Strata Logging Service
Audit
Table of Contents
Expand All
|
Collapse All
Strata Logging Service Docs
Audit
Audit logs are written to Strata Logging Service by specific products,
applications, or services. These are used to record changes made to the service writing
the logs.
The products, applications, or services that write audit logs are:
- Prisma Access Integration with Cisco Meraki SD-WAN
See the following for information related to supported log formats:
|
AUDIT Field
(Display Name)
|
Description
|
|---|---|
|
event_category
(EVENT CATEGORY)
|
The category of the event.
CEF field name: PanOSEventCategory
EMAIL field name: EventCategory
HTTPS field name: EventCategory
LEEF field name: EventCategory
|
|
event_description
(EVENT DESCRIPTION)
|
A description of the event.
CEF field name: PanOSEventDescription
EMAIL field name: EventDescription
HTTPS field name: EventDescription
LEEF field name: EventDescription
|
|
event_dest_url
(EVENT DESTINATION URL)
|
The URL related to the destination.
CEF field name: PanOSEventDestinationURL
EMAIL field name: EventDestinationURL
HTTPS field name: EventDestinationURL
LEEF field name: EventDestinationURL
|
|
event_dest_user.user_id
(EVENT DESTINATION USER USER ID)
|
The user ID related to the destination.
CEF field name: PanOSEventDestinationUserUserID
EMAIL field name: EventDestinationUserUserID
HTTPS field name: EventDestinationUserUserID
LEEF field name: EventDestinationUserUserID
|
|
event_dest_vendor
(DESTINATION VENDOR)
|
Name of the service that sent the log to Strata Logging Service.
CEF field name: PanOSDestinationVendor
EMAIL field name: DestinationVendor
HTTPS field name: DestinationVendor
LEEF field name: DestinationVendor
|
|
event_detail
(EVENT DETAILS)
|
Details about the event.
CEF field name: PanOSEventDetails
EMAIL field name: EventDetails
HTTPS field name: EventDetails
LEEF field name: EventDetails
|
|
event_id
(EVENT ID)
|
System event identifier.
CEF field name: PanOSEventID
EMAIL field name: EventID
HTTPS field name: EventID
LEEF field name: EventID
|
|
event_name
(EVENT NAME)
|
The name associated with an event
CEF field name: PanOSEventName
EMAIL field name: EventName
HTTPS field name: EventName
LEEF field name: EventName
|
|
event_result
(EVENT RESULT)
|
The result of an event.
CEF field name: PanOSEventResult
EMAIL field name: EventResult
HTTPS field name: EventResult
LEEF field name: EventResult
|
|
event_source_user.user_id
(EVENT SOURCE USER USER ID)
|
The user ID related to the source.
CEF field name: PanOSEventSourceUserUserID
EMAIL field name: EventSourceUserUserID
HTTPS field name: EventSourceUserUserID
LEEF field name: EventSourceUserUserID
|
|
event_time
(EVENT TIME)
|
Time when the log was generated.
CEF field name: PanOSEventTime
EMAIL field name: EventTime
HTTPS field name: EventTime
LEEF field name: EventTime
|
|
log_source
(LOG SOURCE)
|
Identifies the origin of the data. That is, the system that produced the data.
CEF field name: PANOSLogSource
EMAIL field name: LogSource
HTTPS field name: LogSource
LEEF field name: LogSource
|
|
log_source_group_id
(LOG SOURCE GROUP ID)
|
ID that uniquely identifies the logSourceGroupId of the log. That is, the log source Id of the group.
CEF field name: PanOSLogSourceGroupID
EMAIL field name: LogSourceGroupID
HTTPS field name: LogSourceGroupID
LEEF field name: LogSourceGroupID
|
|
log_source_id
(DEVICE SN)
|
Unique identifier of the log source. For example, if a firewall generated the log, this
would be the serial number of the firewall.
CEF field name: deviceExternalID
EMAIL field name: DeviceSN
HTTPS field name: DeviceSN
LEEF field name: DeviceSN
|
|
log_source_name
(DEVICE NAME)
|
Name of the source of the log. That is, the hostname of the firewall that logged the network traffic.
CEF field name: dvchost
EMAIL field name: DeviceName
HTTPS field name: DeviceName
LEEF field name: DeviceName
|
|
log_time
(TIME RECEIVED)
|
Time the log was received in Strata Logging Service. This is populated by the
platform.
CEF field name: rt
EMAIL field name: TimeReceived
HTTPS field name: TimeReceived
LEEF field name: TimeReceived
|
|
log_type.value
(LOG TYPE)
|
Identifies the log type.
CEF field name: Device Event Class ID
EMAIL field name: LogType
HTTPS field name: LogType
LEEF field name: cat
|
|
platform_type
(PLATFORM TYPE)
|
The platform type (Valid types are VM, PA, NGFW, CNGFW).
CEF field name: PlatformType
EMAIL field name: PlatformType
HTTPS field name: PlatformType
LEEF field name: PlatformType
|
|
tsg_id
(TSG ID)
|
The Tenant Service Group that uniquely identifies the Strata Logging Service instance which received this log
record.
CEF field name: PanOSTSGID
EMAIL field name: TSGID
HTTPS field name: TSGID
LEEF field name: TSGID
|
|
vendor_name
(VENDOR NAME)
|
Identifies the vendor that produced the data.
CEF field name: Device Vendor
EMAIL field name: VendorName
HTTPS field name: Vendor
LEEF field name: Vendor
|
|
vendor_severity.value
(VENDOR SEVERITY)
|
Severity associated with the event.
CEF field name: PanOSVendorSeverity
EMAIL field name: VendorSeverity
HTTPS field name: VendorSeverity
LEEF field name: VendorSeverity
|