bytes_sent
Header Type: Predefined
|
|
PanOSBytes
|
Query Name: bytes_total
Header Type: Custom
|
|
PanOSConfigVersion
|
Query Name: config_version.value
Header Type: Custom
|
|
PanOSContainerID
|
Query Name: container_id
Header Type: Custom
|
|
PanOSApplicationContainer
|
Query Name: container_of_app
Header Type: Custom
|
|
PanOSContentVersion
|
Query Name: content_version
Header Type: Custom
|
|
cnt
|
Query Name: count_of_repeats
Header Type: Predefined
|
|
PanOSLoggingServiceID
|
Query Name: customer_id
Header Type: Custom
|
|
PanOSDestinationDeviceClass
|
Query Name: dest_device_class
Header Type: Custom
|
|
PanOSDestinationDeviceMac
|
Query Name: dest_device_mac
Header Type: Custom
|
|
PanOSDestinationDeviceModel
|
Query Name: dest_device_model
Header Type: Custom
|
|
PanOSDestinationDeviceOS
|
Query Name: dest_device_os
Header Type: Custom
|
|
PanOSDestinationDeviceVendor
|
Query Name: dest_device_vendor
Header Type: Custom
|
|
PanOSDestinationDynamicAddressGroup
|
Query Name: dest_dynamic_address_group
Header Type: Custom
|
|
PanOSDestinationEDL
|
Query Name: dest_edl
Header Type: Custom
|
|
dst or c6a3
|
Query Name: dest_ip.value
Header Type: Predefined
Label: || c6a3Label
Label Text: || Destination IPv6 Address
|
|
PanOSDestinationLocation
|
Query Name: dest_location
Header Type: Custom
|
|
dpt
|
Query Name: dest_port
Header Type: Predefined
|
|
duser
|
Query Name: dest_user
Header Type: Predefined
Max Length: 1023
|
|
dntdom
|
Query Name: dest_user_info.domain
Header Type: Predefined
Max Length: 255
|
|
dusername
|
Query Name: dest_user_info.name
Header Type: Predefined
Max Length: 255
|
|
duid
|
Query Name: dest_user_info.uuid
Header Type: Predefined
Max Length: 255
|
|
PanOSDestinationUUID
|
Query Name: dest_uuid
Header Type: Custom
|
|
PanOSDGHierarchyLevel1
|
Query Name: dg_hier_level_1
Header Type: Custom
|
|
PanOSDGHierarchyLevel2
|
Query Name: dg_hier_level_2
Header Type: Custom
|
|
PanOSDGHierarchyLevel3
|
Query Name: dg_hier_level_3
Header Type: Custom
|
|
PanOSDGHierarchyLevel4
|
Query Name: dg_hier_level_4
Header Type: Custom
|
|
PanOSDynamicUserGroupName
|
Query Name: dynusergroup_name
Header Type: Custom
|
|
cs4
|
Query Name: from_zone
Header Type: Predefined
Label: cs4Label
Label Text: FromZone
Max Length: 4000
|
|
deviceInboundInterface
|
Query Name: inbound_if.value
Header Type: Predefined
Max Length: 128
|
|
PanOSInboundInterfaceDetailsPort
|
Query Name: inbound_if_details.port
Header Type: Custom
|
|
PanOSInboundInterfaceDetailsSlot
|
Query Name: inbound_if_details.slot
Header Type: Custom
|
|
PanOSInboundInterfaceDetailsType
|
Query Name: inbound_if_details.type.value
Header Type: Custom
|
|
PanOSInboundInterfaceDetailsUnit
|
Query Name: inbound_if_details.unit
Header Type: Custom
|
|
PanOSCaptivePortal
|
Query Name: is_captive_portal
Header Type: Custom
|
|
PanOSIsClienttoServer
|
Query Name: is_client_to_server
Header Type: Custom
|
|
PanOSIsContainer
|
Query Name: is_container
Header Type: Custom
|
|
PanOSIsDecryptMirror
|
Query Name: is_decrypt_mirror
Header Type: Custom
|
|
PanOSIsDecryptedPayloadForward
|
Query Name: is_decrypted_payload_fwded
Header Type: Custom
|
|
PanOSIsDecryptedLog
|
Query Name: is_decryption_log
Header Type: Custom
|
|
PanOSIsDuplicateLog
