Oct 13 20:56:15 gke-standard-cluster-2-pool-1-6ea9f13a-fnid 394 <142>1 2020-10-13T20:56:15.519Z stream-logfwd20-156653024-10121421-eq28-harness-16kn logforwarder - panwlogs - Palo Alto Networks,firewall,013201004706,PA-5220,11122,2019-07-03T00:36:24.000000Z,,3,THREAT,5,file,xxx.xx.x.xx,00000000000000000000ffff0a0002e3,37404,xxx.xx.x.xx,00000000000000000000ffff0a65025a,25,6,tcp,52100,PNG File Upload,PA-5220,0,client to server,.D_\u001C=w\u0019ByK\u0001K\u0007N,page-icon.png,,vCbg4~S8|,hd{dM*QDo,\"HR\u0017\u001DC(\rSZ<\",,3422257956016083937,2,Low,Low,uDX|F\f*A\u00074g,0,0,0,any,4,alert,-6917529027641081856,smtp,collaboration,3\r\n4\r\n5\r\n6\r\n7\r\n8,,12,0,0,0,,xxx.xx.x.xx-xxx.xx.x.xx,\"K\\m(+\u0018F\u0017\",&\u0019qTt.!e|xZ\u001E?,,,false,true,tap,,ethernet,1181132783616,0,0,ethernet,1,19,false,false,false,false,test,\"\u000Fw\fQO&b4g09$\",0,xxx.xx.x.xx,00000000000000000000ffff00000000,0,xxx.xx.x.xx,00000000000000000000ffff00000000,0,ethernet,1181132783616,0,0,ethernet,1,19,0,1970-01-01T00:00:00.000000Z,9,5,dg-log-policy,,false,6708774908183346528,4016143,\"EFX4\u0010Mb'\u001D\u001B\",xxx.xx.x.xx-xxx.xx.x.xx,,\"u\u001BA\u0006\u0011?<m_o\tR\u001E\",>$BOg]Z5,,email,client-server,2019-07-31T06:06:06.000000Z,tap,0,N/A,untunneled,0,xxx.xx.x.xx,1,smtp,OSC\u0013%6$\u0002f,8192,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,,-1322647286,,,\"}Irh!C}\u000B\u000FE\r\u0016IPP\",,\"\u0016AJ>E~a`\u000F\u0013:Hfw(\",,,,\"\u0013)\u000Bj)(\u0018cX<\u0012\",,,28$ffo\u0017v&,,,,\"[4\u000FBO?\"\"w_\u0010\tD\",,\"p5#/\t\u0004e\u0006\",,,\"\u000BO#<L5dFMN\u0015l\u001C\",\"\u001750g=\u0011'\u0000U\u000EM! \",\"\u0017w>/l9kC??\",,,\"6\u001D:_\u0018'n\u001B\",,,,\"\"\"*ZdS\u0001/\u0012A^S\",,,\"\u0013Ifte\u0006nk\u001EsX\",,,true,false,oLyqAH\u00079,,,,
The fields are identified in the default order that they appear in each log
line.
HEADER,
log_time,
log_source_id,
log_type.value,
sub_type.value,
config_version.value,
time_generated,
source_ip.value,
dest_ip.value,
nat_source.value,
nat_dest.value,
rule_matched,
source_user,
dest_user,
app,
vsys,
from_zone,
to_zone,
inbound_if.value,
outbound_if.value,
log_set, EMPTY,
session_id,
count_of_repeats,
source_port,
dest_port,
nat_source_port,
nat_dest_port,
flags,
protocol.value,
action.value,
file_name,
file_id,
url_category.value,
vendor_severity.value,
direction_of_attack.value,
sequence_no,
action_flags,
source_location,
dest_location, EMPTY, EMPTY,
pcap_id,
file_sha_256, EMPTY, EMPTY, EMPTY, EMPTY, EMPTY, EMPTY, EMPTY, EMPTY, EMPTY,
report_id,
dg_hier_level_1,
dg_hier_level_2,
dg_hier_level_3,
dg_hier_level_4,
vsys_name,
log_source_name, EMPTY,
source_uuid,
dest_uuid, EMPTY,
tunnelid_imsi,
monitor_tag_imei,
parent_session_id,
parent_start_time,
tunnel.value, EMPTY,
content_version,
sig_flags, EMPTY, EMPTY, EMPTY, EMPTY,
rule_matched_uuid,
http2_connection,
dynusergroup_name,
xff_ip.value,
source_device_category,
source_device_profile,
source_device_model,
source_device_vendor,
source_device_osfamily,
source_device_osversion,
source_device_host,
source_device_mac,
dest_device_category,
dest_device_profile,
dest_device_model,
dest_device_vendor,
dest_device_osfamily,
dest_device_osversion,
dest_device_host,
dest_device_mac,
container_id,
pod_namespace,
pod_name,
source_edl,
dest_edl,
gp_host_id,
endpoint_serial_number,
domain_edl,
source_dynamic_address_group,
dest_dynamic_address_group,
partial_hash,
time_generated_high_res,
reason_data_filtering,
justification,
nssai_network_slice_type.value
