Strata Logging Service
Tunnel CEF Fields
Table of Contents
Expand All
|
Collapse All
Tunnel CEF Fields
The following table identifies the Tunnel field names that the Log Forwarding app
uses when you forward logs using the CEF log format.
CEF Name
|
Field Details
|
---|---|
PanOSAccessPointName
|
Query Name: access_point_name
Header Type: Custom
|
act
|
Query Name: action.value
Header Type: Predefined
Max Length: 63
|
cat
|
Query Name: action_source.value
Header Type: Predefined
Max Length: 1023
|
app
|
Query Name: app
Header Type: Predefined
Max Length: 31
|
PanOSApplicationCategory
|
Query Name: app_category
Header Type: Custom
|
PanOSApplicationSubcategory
|
Query Name: app_sub_category
Header Type: Custom
|
in
|
Query Name: bytes_received
Header Type: Predefined
|
out
|
Query Name: bytes_sent
Header Type: Predefined
|
PanOSBytes
|
Query Name: bytes_total
Header Type: Custom
|
PanOSConfigVersion
|
Query Name: config_version.value
Header Type: Custom
|
PanOSContainerID
|
Query Name: container_id
Header Type: Custom
|
PanOSApplicationContainer
|
Query Name: container_of_app
Header Type: Custom
|
PanOSContentVersion
|
Query Name: content_version
Header Type: Custom
|
cnt
|
Query Name: count_of_repeats
Header Type: Predefined
|
PanOSLoggingServiceID
|
Query Name: customer_id
Header Type: Custom
|
PanOSDestinationDeviceClass
|
Query Name: dest_device_class
Header Type: Custom
|
PanOSDestinationDeviceMac
|
Query Name: dest_device_mac
Header Type: Custom
|
PanOSDestinationDeviceModel
|
Query Name: dest_device_model
Header Type: Custom
|
PanOSDestinationDeviceOS
|
Query Name: dest_device_os
Header Type: Custom
|
PanOSDestinationDeviceVendor
|
Query Name: dest_device_vendor
Header Type: Custom
|
PanOSDestinationDynamicAddressGroup
|
Query Name: dest_dynamic_address_group
Header Type: Custom
|
PanOSDestinationEDL
|
Query Name: dest_edl
Header Type: Custom
|
dst or c6a3
|
Query Name: dest_ip.value
Header Type: Predefined
Label: || c6a3Label
Label Text: || Destination IPv6 Address
|
PanOSDestinationLocation
|
Query Name: dest_location
Header Type: Custom
|
dpt
|
Query Name: dest_port
Header Type: Predefined
|
duser
|
Query Name: dest_user
Header Type: Predefined
Max Length: 1023
|
dntdom
|
Query Name: dest_user_info.domain
Header Type: Predefined
Max Length: 255
|
dusername
|
Query Name: dest_user_info.name
Header Type: Predefined
Max Length: 255
|
duid
|
Query Name: dest_user_info.uuid
Header Type: Predefined
Max Length: 255
|
PanOSDestinationUUID
|
Query Name: dest_uuid
Header Type: Custom
|
PanOSDGHierarchyLevel1
|
Query Name: dg_hier_level_1
Header Type: Custom
|
PanOSDGHierarchyLevel2
|
Query Name: dg_hier_level_2
Header Type: Custom
|
PanOSDGHierarchyLevel3
|
Query Name: dg_hier_level_3
Header Type: Custom
|
PanOSDGHierarchyLevel4
|
Query Name: dg_hier_level_4
Header Type: Custom
|
PanOSDynamicUserGroupName
|
Query Name: dynusergroup_name
Header Type: Custom
|
cs4
|
Query Name: from_zone
Header Type: Predefined
Label: cs4Label
Label Text: FromZone
Max Length: 4000
|
deviceInboundInterface
|
Query Name: inbound_if.value
Header Type: Predefined
Max Length: 128
|
PanOSInboundInterfaceDetailsPort
|
Query Name: inbound_if_details.port
Header Type: Custom
|
PanOSInboundInterfaceDetailsSlot
|
Query Name: inbound_if_details.slot
Header Type: Custom
|
PanOSInboundInterfaceDetailsType
|
Query Name: inbound_if_details.type.value
