Tunnel EMAIL Fields

Table of Contents

Tunnel EMAIL Fields

Example Tunnel log in EMAIL:

TimeReceived=2021-02-23T01:55:36.000000Z
DeviceSN=xxxxxxxxxxxxx
LogType=GTP
Subtype=end
ConfigVersion=10.0
TimeGenerated=2021-02-23T01:55:26.000000Z
SourceAddress=xxx.xx.x.xx
DestinationAddress=xxx.xx.x.xx
NATSource=xxx.xx.x.xx
NATDestination=xxx.xx.x.xx
Rule=allow-all-employees
SourceUser="paloaltonetwork\xxxxx"
DestinationUser="paloaltonetwork\xxxxx"
Application=translator-1
VirtualLocation=vsys1
FromZone=ethernet4Zone-test1
ToZone=untrust
InboundInterface=unknown
OutboundInterface=unknown
LogSetting=rs-logging
SessionID=44264
RepeatCount=1
SourcePort=20006
DestinationPort=14659
NATSourcePort=32577
NATDestinationPort=7527
Protocol=tcp
Action=allow
TunnelEventType=40
MobileSubscriberISDN=
AccessPointName=
RadioAccessTechnology=11
TunnelMessageType=0
MobileIP=
TunnelEndpointID1=0
TunnelEndpointID2=0
TunnelInterface=0
TunnelCauseCode=0
VendorSeverity=Unused
MobileCountryCode=0
MobileNetworkCode=0
MobileAreaCode=0
MobileBaseStationCode=0
TunnelEventCode=0
SequenceNo=1394230140
SourceLocation=east-coast
DestinationLocation=chicago
DGHierarchyLevel1=11
DGHierarchyLevel2=0
DGHierarchyLevel3=0
DGHierarchyLevel4=0
VirtualSystemName=
DeviceName=xxxxx
IMSI=0
IMEI=
ParentSessionID=0
ParentStarttime=1970-01-01T00:00:00.000000Z
Tunnel=HTTP2-CONNECTION
Bytes=7604628883345
BytesSent=41191473158
BytesReceived=7563437410187
PacketsTotal=1614045305
PacketsSent=1614045296
PacketsReceived=9
PacketsDroppedMax=0
PacketsDroppedProtocol=724369410
PacketsDroppedStrict=0
PacketsDroppedTunnel=153
TunnelSessionsCreated=541065246
TunnelSessionsClosed=83951616
SessionEndReason=n-a
ActionSource=
SessionStartTime=1970-01-01T00:00:19.000000Z
SessionDuration=2124021760
TunnelInspectionRule=
TunnelRemoteUserIP=
TunnelRemoteIMSIID=0
RuleUUID=d0658a8e-c749-4b1c-a7dc-3247de1c94e7
DynamicUserGroupName=
ContainerID=
ContainerNameSpace=
ContainerName=
SourceEDL=
DestinationEDL=
SourceDynamicAddressGroup=
DestinationDynamicAddressGroup=
TimeGeneratedHighResolution=2021-02-23T01:55:26.770000Z
NSSAINetworkSliceDifferentiator=0
NSSAINetworkSliceType=0
ProtocolDataUnitsessionID=0

The following table identifies the Tunnel field names that the Log Forwarding app uses when you forward logs using the EMAIL log format.

