Audit LEEF Fields

Table of Contents

Audit LEEF Fields

The following table identifies the Audit field names that the Log Forwarding app uses when you forward logs using the LEEF log format.

When you create a syslog forwarding profile , you can optionally create a profile token that the Log Forwarding app uses when it sends logs to the syslog server. If you configure a profile token, it appears in the log line immediately after the log type information (for example,

TRAFFIC

THREAT

HIPMATCH

, and so forth). The token will appear on a parameter called

profileToken

LEEF Name	Query Name	Field Type
Event Category	event_category	Custom
Event Description	event_description	Custom
Event Destination URL	event_dest_url	Custom
Destination Vendor	event_dest_vendor	Custom
Event Details	event_detail	Custom
Event Name	event_name	Custom
Event Result	event_result	Custom
Event Time	event_time	Custom
Log Source	log_source	Custom
LogSourceGroupID	log_source_group_id	Custom
Log Source ID	log_source_id	Custom
Log Time	log_time	Custom
Log Type	log_type.value	Custom
PlatformType	platform_type	Custom
Subtype	sub_type.value	Custom
Vendor Name	vendor_name	Custom
Vendor Severity	vendor_severity.value	Custom

Audit HTTPS Fields

Configuration

Audit LEEF Fields

Audit LEEF Fields

Recommended For You

Activation and Onboarding

Next-Generation Firewalls

SASE

Cloud-Delivered Security Services

Agents & Agentless

Endpoints

Visibility & Monitoring

Best Practices

Experts Corner