|
Query Name: is_dup_log
Header Type: Custom
|
|
PanOSLogExported
|
Query Name: is_exported
Header Type: Custom
|
|
PanOSLogForwarded
|
Query Name: is_forwarded
Header Type: Custom
|
|
PanOSIsIPV6
|
Query Name: is_ipv6
Header Type: Custom
|
|
PanOSIsInspectionBeforeSession
|
Query Name: is_l7_inspection_b4_session
Header Type: Custom
|
|
PanOSIsMptcpOn
|
Query Name: is_mptcp_on
Header Type: Custom
|
|
PanOSNAT
|
Query Name: is_nat
Header Type: Custom
|
|
PanOSIsNonStandardDestinationPort
|
Query Name: is_non_std_dest_port
Header Type: Custom
|
|
PanOSIsPacketCapture
|
Query Name: is_packet_capture
Header Type: Custom
|
|
PanOSIsPhishing
|
Query Name: is_phishing
Header Type: Custom
|
|
PanOSIsPrismaNetwork
|
Query Name: is_prisma_branch
Header Type: Custom
|
|
PanOSIsPrismaUsers
|
Query Name: is_prisma_mobile
Header Type: Custom
|
|
PanOSIsProxy
|
Query Name: is_proxy
Header Type: Custom
|
|
PanOSIsReconExcluded
|
Query Name: is_recon_excluded
Header Type: Custom
|
|
PanOSIsSaaSApplication
|
Query Name: is_saas_app
Header Type: Custom
|
|
PanOSIsServertoClient
|
Query Name: is_server_to_client
Header Type: Custom
|
|
PanOSIsSourceXForwarded
|
Query Name: is_source_x_fwded
Header Type: Custom
|
|
PanOSIsSystemReturn
|
Query Name: is_sym_return
Header Type: Custom
|
|
PanOSIsTransaction
|
Query Name: is_transaction
Header Type: Custom
|
|
PanOSIsTunnelInspected
|
Query Name: is_tunnel_inspected
Header Type: Custom
|
|
PanOSIsURLDenied
|
Query Name: is_url_denied
Header Type: Custom
|
|
cs6
|
Query Name: log_set
Header Type: Predefined
Label: cs6Label
Label Text: LogSetting
Max Length: 4000
|
|
PanOSLogSource
|
Query Name: log_source
Header Type: Custom
|
|
LogSourceGroupID
|
Query Name: log_source_group_id
Header Type: Custom
Max Length: 255
|
|
deviceExternalId
|
Query Name: log_source_id
Header Type: Predefined
Max Length: 255
|
|
dvchost
|
Query Name: log_source_name
Header Type: Predefined
Max Length: 100
|
|
PanOSLogSourceTimeZoneOffset
|
Query Name: log_source_tz_offset
Header Type: Custom
|
|
rt
|
Query Name: log_time
Header Type: Predefined
|
|
Device Event Class ID
|
Query Name: log_type.value
Header Type: Custom
|
|
PanOSMobileAreaCode
|
Query Name: mobile_area_code
Header Type: Custom
|
|
PanOSMobileBaseStationCode
|
Query Name: mobile_base_station_code
Header Type: Custom
|
|
PanOSMobileCountryCode
|
Query Name: mobile_country_code
Header Type: Custom
|
|
PanOSMobileIP
|
Query Name: mobile_ip.value
Header Type: Custom
|
|
PanOSMobileNetworkCode
|
Query Name: mobile_network_code
Header Type: Custom
|
|
PanOSMobileSubscriberISDN
|
Query Name: mobile_subscriber_isdn
Header Type: Custom
|
|
PanOSIMEI
|
Query Name: monitor_tag_imei
Header Type: Custom
|
|
destinationTranslatedAddress
|
Query Name: nat_dest.value
Header Type: Predefined
|
|
destinationTranslatedPort
|
Query Name: nat_dest_port
Header Type: Predefined
|
|
sourceTranslatedAddress
|
Query Name: nat_source.value
Header Type: Predefined
|
|
sourceTranslatedPort
|
Query Name: nat_source_port
Header Type: Predefined
|
|
PanOSNonStandardDestinationPort
|
Query Name: non_standard_dest_port
Header Type: Custom
|
|
PanOSNSSAINetworkSliceDifferentiator
|
Query Name: nssai_network_slice_differentiator.value
Header Type: Custom
