>
    Configuration CEF Fields
    Focus
    Download PDF
    Focus
    1. Home
    2. Strata Logging Service
    3. Common Logs
    4. Configuration
    5. Configuration CEF Fields
    Download PDF
    Strata Logging Service

    Configuration CEF Fields

    Table of Contents

    Configuration CEF Fields

    Example Configuration log in CEF: 
    Mar 1 20:35:56 xxx.xx.x.xx 928 <14>1 2021-03-01T20:35:56.500Z stream-logfwd20-587718190-02280003-lvod-harness-mjdh logforwarder - panwlogs - CEF:0|Palo Alto Networks|LF|2.0|CONFIG|config|3|ProfileToken=xxxxx dtz=UTC rt=Mar 01 2021 20:35:54 deviceExternalId=xxxxxxxxxxxxx PanOSEventTime=Jul 25 2019 23:30:12 duser= dntdom= duid= PanOSEventDetails= PanOSIsDuplicateLog=false PanOSIsPrismaNetwork=false PanOSIsPrismaUsers=false cat=xxxxx PanOSLogExported=false PanOSLogSource=firewall PanOSLogSourceTimeZoneOffset= PanOSSeverity= PanOSTenantID=xxxxxxxxxxxxx PanOSVirtualSystemID=0 src=xxx.xx.x.xx cs3= cs3Label=VirtualLocation act=commit-all duser0=Panorama-admin destinationServiceName= PanOSEventResult=submitted msg= externalId=xxxxxxxxxxxxx PanOSDGHierarchyLevel1=0 PanOSDGHierarchyLevel2=0 PanOSDGHierarchyLevel3=0 PanOSDGHierarchyLevel4=0 PanOSVirtualSystemName=<{xwo X dvchost=PA-VM PanOSEventDescription=\r_IYr0r PanOSTimeGeneratedHighResolution=Jul 25 2019 23:30:12
    The following table identifies the Configuration field names that the Log Forwarding app uses when you forward logs using the CEF log format.
    CEF Name
    Field Details
    duser
    Query Name: admin_user
    Header Type: Predefined
    Max Length: 1023
    dntdom
    Query Name: admin_user_info.​domain
    Header Type: Predefined
    Max Length: 1023
    duser
    Query Name: admin_user_info.​name
    Header Type: Predefined
    Max Length: 1023
    duid
    Query Name: admin_user_info.​uuid
    Header Type: Predefined
    Max Length: 1023
    destinationServiceName
    Query Name: client.​value
    Header Type: Predefined
    Max Length: 1023
    PanOSConfigVersion
    Query Name: config_version.​value
    Header Type: Custom
    PanOSTenantID
    Query Name: customer_id
    Header Type: Custom
    PanOSDeviceGroup
    Query Name: device_group.​value
    Header Type: Custom
    PanOSDGHierarchyLevel1
    Query Name: dg_hier_level_1
    Header Type: Custom
    PanOSDGHierarchyLevel2
    Query Name: dg_hier_level_2
    Header Type: Custom
    PanOSDGHierarchyLevel3
    Query Name: dg_hier_level_3
    Header Type: Custom
    PanOSDGHierarchyLevel4
    Query Name: dg_hier_level_4
    Header Type: Custom
    src or c6a2 or shost
    Query Name: event_client_ip.​value
    Header Type: Predefined
    Label: || c6a2Label ||
    Label Text: || Source IPv6 Address ||
    PanOSEventDescription
    Query Name: event_description
    Header Type: Custom
    PanOSEventDetails
    Query Name: event_detail
    Header Type: Custom
    act
    Query Name: event_name.​value
    Header Type: Predefined
    Max Length: 63
    msg
    Query Name: event_path
    Header Type: Predefined
    Max Length: 1023
    PanOSEventResult
    Query Name: event_result.​value
    Header Type: Custom
    PanOSEventTime
    Query Name: event_time
    Header Type: Custom
    PanOSIsDuplicateLog
    Query Name: is_dup_log
    Header Type: Custom
    PanOSLogExported
    Query Name: is_exported
    Header Type: Custom
    PanOSIsPrismaNetwork
    Query Name: is_prisma_branch
    Header Type: Custom
    PanOSIsPrismaUsers
    Query Name: is_prisma_mobile
    Header Type: Custom
    cat
    Query Name: log_category.​value
    Header Type: Predefined
    Max Length: 1023
    PanOSLogSource
    Query Name: log_source
    Header Type: Custom
    LogSourceGroupID
    Query Name: log_source_group_id
    Header Type: Custom
    Max Length: 255
    deviceExternalId
    Query Name: log_source_id
    Header Type: Predefined
    Max Length: 255
    dvchost
    Query Name: log_source_name
    Header Type: Predefined
    Max Length: 100
    PanOSLogSourceTimeZoneOffset
    Query Name: log_source_tz_offset
    Header Type: Custom
    rt
    Query Name: log_time
    Header Type: Predefined
    Device Event Class ID
    Query Name: log_type.​value
    Header Type: Custom
    PanOSPanoramaSN
    Query Name: panorama_serial
    Header Type: Custom
    PlatformType
    Query Name: platform_type
    Header Type: Custom
    externalId
    Query Name: sequence_no
    Header Type: Predefined
    Max Length: 40
    PanOSSeverity
    Query Name: severity
    Header Type: Custom
    Name
    Query Name: sub_type.​value
    Header Type: Custom
    PanOSTemplate
    Query Name: template.​value
    Header Type: Custom
    PanOSTimeGeneratedHighResolution
    Query Name: time_generated_high_res
    Header Type: Custom
    Device Vendor
    Query Name: vendor_name
    Header Type: Custom
    PanOSVendorSeverity
    Query Name: vendor_severity.​value
    Header Type: Custom
    cs3
    Query Name: vsys
    Header Type: Predefined
    Label: cs3Label
    Label Text: VirtualLocation
    Max Length: 4000
    PanOSVirtualSystemID
    Query Name: vsys_id
    Header Type: Custom
    PanOSVirtualSystemName
    Query Name: vsys_name
    Header Type: Custom

    © 2024 Palo Alto Networks, Inc. All rights reserved.