Tunnel CEF Fields
Focus
Focus
Strata Logging Service

Tunnel CEF Fields

Table of Contents

Tunnel CEF Fields

The following table identifies the Tunnel field names that the Log Forwarding app uses when you forward logs using the CEF log format.
CEF Name
Field Details
PanOSAccessPointName
Query Name: access_point_name
Header Type: Custom
act
Query Name: action.​value
Header Type: Predefined
Max Length: 63
cat
Header Type: Predefined
Max Length: 1023
app
Query Name: app
Header Type: Predefined
Max Length: 31
PanOSApplicationCategory
Query Name: app_category
Header Type: Custom
PanOSApplicationSubcategory
Query Name: app_sub_category
Header Type: Custom
in
Query Name: bytes_received
Header Type: Predefined
out
Query Name: bytes_sent
Header Type: Predefined
PanOSBytes
Query Name: bytes_total
Header Type: Custom
PanOSConfigVersion
Header Type: Custom
PanOSContainerID
Query Name: container_id
Header Type: Custom
PanOSApplicationContainer
Query Name: container_of_app
Header Type: Custom
PanOSContentVersion
Query Name: content_version
Header Type: Custom
cnt
Query Name: count_of_repeats
Header Type: Predefined
PanOSLoggingServiceID
Query Name: customer_id
Header Type: Custom
PanOSDestinationDeviceClass
Query Name: dest_device_class
Header Type: Custom
PanOSDestinationDeviceMac
Query Name: dest_device_mac
Header Type: Custom
PanOSDestinationDeviceModel
Query Name: dest_device_model
Header Type: Custom
PanOSDestinationDeviceOS
Query Name: dest_device_os
Header Type: Custom
PanOSDestinationDeviceVendor
Query Name: dest_device_vendor
Header Type: Custom
PanOSDestinationDynamicAddressGroup
Header Type: Custom
PanOSDestinationEDL
Query Name: dest_edl
Header Type: Custom
dst or c6a3
Query Name: dest_ip.​value
Header Type: Predefined
Label: || c6a3Label
Label Text: || Destination IPv6 Address
PanOSDestinationLocation
Query Name: dest_location
Header Type: Custom
dpt
Query Name: dest_port
Header Type: Predefined
duser
Query Name: dest_user
Header Type: Predefined
Max Length: 1023
dntdom
Header Type: Predefined
Max Length: 255
dusername
Header Type: Predefined
Max Length: 255
duid
Header Type: Predefined
Max Length: 255
PanOSDestinationUUID
Query Name: dest_uuid
Header Type: Custom
PanOSDGHierarchyLevel1
Query Name: dg_hier_level_1
Header Type: Custom
PanOSDGHierarchyLevel2
Query Name: dg_hier_level_2
Header Type: Custom
PanOSDGHierarchyLevel3
Query Name: dg_hier_level_3
Header Type: Custom
PanOSDGHierarchyLevel4
Query Name: dg_hier_level_4
Header Type: Custom
PanOSDynamicUserGroupName
Query Name: dynusergroup_name
Header Type: Custom
cs4
Query Name: from_zone
Header Type: Predefined
Label: cs4Label
Label Text: FromZone
Max Length: 4000
deviceInboundInterface
Header Type: Predefined
Max Length: 128
PanOSInboundInterfaceDetailsPort
Header Type: Custom
PanOSInboundInterfaceDetailsSlot
Header Type: Custom
PanOSInboundInterfaceDetailsType
Header Type: Custom
PanOSInboundInterfaceDetailsUnit
Header Type: Custom
PanOSCaptivePortal
Query Name: is_captive_portal
Header Type: Custom
PanOSIsClienttoServer
Header Type: Custom
PanOSIsContainer
Query Name: is_container
Header Type: Custom
PanOSIsDecryptMirror
Query Name: is_decrypt_mirror
Header Type: Custom
PanOSIsDecryptedPayloadForward
Header Type: Custom
PanOSIsDecryptedLog
Query Name: is_decryption_log
Header Type: Custom
PanOSIsDuplicateLog
Query Name: is_dup_log
Header Type: Custom
PanOSLogExported
Query Name: is_exported
Header Type: Custom
PanOSLogForwarded
Query Name: is_forwarded
Header Type: Custom
PanOSIsIPV6
Query Name: is_ipv6
Header Type: Custom
PanOSIsInspectionBeforeSession