|
|
PanOSNSSAINetworkSliceType
|
Query Name: nssai_network_slice_type.value
Header Type: Custom
|
|
deviceOutboundInterface
|
Query Name: outbound_if.value
Header Type: Predefined
Max Length: 128
|
|
PanOSOutboundInterfaceDetailsPort
|
Query Name: outbound_if_details.port
Header Type: Custom
|
|
PanOSOutboundInterfaceDetailsSlot
|
Query Name: outbound_if_details.slot
Header Type: Custom
|
|
PanOSOutboundInterfaceDetailsType
|
Query Name: outbound_if_details.type.value
Header Type: Custom
|
|
PanOSOutboundInterfaceDetailsUnit
|
Query Name: outbound_if_details.unit
Header Type: Custom
|
|
PanOSPacketsDroppedMax
|
Query Name: packets_dropped_max_encap
Header Type: Custom
|
|
cfp2
|
Query Name: packets_dropped_strict_check
Header Type: Predefined
Label: cfp2Label
Label Text: PacketsDroppedStrict
|
|
PanOSPacketsDroppedTunnel
|
Query Name: packets_dropped_tunnel_frag
Header Type: Custom
|
|
cfp1
|
Query Name: packets_dropped_ukn_proto
Header Type: Predefined
Label: cfp1Label
Label Text: PacketsDroppedProtocol
|
|
PanOSPacketsReceived
|
Query Name: packets_received
Header Type: Custom
|
|
PanOSPacketsSent
|
Query Name: packets_sent
Header Type: Custom
|
|
cn2
|
Query Name: packets_total
Header Type: Predefined
Label: cn2Label
Label Text: PacketsTotal
|
|
PanOSPanoramaSN
|
Query Name: panorama_serial
Header Type: Custom
|
|
PanOSParentSessionID
|
Query Name: parent_session_id
Header Type: Custom
|
|
PanOSParentStarttime
|
Query Name: parent_start_time
Header Type: Custom
|
|
PanOSProtocolDataUnitsessionID
|
Query Name: pdu_session_id
Header Type: Custom
|
|
PlatformType
|
Query Name: platform_type
Header Type: Custom
|
|
PanOSContainerName
|
Query Name: pod_name
Header Type: Custom
|
|
PanOSContainerNameSpace
|
Query Name: pod_namespace
Header Type: Custom
|
|
proto
|
Query Name: protocol.value
Header Type: Predefined
Max Length: 31
|
|
PanOSRadioAccessTechnology
|
Query Name: radio_access_technology
Header Type: Custom
|
|
PanOSApplicationRisk
|
Query Name: risk_of_app
Header Type: Custom
|
|
cs1
|
Query Name: rule_matched
Header Type: Predefined
Label: cs1Label
Label Text: Rule
Max Length: 4000
|
|
PanOSRuleUUID
|
Query Name: rule_matched_uuid
Header Type: Custom
|
|
PanOSSanctionedStateofApp
|
Query Name: sanctioned_state_of_app
Header Type: Custom
|
|
externalId
|
Query Name: sequence_no
Header Type: Predefined
Max Length: 40
|
|
PanOSSessionOwnerMidx
|
Query Name: sess_owner_rt_midx
Header Type: Custom
|
|
reason
|
Query Name: session_end_reason.value
Header Type: Predefined
Max Length: 1023
|
|
cn1
|
Query Name: session_id
Header Type: Predefined
Label: cn1Label
Label Text: SessionID
|
|
PanOSSessionStartTime
|
Query Name: session_start_time
Header Type: Custom
|
|
PanOSSessionTracker
|
Query Name: session_tracker
Header Type: Custom
|
|
PanOSSeverity
|
Query Name: severity
Header Type: Custom
|
|
PanOSSourceDeviceClass
|
Query Name: source_device_class
Header Type: Custom
|
|
PanOSSourceDeviceMac
|
Query Name: source_device_mac
Header Type: Custom
|
|
PanOSSourceDeviceModel
|
Query Name: source_device_model
Header Type: Custom
|
|
PanOSSourceDeviceOS
|
Query Name: source_device_os
Header Type: Custom
|
|
PanOSSourceDeviceVendor
|
Query Name: source_device_vendor
Header Type: Custom
|
|