Header Type: Custom
|
PanOSInboundInterfaceDetailsUnit
|
Query Name: inbound_if_details.unit
Header Type: Custom
|
PanOSCaptivePortal
|
Query Name: is_captive_portal
Header Type: Custom
|
PanOSIsClienttoServer
|
Query Name: is_client_to_server
Header Type: Custom
|
PanOSIsContainer
|
Query Name: is_container
Header Type: Custom
|
PanOSIsDecryptMirror
|
Query Name: is_decrypt_mirror
Header Type: Custom
|
PanOSIsDecryptedPayloadForward
|
Query Name: is_decrypted_payload_fwded
Header Type: Custom
|
PanOSIsDecryptedLog
|
Query Name: is_decryption_log
Header Type: Custom
|
PanOSIsDuplicateLog
|
Query Name: is_dup_log
Header Type: Custom
|
PanOSLogExported
|
Query Name: is_exported
Header Type: Custom
|
PanOSLogForwarded
|
Query Name: is_forwarded
Header Type: Custom
|
PanOSIsIPV6
|
Query Name: is_ipv6
Header Type: Custom
|
PanOSIsInspectionBeforeSession
|
Query Name: is_l7_inspection_b4_session
Header Type: Custom
|
PanOSIsMptcpOn
|
Query Name: is_mptcp_on
Header Type: Custom
|
PanOSNAT
|
Query Name: is_nat
Header Type: Custom
|
PanOSIsNonStandardDestinationPort
|
Query Name: is_non_std_dest_port
Header Type: Custom
|
PanOSIsPacketCapture
|
Query Name: is_packet_capture
Header Type: Custom
|
PanOSIsPhishing
|
Query Name: is_phishing
Header Type: Custom
|
PanOSIsPrismaNetwork
|
Query Name: is_prisma_branch
Header Type: Custom
|
PanOSIsPrismaUsers
|
Query Name: is_prisma_mobile
Header Type: Custom
|
PanOSIsProxy
|
Query Name: is_proxy
Header Type: Custom
|
PanOSIsReconExcluded
|
Query Name: is_recon_excluded
Header Type: Custom
|
PanOSIsSaaSApplication
|
Query Name: is_saas_app
Header Type: Custom
|
PanOSIsServertoClient
|
Query Name: is_server_to_client
Header Type: Custom
|
PanOSIsSourceXForwarded
|
Query Name: is_source_x_fwded
Header Type: Custom
|
PanOSIsSystemReturn
|
Query Name: is_sym_return
Header Type: Custom
|
PanOSIsTransaction
|
Query Name: is_transaction
Header Type: Custom
|
PanOSIsTunnelInspected
|
Query Name: is_tunnel_inspected
Header Type: Custom
|
PanOSIsURLDenied
|
Query Name: is_url_denied
Header Type: Custom
|
cs6
|
Query Name: log_set
Header Type: Predefined
Label: cs6Label
Label Text: LogSetting
Max Length: 4000
|
PanOSLogSource
|
Query Name: log_source
Header Type: Custom
|
LogSourceGroupID
|
Query Name: log_source_group_id
Header Type: Custom
Max Length: 255
|
deviceExternalId
|
Query Name: log_source_id
Header Type: Predefined
Max Length: 255
|
dvchost
|
Query Name: log_source_name
Header Type: Predefined
Max Length: 100
|
PanOSLogSourceTimeZoneOffset
|
Query Name: log_source_tz_offset
Header Type: Custom
|
rt
|
Query Name: log_time
Header Type: Predefined
|
Device Event Class ID
|
Query Name: log_type.value
Header Type: Custom
|
PanOSMobileAreaCode
|
Query Name: mobile_area_code
Header Type: Custom
|
PanOSMobileBaseStationCode
|
Query Name: mobile_base_station_code
Header Type: Custom
|
PanOSMobileCountryCode
|
Query Name: mobile_country_code
Header Type: Custom
|
PanOSMobileIP
|
Query Name: mobile_ip.value
Header Type: Custom
|
PanOSMobileNetworkCode
|
Query Name: mobile_network_code
Header Type: Custom
|
PanOSMobileSubscriberISDN
|
Query Name: mobile_subscriber_isdn
Header Type: Custom
|
PanOSIMEI
|
Query Name: monitor_tag_imei
Header Type: Custom
|
destinationTranslatedAddress
|
Query Name: nat_dest.value
Header Type: Predefined
|
destinationTranslatedPort
|
Query Name: nat_dest_port