Header Type: Custom
PanOSIsMptcpOn
Query Name: is_mptcp_on
Header Type: Custom
PanOSNAT
Query Name: is_nat
Header Type: Custom
PanOSIsNonStandardDestinationPort
Header Type: Custom
PanOSIsPacketCapture
Query Name: is_packet_capture
Header Type: Custom
PanOSIsPhishing
Query Name: is_phishing
Header Type: Custom
PanOSIsPrismaNetwork
Query Name: is_prisma_branch
Header Type: Custom
PanOSIsPrismaUsers
Query Name: is_prisma_mobile
Header Type: Custom
PanOSIsProxy
Query Name: is_proxy
Header Type: Custom
PanOSIsReconExcluded
Query Name: is_recon_excluded
Header Type: Custom
PanOSIsSaaSApplication
Query Name: is_saas_app
Header Type: Custom
PanOSIsServertoClient
Header Type: Custom
PanOSIsSourceXForwarded
Query Name: is_source_x_fwded
Header Type: Custom
PanOSIsSystemReturn
Query Name: is_sym_return
Header Type: Custom
PanOSIsTransaction
Query Name: is_transaction
Header Type: Custom
PanOSIsTunnelInspected
Header Type: Custom
PanOSIsURLDenied
Query Name: is_url_denied
Header Type: Custom
cs6
Query Name: log_set
Header Type: Predefined
Label: cs6Label
Label Text: LogSetting
Max Length: 4000
PanOSLogSource
Query Name: log_source
Header Type: Custom
LogSourceGroupID
Header Type: Custom
Max Length: 255
deviceExternalId
Query Name: log_source_id
Header Type: Predefined
Max Length: 255
dvchost
Query Name: log_source_name
Header Type: Predefined
Max Length: 100
PanOSLogSourceTimeZoneOffset
Header Type: Custom
rt
Query Name: log_time
Header Type: Predefined
Device Event Class ID
Query Name: log_type.​value
Header Type: Custom
PanOSMobileAreaCode
Query Name: mobile_area_code
Header Type: Custom
PanOSMobileBaseStationCode
Header Type: Custom
PanOSMobileCountryCode
Header Type: Custom
PanOSMobileIP
Query Name: mobile_ip.​value
Header Type: Custom
PanOSMobileNetworkCode
Header Type: Custom
PanOSMobileSubscriberISDN
Header Type: Custom
PanOSIMEI
Query Name: monitor_tag_imei
Header Type: Custom
destinationTranslatedAddress
Query Name: nat_dest.​value
Header Type: Predefined
destinationTranslatedPort
Query Name: nat_dest_port
Header Type: Predefined
sourceTranslatedAddress
Header Type: Predefined
sourceTranslatedPort
Query Name: nat_source_port
Header Type: Predefined
PanOSNonStandardDestinationPort
Header Type: Custom
PanOSNSSAINetworkSliceDifferentiator
Header Type: Custom
PanOSNSSAINetworkSliceType
Header Type: Custom
deviceOutboundInterface
Header Type: Predefined
Max Length: 128
PanOSOutboundInterfaceDetailsPort
Header Type: Custom
PanOSOutboundInterfaceDetailsSlot
Header Type: Custom
PanOSOutboundInterfaceDetailsType
Header Type: Custom
PanOSOutboundInterfaceDetailsUnit
Header Type: Custom
PanOSPacketsDroppedMax
Header Type: Custom
cfp2
Header Type: Predefined
Label: cfp2Label
Label Text: PacketsDroppedStrict
PanOSPacketsDroppedTunnel
Header Type: Custom
cfp1
Header Type: Predefined
Label: cfp1Label
Label Text: PacketsDroppedProtocol
PanOSPacketsReceived
Query Name: packets_received
Header Type: Custom
PanOSPacketsSent
Query Name: packets_sent
Header Type: Custom
cn2
Query Name: packets_total
Header Type: Predefined
Label: cn2Label
Label Text: PacketsTotal
PanOSPanoramaSN
Query Name: panorama_serial
Header Type: Custom
PanOSParentSessionID
Query Name: parent_session_id
Header Type: Custom
PanOSParentStarttime
Query Name: parent_start_time
Header Type: Custom
PanOSProtocolDataUnitsessionID
Query Name: pdu_session_id
Header Type: Custom
PlatformType
Query Name: platform_type
Header Type: Custom
PanOSContainerName
Query Name: pod_name
Header Type: Custom
PanOSContainerNameSpace
Query Name: pod_namespace
Header Type: Custom
proto
Query Name: protocol.​value
