>
    HIP Match CEF Fields
    Focus
    Download PDF
    Focus
    1. Home
    2. Strata Logging Service
    3. Network Logs
    4. HIP Match
    5. HIP Match CEF Fields
    Download PDF
    Strata Logging Service

    HIP Match CEF Fields

    Table of Contents

    HIP Match CEF Fields

    Example HIP Match log in CEF: 
    Mar 1 21:20:14 xxx.xx.x.xx 1505 <14>1 2021-03-01T21:20:14.889Z stream-logfwd20-587718190-03011312-b28y-harness-x4nx logforwarder - panwlogs - CEF:0|Palo Alto Networks|LF|2.0|HIPMATCH||3|ProfileToken=xxxxx dtz=UTC rt=Mar 01 2021 21:20:13 deviceExternalId=xxxxxxxxxxxxx PanOSIsDuplicateLog=false PanOSIsPrismaNetworks=false PanOSIsPrismaUsers=false PanOSLogExported=false PanOSLogForwarded=true PanOSLogSource=firewall PanOSLogSourceTimeZoneOffset= PanOSSourceDeviceClass= PanOSSourceDeviceOS= sntdom=xxxxx dntdom=xxxxx suser=xxxxx xxxxx duser=xxxxx xxxxx suid= duid= PanOSTenantID=xxxxxxxxxxxxx PanOSUUID= PanOSConfigVersion= start=Mar 01 2021 21:20:13 PanOSSourceUser=xxxxx\\xxxxx xxxxx cs3=vsys1 cs3Label=VirtualLocation shost=machine_name1 dhost=machine_name1 cs2=iOS cs2Label=EndpointOSType src=xxx.xx.x.xx dst=xxx.xx.x.xx cat=match_name1 cnt=1 PanOSHipMatchType=HIP Profile externalId=xxxxxxxxxxxxx PanOSDGHierarchyLevel1=12 PanOSDGHierarchyLevel2=0 PanOSDGHierarchyLevel3=0 PanOSDGHierarchyLevel4=0 PanOSVirtualSystemName= dvchost=PA-5220 cn2=1 cn2Label=VirtualSystemID c6a1=xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx c6a1Label=Device IPv6 Address PanOSHostID=xxxxxxxxxxxxxxe777947f-d92e-4815-9222-89438203bc2b PanOSEndpointSerialNumber=xxxxxxxxxxxxxx PanOSSourceDeviceCategory= PanOSSourceDeviceProfile= PanOSSourceDeviceModel= PanOSSourceDeviceVendor= PanOSSourceDeviceOSFamily= PanOSSourceDeviceOSVersion= PanOSSourceDeviceMac= PanOSSourceDeviceHost= PanOSSource= PanOSTimestampDeviceIdentification=Dec PanOSTimeGeneratedHighResolution=Jul 25 2019 23:30:12
    The following table identifies the HIP Match field names that the Log Forwarding app uses when you forward logs using the CEF log format.
    CEF Name
    Field Details
    PanOSConfigVersion
    Query Name: config_version.​value
    Header Type: Custom
    cnt
    Query Name: count_of_repeats
    Header Type: Predefined
    PanOSTenantID
    Query Name: customer_id
    Header Type: Custom
    PanOSDGHierarchyLevel1
    Query Name: dg_hier_level_1
    Header Type: Custom
    PanOSDGHierarchyLevel2
    Query Name: dg_hier_level_2
    Header Type: Custom
    PanOSDGHierarchyLevel3
    Query Name: dg_hier_level_3
    Header Type: Custom
    PanOSDGHierarchyLevel4
    Query Name: dg_hier_level_4
    Header Type: Custom
    shost and dhost
    Query Name: endpoint_device_name
    Header Type: Predefined
    cs2
    Query Name: endpoint_os_type
    Header Type: Predefined
    Label: cs2Label
    Label Text: EndpointOSType
    Max Length: 4000
    PanOSEndpointSerialNumber
    Query Name: endpoint_serial_number
    Header Type: Custom
    cat
    Query Name: hip_match_name
    Header Type: Predefined
    Max Length: 1023
    PanOSHipMatchType
    Query Name: hip_match_type.​value
    Header Type: Custom
    PanOSHostID
    Query Name: host_id
    Header Type: Custom
    PanOSIsDuplicateLog
    Query Name: is_dup_log
    Header Type: Custom
    PanOSLogExported
    Query Name: is_exported
    Header Type: Custom
    PanOSLogForwarded
    Query Name: is_forwarded
    Header Type: Custom
    PanOSIsPrismaNetworks