Header Type: Predefined
|
sourceTranslatedAddress
|
Query Name: nat_source.value
Header Type: Predefined
|
sourceTranslatedPort
|
Query Name: nat_source_port
Header Type: Predefined
|
PanOSNonStandardDestinationPort
|
Query Name: non_standard_dest_port
Header Type: Custom
|
PanOSNSSAINetworkSliceDifferentiator
|
Query Name: nssai_network_slice_differentiator.value
Header Type: Custom
|
PanOSNSSAINetworkSliceType
|
Query Name: nssai_network_slice_type.value
Header Type: Custom
|
deviceOutboundInterface
|
Query Name: outbound_if.value
Header Type: Predefined
Max Length: 128
|
PanOSOutboundInterfaceDetailsPort
|
Query Name: outbound_if_details.port
Header Type: Custom
|
PanOSOutboundInterfaceDetailsSlot
|
Query Name: outbound_if_details.slot
Header Type: Custom
|
PanOSOutboundInterfaceDetailsType
|
Query Name: outbound_if_details.type.value
Header Type: Custom
|
PanOSOutboundInterfaceDetailsUnit
|
Query Name: outbound_if_details.unit
Header Type: Custom
|
PanOSPacketsDroppedMax
|
Query Name: packets_dropped_max_encap
Header Type: Custom
|
cfp2
|
Query Name: packets_dropped_strict_check
Header Type: Predefined
Label: cfp2Label
Label Text: PacketsDroppedStrict
|
PanOSPacketsDroppedTunnel
|
Query Name: packets_dropped_tunnel_frag
Header Type: Custom
|
cfp1
|
Query Name: packets_dropped_ukn_proto
Header Type: Predefined
Label: cfp1Label
Label Text: PacketsDroppedProtocol
|
PanOSPacketsReceived
|
Query Name: packets_received
Header Type: Custom
|
PanOSPacketsSent
|
Query Name: packets_sent
Header Type: Custom
|
cn2
|
Query Name: packets_total
Header Type: Predefined
Label: cn2Label
Label Text: PacketsTotal
|
PanOSPanoramaSN
|
Query Name: panorama_serial
Header Type: Custom
|
PanOSParentSessionID
|
Query Name: parent_session_id
Header Type: Custom
|
PanOSParentStarttime
|
Query Name: parent_start_time
Header Type: Custom
|
PanOSProtocolDataUnitsessionID
|
Query Name: pdu_session_id
Header Type: Custom
|
PlatformType
|
Query Name: platform_type
Header Type: Custom
|
PanOSContainerName
|
Query Name: pod_name
Header Type: Custom
|
PanOSContainerNameSpace
|
Query Name: pod_namespace
Header Type: Custom
|
proto
|
Query Name: protocol.value
Header Type: Predefined
Max Length: 31
|
PanOSRadioAccessTechnology
|
Query Name: radio_access_technology
Header Type: Custom
|
PanOSApplicationRisk
|
Query Name: risk_of_app
Header Type: Custom
|
cs1
|
Query Name: rule_matched
Header Type: Predefined
Label: cs1Label
Label Text: Rule
Max Length: 4000
|
PanOSRuleUUID
|
Query Name: rule_matched_uuid
Header Type: Custom
|
PanOSSanctionedStateofApp
|
Query Name: sanctioned_state_of_app
Header Type: Custom
|
externalId
|
Query Name: sequence_no
Header Type: Predefined
Max Length: 40
|
PanOSSessionOwnerMidx
|
Query Name: sess_owner_rt_midx
Header Type: Custom
|
reason
|
Query Name: session_end_reason.value
Header Type: Predefined
Max Length: 1023
|
cn1
|
Query Name: session_id
Header Type: Predefined
Label: cn1Label
Label Text: SessionID
|
PanOSSessionStartTime
|
Query Name: session_start_time
Header Type: Custom
|
PanOSSessionTracker
|
Query Name: session_tracker
Header Type: Custom
|
PanOSSeverity
|
Query Name: severity
Header Type: Custom
|
PanOSSourceDeviceClass
|
Query Name: source_device_class
Header Type: Custom
|
PanOSSourceDeviceMac
|
Query Name: source_device_mac
Header Type: Custom
|
PanOSSourceDeviceModel
|