EMAIL Name	Query Name
AccessPointName	access_point_name
Action	action.value
ActionSource	action_source.value
Application	app
ApplicationCategory	app_category
ApplicationSubcategory	app_sub_category
BytesReceived	bytes_received
BytesSent	bytes_sent
Bytes	bytes_total
ConfigVersion	config_version.value
ContainerID	container_id
ApplicationContainer	container_of_app
ContentVersion	content_version
RepeatCount	count_of_repeats
LoggingServiceID	customer_id
DestinationDeviceClass	dest_device_class
DestinationDeviceMac	dest_device_mac
DestinationDeviceModel	dest_device_model
DestinationDeviceOS	dest_device_os
DestinationDeviceVendor	dest_device_vendor
DestinationDynamicAddressGroup	dest_dynamic_address_group
DestinationEDL	dest_edl
DestinationAddress	dest_ip.value
DestinationLocation	dest_location
DestinationPort	dest_port
DestinationUser	dest_user
DestinationUserDomain	dest_user_info.domain
DestinationUserName	dest_user_info.name
DestinationUserUUID	dest_user_info.uuid
DestinationUUID	dest_uuid
DGHierarchyLevel1	dg_hier_level_1
DGHierarchyLevel2	dg_hier_level_2
DGHierarchyLevel3	dg_hier_level_3
DGHierarchyLevel4	dg_hier_level_4
DynamicUserGroupName	dynusergroup_name
FromZone	from_zone
InboundInterface	inbound_if.value
InboundInterfaceDetailsPort	inbound_if_details.port
InboundInterfaceDetailsSlot	inbound_if_details.slot
InboundInterfaceDetailsType	inbound_if_details.type.value
InboundInterfaceDetailsUnit	inbound_if_details.unit
CaptivePortal	is_captive_portal
IsClienttoServer	is_client_to_server
IsContainer	is_container
IsDecryptMirror	is_decrypt_mirror
IsDecryptedPayloadForward	is_decrypted_payload_fwded
IsDecryptedLog	is_decryption_log
IsDuplicateLog	is_dup_log
LogExported	is_exported
LogForwarded	is_forwarded
IsIPV6	is_ipv6
IsInspectionBeforeSession	is_l7_inspection_b4_session
IsMptcpOn	is_mptcp_on
NAT	is_nat
IsNonStandardDestinationPort	is_non_std_dest_port
IsPacketCapture	is_packet_capture
IsPhishing	is_phishing
IsPrismaNetwork	is_prisma_branch
IsPrismaUsers	is_prisma_mobile
IsProxy	is_proxy
IsReconExcluded	is_recon_excluded
IsSaaSApplication	is_saas_app
IsServertoClient	is_server_to_client
IsSourceXForwarded	is_source_x_fwded
IsSystemReturn	is_sym_return
IsTransaction	is_transaction
IsTunnelInspected	is_tunnel_inspected
IsURLDenied	is_url_denied
LogSetting	log_set
LogSource	log_source
LogSourceGroupID	log_source_group_id
DeviceSN	log_source_id
DeviceName	log_source_name
LogSourceTimeZoneOffset	log_source_tz_offset
TimeReceived	log_time
LogType	log_type.value
MobileAreaCode	mobile_area_code
MobileBaseStationCode	mobile_base_station_code
MobileCountryCode	mobile_country_code
MobileIP	mobile_ip.value
MobileNetworkCode	mobile_network_code
MobileSubscriberISDN	mobile_subscriber_isdn
IMEI	monitor_tag_imei
NATDestination	nat_dest.value
NATDestinationPort	nat_dest_port
NATSource	nat_source.value
NATSourcePort	nat_source_port
NonStandardDestinationPort	non_standard_dest_port
NSSAINetworkSliceDifferentiator	nssai_network_slice_differentiator.value
NSSAINetworkSliceType	nssai_network_slice_type.value
OutboundInterface	outbound_if.value
OutboundInterfaceDetailsPort	outbound_if_details.port
OutboundInterfaceDetailsSlot	outbound_if_details.slot
OutboundInterfaceDetailsType	outbound_if_details.type.value
OutboundInterfaceDetailsUnit	outbound_if_details.unit
PacketsDroppedMax	packets_dropped_max_encap
PacketsDroppedStrict	packets_dropped_strict_check
PacketsDroppedTunnel	packets_dropped_tunnel_frag
PacketsDroppedProtocol	packets_dropped_ukn_proto
PacketsReceived	packets_received
PacketsSent	packets_sent
PacketsTotal	packets_total
PanoramaSN	panorama_serial
ParentSessionID	parent_session_id
ParentStarttime	parent_start_time
ProtocolDataUnitsessionID	pdu_session_id
PlatformType	platform_type
ContainerName	pod_name
ContainerNameSpace	pod_namespace
Protocol	protocol.value
RadioAccessTechnology	radio_access_technology
ApplicationRisk	risk_of_app
Rule	rule_matched
RuleUUID	rule_matched_uuid
SanctionedStateOfApp	sanctioned_state_of_app
SequenceNo	sequence_no
SessionOwnerMidx	sess_owner_rt_midx
SessionEndReason	session_end_reason.value
SessionID	session_id
SessionStartTime	session_start_time
SessionTracker	session_tracker
Severity	severity
SourceDeviceClass	source_device_class
SourceDeviceMac	source_device_mac
SourceDeviceModel	source_device_model
SourceDeviceOS	source_device_os
SourceDeviceVendor	source_device_vendor
SourceDynamicAddressGroup	source_dynamic_address_group
SourceEDL	source_edl
SourceAddress	source_ip.value
SourceLocation	source_location
SourcePort	source_port
SourceUser	source_user
SourceUserDomain	source_user_info.domain
SourceUserName	source_user_info.name
SourceUserUUID	source_user_info.uuid
SourceUUID	source_uuid
StandardPortsOfApp	standard_ports_of_app
Subtype	sub_type.value
ApplicationTechnology	technology_of_app
TimeGenerated	time_generated
TimeGeneratedHighResolution	time_generated_high_res
ToZone	to_zone
SessionDuration	total_time_elapsed
Tunnel	tunnel.value
TunnelCauseCode	tunnel_cause_code
TunnelEndpointID1	tunnel_endpoint_id_1
TunnelEndpointID2	tunnel_endpoint_id_2
TunnelEventCode	tunnel_event_code
TunnelEventType	tunnel_event_type
TunnelInspectionRule	tunnel_inspection_rule
TunnelInterface	tunnel_interface
TunnelMessageType	tunnel_message_type
TunnelRemoteIMSIID	tunnel_remote_imsi_id
TunnelRemoteUserIP	tunnel_remote_user_ip.value
TunnelSessionsClosed	tunnel_sessions_closed
TunnelSessionsCreated	tunnel_sessions_created
TunneledApplication	tunneled_app
IMSI	tunnelid_imsi
URLCategory	url_category.value
Users	users
VendorName	vendor_name
VendorSeverity	vendor_severity.value
VirtualLocation	vsys
VirtualSystemID	vsys_id
VirtualSystemName	vsys_name

Tunnel CEF Fields

Tunnel HTTPS Fields

Strata Logging Service Docs

Tunnel EMAIL Fields

Strata Logging Service Docs

Tunnel EMAIL Fields

Activation & Onboarding

Next-Generation Firewalls

SASE

Cloud-Delivered Security Services

Endpoints

Visibility & Monitoring

Best Practices

Experts Corner