    Query Name: is_prisma_branch
    Header Type: Custom
    PanOSIsPrismaUsers
    Query Name: is_prisma_mobile
    Header Type: Custom
    PanOSLogSource
    Query Name: log_source
    Header Type: Custom
    LogSourceGroupID
    Query Name: log_source_group_id
    Header Type: Custom
    Max Length: 255
    deviceExternalId
    Query Name: log_source_id
    Header Type: Predefined
    Max Length: 255
    dvchost
    Query Name: log_source_name
    Header Type: Predefined
    Max Length: 100
    PanOSLogSourceTimeZoneOffset
    Query Name: log_source_tz_offset
    Header Type: Custom
    rt
    Query Name: log_time
    Header Type: Predefined
    Device Event Class ID
    Query Name: log_type.​value
    Header Type: Custom
    PanOSPanoramaSN
    Query Name: panorama_serial
    Header Type: Custom
    PlatformType
    Query Name: platform_type
    Header Type: Custom
    externalId
    Query Name: sequence_no
    Header Type: Predefined
    Max Length: 40
    PanOSSource
    Query Name: source
    Header Type: Custom
    PanOSSourceDeviceCategory
    Query Name: source_device_category
    Header Type: Custom
    PanOSSourceDeviceClass
    Query Name: source_device_class
    Header Type: Custom
    PanOSSourceDeviceHost
    Query Name: source_device_host
    Header Type: Custom
    PanOSSourceDeviceMac
    Query Name: source_device_mac
    Header Type: Custom
    PanOSSourceDeviceModel
    Query Name: source_device_model
    Header Type: Custom
    PanOSSourceDeviceOS
    Query Name: source_device_os
    Header Type: Custom
    PanOSSourceDeviceOSFamily
    Query Name: source_device_osfamily
    Header Type: Custom
    PanOSSourceDeviceOSVersion
    Query Name: source_device_osversion
    Header Type: Custom
    PanOSSourceDeviceProfile
    Query Name: source_device_profile
    Header Type: Custom
    PanOSSourceDeviceVendor
    Query Name: source_device_vendor
    Header Type: Custom
    src and dst, or c6a2 and c6a3
    Query Name: source_ip.​value
    Header Type: Predefined
    Label: || c6a2Label && c6a3Label
    Label Text: || Source IPv6 Address && Destination IPv6 Address
    c6a1
    Query Name: source_ip_v6.​value
    Header Type: Predefined
    Label: c6a1Label
    Label Text: Device IPv6 Address
    PanOSSourceUser
    Query Name: source_user
    Header Type: Custom
    sntdom and dntdom
    Query Name: source_user_info.​domain
    Header Type: Predefined
    suser and duser
    Query Name: source_user_info.​name
    Header Type: Predefined
    suid and duid
    Query Name: source_user_info.​uuid
    Header Type: Predefined
    Name
    Query Name: sub_type.​value
    Header Type: Custom
    start
    Query Name: time_generated
    Header Type: Predefined
    PanOSTimeGeneratedHighResolution
    Query Name: time_generated_high_res
    Header Type: Custom
    PanOSTimestampDeviceIdentification
    Query Name: timestamp_device_identification
    Header Type: Custom
    PanOSUUID
    Query Name: uuid
    Header Type: Custom
    Device Vendor
    Query Name: vendor_name
    Header Type: Custom
    cs3
    Query Name: vsys
    Header Type: Predefined
    Label: cs3Label
    Label Text: VirtualLocation
    Max Length: 4000
    cn2
    Query Name: vsys_id
    Header Type: Predefined
    Label: cn2Label
    Label Text: VirtualSystemID
    PanOSVirtualSystemName
    Query Name: vsys_name
    Header Type: Custom

    © 2024 Palo Alto Networks, Inc. All rights reserved.