Syslog Field Descriptions
The following topics list the standard fields of each log type that Palo Alto Networks firewalls
can forward to an external server, as well as the severity levels, custom formats, and
escape sequences. To facilitate parsing, the delimiter is a comma: each field is a
comma-separated value (CSV) string. The FUTURE_USE tag applies to fields that are of no
use to syslog ingestion.
WildFire Submissions logs are a subtype of Threat log and
use the same syslog format.