Configuration CEF Fields

Table of Contents

Configuration Syslog Default Field Order

Configuration CEF Fields

The following table identifies the Configuration field names that the Log Forwarding app uses when you forward logs using the CEF log format.

CEF Name	Field Details
duser	Query Name: admin_user Header Type: Predefined Max Length: 1023
dntdom	Query Name: admin_user_info.domain Header Type: Predefined Max Length: 1023
duser	Query Name: admin_user_info.name Header Type: Predefined Max Length: 1023
duid	Query Name: admin_user_info.uuid Header Type: Predefined Max Length: 1023
destinationServiceName	Query Name: client.value Header Type: Predefined Max Length: 1023
PanOSConfigVersion	Query Name: config_version.value Header Type: Custom
PanOSTenantID	Query Name: customer_id Header Type: Custom
PanOSDeviceGroup	Query Name: device_group.value Header Type: Custom
PanOSDGHierarchyLevel1	Query Name: dg_hier_level_1 Header Type: Custom
PanOSDGHierarchyLevel2	Query Name: dg_hier_level_2 Header Type: Custom
PanOSDGHierarchyLevel3	Query Name: dg_hier_level_3 Header Type: Custom
PanOSDGHierarchyLevel4	Query Name: dg_hier_level_4 Header Type: Custom
src or c6a2 or shost	Query Name: event_client_ip.value Header Type: Predefined Label: \|\| c6a2Label \|\| Label Text: \|\| Source IPv6 Address \|\|
PanOSEventDescription	Query Name: event_description Header Type: Custom
PanOSEventDetails	Query Name: event_detail Header Type: Custom
act	Query Name: event_name.value Header Type: Predefined Max Length: 63
msg	Query Name: event_path Header Type: Predefined Max Length: 1023
PanOSEventResult	Query Name: event_result.value Header Type: Custom
PanOSEventTime	Query Name: event_time Header Type: Custom
PanOSIsDuplicateLog	Query Name: is_dup_log Header Type: Custom
PanOSLogExported	Query Name: is_exported Header Type: Custom
PanOSIsPrismaNetwork	Query Name: is_prisma_branch Header Type: Custom
PanOSIsPrismaUsers	Query Name: is_prisma_mobile Header Type: Custom
cat	Query Name: log_category.value Header Type: Predefined Max Length: 1023
PanOSLogSource	Query Name: log_source Header Type: Custom
LogSourceGroupID	Query Name: log_source_group_id Header Type: Custom Max Length: 255
deviceExternalId	Query Name: log_source_id Header Type: Predefined Max Length: 255
dvchost	Query Name: log_source_name Header Type: Predefined Max Length: 100
PanOSLogSourceTimeZoneOffset	Query Name: log_source_tz_offset Header Type: Custom
rt	Query Name: log_time Header Type: Predefined
Device Event Class ID	Query Name: log_type.value Header Type: Custom
PanOSPanoramaSN	Query Name: panorama_serial Header Type: Custom
PlatformType	Query Name: platform_type Header Type: Custom
externalId	Query Name: sequence_no Header Type: Predefined Max Length: 40
PanOSSeverity	Query Name: severity Header Type: Custom
Name	Query Name: sub_type.value Header Type: Custom
PanOSTemplate	Query Name: template.value Header Type: Custom
PanOSTimeGeneratedHighResolution	Query Name: time_generated_high_res Header Type: Custom
Device Vendor	Query Name: vendor_name Header Type: Custom
PanOSVendorSeverity	Query Name: vendor_severity.value Header Type: Custom
cs3	Query Name: vsys Header Type: Predefined Label: cs3Label Label Text: VirtualLocation Max Length: 4000
PanOSVirtualSystemID	Query Name: vsys_id Header Type: Custom
PanOSVirtualSystemName	Query Name: vsys_name Header Type: Custom

Configuration Syslog Default Field Order

Configuration EMAIL Fields

Strata Logging Service Docs

Configuration CEF Fields

Strata Logging Service Docs

Configuration CEF Fields

Activation & Onboarding

Next-Generation Firewalls

SASE

Cloud-Delivered Security Services

Endpoints

Visibility & Monitoring

Best Practices

Experts Corner