Header Type: Predefined
Max Length: 31
PanOSRadioAccessTechnology
Header Type: Custom
PanOSApplicationRisk
Query Name: risk_of_app
Header Type: Custom
cs1
Query Name: rule_matched
Header Type: Predefined
Label: cs1Label
Label Text: Rule
Max Length: 4000
PanOSRuleUUID
Query Name: rule_matched_uuid
Header Type: Custom
PanOSSanctionedStateofApp
Header Type: Custom
externalId
Query Name: sequence_no
Header Type: Predefined
Max Length: 40
PanOSSessionOwnerMidx
Query Name: sess_owner_rt_midx
Header Type: Custom
reason
Header Type: Predefined
Max Length: 1023
cn1
Query Name: session_id
Header Type: Predefined
Label: cn1Label
Label Text: SessionID
PanOSSessionStartTime
Query Name: session_start_time
Header Type: Custom
PanOSSessionTracker
Query Name: session_tracker
Header Type: Custom
PanOSSeverity
Query Name: severity
Header Type: Custom
PanOSSourceDeviceClass
Header Type: Custom
PanOSSourceDeviceMac
Query Name: source_device_mac
Header Type: Custom
PanOSSourceDeviceModel
Header Type: Custom
PanOSSourceDeviceOS
Query Name: source_device_os
Header Type: Custom
PanOSSourceDeviceVendor
Header Type: Custom
PanOSSourceDynamicAddressGroup
Header Type: Custom
PanOSSourceEDL
Query Name: source_edl
Header Type: Custom
src or c6a2
Query Name: source_ip.​value
Header Type: Predefined
Label: || c6a2Label
Label Text: || Source IPv6 Address
PanOSSourceLocation
Query Name: source_location
Header Type: Custom
spt
Query Name: source_port
Header Type: Predefined
suser
Query Name: source_user
Header Type: Predefined
Max Length: 1023
sntdom
Header Type: Predefined
Max Length: 1023
susername
Header Type: Predefined
Max Length: 1023
suid
Header Type: Predefined
Max Length: 1023
PanOSSourceUUID
Query Name: source_uuid
Header Type: Custom
PanOSStandardPortsOfApp
Header Type: Custom
Name
Query Name: sub_type.​value
Header Type: Custom
PanOSApplicationTechnology
Query Name: technology_of_app
Header Type: Custom
start
Query Name: time_generated
Header Type: Predefined
PanOSTimeGeneratedHighResolution
Header Type: Custom
cs5
Query Name: to_zone
Header Type: Predefined
Label: cs5Label
Label Text: ToZone
Max Length: 4000
cn3
Query Name: total_time_elapsed
Header Type: Predefined
Label: cn3Label
Label Text: SessionDuration
cs2
Query Name: tunnel.​value
Header Type: Predefined
Label: cs2Label
Label Text: Tunnel
Max Length: 4000
PanOSTunnelCauseCode
Query Name: tunnel_cause_code
Header Type: Custom
PanOSTunnelEndpointID1
Header Type: Custom
PanOSTunnelEndpointID2
Header Type: Custom
PanOSTunnelEventCode
Query Name: tunnel_event_code
Header Type: Custom
PanOSTunnelEventType
Query Name: tunnel_event_type
Header Type: Custom
PanOSTunnelInspectionRule
Header Type: Custom
PanOSTunnelInterface
Query Name: tunnel_interface
Header Type: Custom
PanOSTunnelMessageType
Header Type: Custom
PanOSTunnelRemoteIMSIID
Header Type: Custom
PanOSTunnelRemoteUserIP
Header Type: Custom
cfp4
Header Type: Predefined
Label: cfp4Label
Label Text: TunnelSessionsClosed
cfp3
Header Type: Predefined
Label: cfp3Label
Label Text: TunnelSessionsCreated
PanOSTunneledApplication
Query Name: tunneled_app
Header Type: Custom
PanOSIMSI
Query Name: tunnelid_imsi
Header Type: Custom
PanOSURLCategory
Header Type: Custom
PanOSUsers
Query Name: users
Header Type: Custom
Device Vendor
Query Name: vendor_name
Header Type: Custom
PanOSVendorSeverity
Header Type: Custom
cs3
Query Name: vsys
Header Type: Predefined
Label: cs3Label
Label Text: VirtualLocation
Max Length: 4000
PanOSVirtualSystemID
Query Name: vsys_id
Header Type: Custom
PanOSVirtualSystemName
Query Name: vsys_name
Header Type: Custom