Query Name: source_device_model
Header Type: Custom
|
PanOSSourceDeviceOS
|
Query Name: source_device_os
Header Type: Custom
|
PanOSSourceDeviceVendor
|
Query Name: source_device_vendor
Header Type: Custom
|
PanOSSourceDynamicAddressGroup
|
Query Name: source_dynamic_address_group
Header Type: Custom
|
PanOSSourceEDL
|
Query Name: source_edl
Header Type: Custom
|
src or c6a2
|
Query Name: source_ip.value
Header Type: Predefined
Label: || c6a2Label
Label Text: || Source IPv6 Address
|
PanOSSourceLocation
|
Query Name: source_location
Header Type: Custom
|
spt
|
Query Name: source_port
Header Type: Predefined
|
suser
|
Query Name: source_user
Header Type: Predefined
Max Length: 1023
|
sntdom
|
Query Name: source_user_info.domain
Header Type: Predefined
Max Length: 1023
|
susername
|
Query Name: source_user_info.name
Header Type: Predefined
Max Length: 1023
|
suid
|
Query Name: source_user_info.uuid
Header Type: Predefined
Max Length: 1023
|
PanOSSourceUUID
|
Query Name: source_uuid
Header Type: Custom
|
PanOSStandardPortsOfApp
|
Query Name: standard_ports_of_app
Header Type: Custom
|
Name
|
Query Name: sub_type.value
Header Type: Custom
|
PanOSApplicationTechnology
|
Query Name: technology_of_app
Header Type: Custom
|
start
|
Query Name: time_generated
Header Type: Predefined
|
PanOSTimeGeneratedHighResolution
|
Query Name: time_generated_high_res
Header Type: Custom
|
cs5
|
Query Name: to_zone
Header Type: Predefined
Label: cs5Label
Label Text: ToZone
Max Length: 4000
|
cn3
|
Query Name: total_time_elapsed
Header Type: Predefined
Label: cn3Label
Label Text: SessionDuration
|
cs2
|
Query Name: tunnel.value
Header Type: Predefined
Label: cs2Label
Label Text: Tunnel
Max Length: 4000
|
PanOSTunnelCauseCode
|
Query Name: tunnel_cause_code
Header Type: Custom
|
PanOSTunnelEndpointID1
|
Query Name: tunnel_endpoint_id_1
Header Type: Custom
|
PanOSTunnelEndpointID2
|
Query Name: tunnel_endpoint_id_2
Header Type: Custom
|
PanOSTunnelEventCode
|
Query Name: tunnel_event_code
Header Type: Custom
|
PanOSTunnelEventType
|
Query Name: tunnel_event_type
Header Type: Custom
|
PanOSTunnelInspectionRule
|
Query Name: tunnel_inspection_rule
Header Type: Custom
|
PanOSTunnelInterface
|
Query Name: tunnel_interface
Header Type: Custom
|
PanOSTunnelMessageType
|
Query Name: tunnel_message_type
Header Type: Custom
|
PanOSTunnelRemoteIMSIID
|
Query Name: tunnel_remote_imsi_id
Header Type: Custom
|
PanOSTunnelRemoteUserIP
|
Query Name: tunnel_remote_user_ip.value
Header Type: Custom
|
cfp4
|
Query Name: tunnel_sessions_closed
Header Type: Predefined
Label: cfp4Label
Label Text: TunnelSessionsClosed
|
cfp3
|
Query Name: tunnel_sessions_created
Header Type: Predefined
Label: cfp3Label
Label Text: TunnelSessionsCreated
|
PanOSTunneledApplication
|
Query Name: tunneled_app
Header Type: Custom
|
PanOSIMSI
|
Query Name: tunnelid_imsi
Header Type: Custom
|
PanOSURLCategory
|
Query Name: url_category.value
Header Type: Custom
|
PanOSUsers
|
Query Name: users
Header Type: Custom
|
Device Vendor
|
Query Name: vendor_name
Header Type: Custom
|
PanOSVendorSeverity
|
Query Name: vendor_severity.value
Header Type: Custom
|
cs3
|
Query Name: vsys
Header Type: Predefined
Label: cs3Label
Label Text: VirtualLocation
Max Length: 4000
|
PanOSVirtualSystemID
|
Query Name: vsys_id
Header Type: Custom
|
PanOSVirtualSystemName
|
Query Name: vsys_name
Header Type: Custom
|