Strata Logging Service
Audit CEF Fields
Table of Contents
Expand All
|
Collapse All
Strata Logging Service Docs
Audit CEF Fields
The following table identifies the Audit field names that the Log Forwarding app
uses when you forward logs using the CEF log format.
|
CEF Name
|
Field Details
|
|---|---|
|
PanOSActorDisplayName
|
Query Name: actor_display_name
Header Type: Custom
|
|
PanOSActorID
|
Query Name: actor_id
Header Type: Custom
|
|
PanOSConnectionErrorID
|
Query Name: connection_error.id
Header Type: Custom
|
|
PanOSConnectionErrorValue
|
Query Name: connection_error.value
Header Type: Custom
|
|
PanOSCortexDataLakeTenantID
|
Query Name: customer_id
Header Type: Custom
|
|
PanOSEventCategory
|
Query Name: event_category
Header Type: Custom
|
|
PanOSEventClientIP
|
Query Name: event_client_ip.value
Header Type: Custom
|
|
PanOSEventDescription
|
Query Name: event_description
Header Type: Custom
|
|
PanOSEventDestination
|
Query Name: event_dest.value
Header Type: Custom
|
|
PanOSEventDestinationAction
|
Query Name: event_dest_action
Header Type: Custom
|
|
PanOSEventDestinationURL
|
Query Name: event_dest_url
Header Type: Custom
|
|
PanOSEventDestinationUserUserID
|
Query Name: event_dest_user.user_id
Header Type: Custom
Label: PanOSEventDestinationUserUserID
Label Text: PanOSEventDestinationUserUserID
|
|
PanOSEventDestinationUserUUID
|
Query Name: event_dest_user.uuid
Header Type: Custom
|
|
PanOSDestinationVendor
|
Query Name: event_dest_vendor
Header Type: Custom
|
|
PanOSEventDetails
|
Query Name: event_detail
Header Type: Custom
|
|
PanOSEventID
|
Query Name: event_id
Header Type: Custom
|
|
PanOSEventName
|
Query Name: event_name
Header Type: Custom
|
|
PanOSEventResult
|
Query Name: event_result
Header Type: Custom
|
|
PanOSEventSource
|
Query Name: event_source.value
Header Type: Custom
|
|
PanOSEventSourceURL
|
Query Name: event_source_url
Header Type: Custom
|
|
PanOSEventSourceUserDomain
|
Query Name: event_source_user.domain
Header Type: Custom
|
|
PanOSEventSourceUser
|
Query Name: event_source_user.user
Header Type: Custom
|
|
PanOSEventSourceUserUserID
|
Query Name: event_source_user.user_id
Header Type: Custom
Label: PanOSEventSourceUserUserID
Label Text: PanOSEventSourceUserUserID
|
|
PanOSEventSourceUserUUID
|
Query Name: event_source_user.uuid
Header Type: Custom
|
|
PanOSEventSourceUserEmail
|
Query Name: event_source_user_email
Header Type: Custom
|
|
PanOSEventSourceUserFirstName
|
Query Name: event_source_user_first_name
Header Type: Custom
|
|
PanOSEventSourceUserLastName
|
Query Name: event_source_user_last_name
Header Type: Custom
|
|
PanOSEventSourceUserUUIDV4
|
Query Name: event_source_user_uuid_v4
Header Type: Custom
|
|
PanOSEventSubCategory
|
Query Name: event_sub_category
Header Type: Custom
|
|
PanOSEventTime
|
Query Name: event_time
Header Type: Custom
|
|
PANOSLogSource
|
Query Name: log_source
Header Type: Custom
|
|
PanOSLogSourceGroupID
|
Query Name: log_source_group_id
Header Type: Custom
Max Length: 255
|
|
deviceExternalID
|
Query Name: log_source_id
Header Type: Predefined
|
|
dvchost
|
Query Name: log_source_name
Header Type: Predefined
|
|
PanOSLogSourceTimeZoneOffset
|
Query Name: log_source_tz_offset
Header Type: Custom
|
|
rt
|
Query Name: log_time
Header Type: Predefined
|
|
Device Event Class ID
|
Query Name: log_type.value
Header Type: Custom
|
|
PlatformType
|
Query Name: platform_type
Header Type: Custom
|
|
Name
|
Query Name: sub_type.value
Header Type: Custom
|
|
PanOSTSGID
|
Query Name: tsg_id
Header Type: Custom
Label: PanOSTSGID
Label Text: PanOSTSGID
|
|
Device Vendor
|
Query Name: vendor_name
Header Type: Custom
|
|
PanOSVendorSeverity
|
Query Name: vendor_severity.value
Header Type: Custom
|