PanOSSourceDynamicAddressGroup
|
Query Name: source_dynamic_address_group
Header Type: Custom
|
|
PanOSSourceEDL
|
Query Name: source_edl
Header Type: Custom
|
|
src or c6a2
|
Query Name: source_ip.value
Header Type: Predefined
Label: || c6a2Label
Label Text: || Source IPv6 Address
|
|
PanOSSourceLocation
|
Query Name: source_location
Header Type: Custom
|
|
spt
|
Query Name: source_port
Header Type: Predefined
|
|
suser
|
Query Name: source_user
Header Type: Predefined
Max Length: 1023
|
|
sntdom
|
Query Name: source_user_info.domain
Header Type: Predefined
Max Length: 1023
|
|
susername
|
Query Name: source_user_info.name
Header Type: Predefined
Max Length: 1023
|
|
suid
|
Query Name: source_user_info.uuid
Header Type: Predefined
Max Length: 1023
|
|
PanOSSourceUUID
|
Query Name: source_uuid
Header Type: Custom
|
|
PanOSStandardPortsOfApp
|
Query Name: standard_ports_of_app
Header Type: Custom
|
|
Name
|
Query Name: sub_type.value
Header Type: Custom
|
|
PanOSApplicationTechnology
|
Query Name: technology_of_app
Header Type: Custom
|
|
start
|
Query Name: time_generated
Header Type: Predefined
|
|
PanOSTimeGeneratedHighResolution
|
Query Name: time_generated_high_res
Header Type: Custom
|
|
cs5
|
Query Name: to_zone
Header Type: Predefined
Label: cs5Label
Label Text: ToZone
Max Length: 4000
|
|
cn3
|
Query Name: total_time_elapsed
Header Type: Predefined
Label: cn3Label
Label Text: SessionDuration
|
|
cs2
|
Query Name: tunnel.value
Header Type: Predefined
Label: cs2Label
Label Text: Tunnel
Max Length: 4000
|
|
PanOSTunnelCauseCode
|
Query Name: tunnel_cause_code
Header Type: Custom
|
|
PanOSTunnelEndpointID1
|
Query Name: tunnel_endpoint_id_1
Header Type: Custom
|
|
PanOSTunnelEndpointID2
|
Query Name: tunnel_endpoint_id_2
Header Type: Custom
|
|
PanOSTunnelEventCode
|
Query Name: tunnel_event_code
Header Type: Custom
|
|
PanOSTunnelEventType
|
Query Name: tunnel_event_type
Header Type: Custom
|
|
PanOSTunnelInspectionRule
|
Query Name: tunnel_inspection_rule
Header Type: Custom
|
|
PanOSTunnelInterface
|
Query Name: tunnel_interface
Header Type: Custom
|
|
PanOSTunnelMessageType
|
Query Name: tunnel_message_type
Header Type: Custom
|
|
PanOSTunnelRemoteIMSIID
|
Query Name: tunnel_remote_imsi_id
Header Type: Custom
|
|
PanOSTunnelRemoteUserIP
|
Query Name: tunnel_remote_user_ip.value
Header Type: Custom
|
|
cfp4
|
Query Name: tunnel_sessions_closed
Header Type: Predefined
Label: cfp4Label
Label Text: TunnelSessionsClosed
|
|
cfp3
|
Query Name: tunnel_sessions_created
Header Type: Predefined
Label: cfp3Label
Label Text: TunnelSessionsCreated
|
|
PanOSTunneledApplication
|
Query Name: tunneled_app
Header Type: Custom
|
|
PanOSIMSI
|
Query Name: tunnelid_imsi
Header Type: Custom
|
|
PanOSURLCategory
|
Query Name: url_category.value
Header Type: Custom
|
|
PanOSUsers
|
Query Name: users
Header Type: Custom
|
|
Device Vendor
|
Query Name: vendor_name
Header Type: Custom
|
|
PanOSVendorSeverity
|
Query Name: vendor_severity.value
Header Type: Custom
|
|
cs3
|
Query Name: vsys
Header Type: Predefined
Label: cs3Label
Label Text: VirtualLocation
Max Length: 4000
|
|
PanOSVirtualSystemID
|
Query Name: vsys_id
Header Type: Custom
|
|
PanOSVirtualSystemName
|
Query Name: vsys_name
Header Type: Custom
|