>
    Management
    Focus
    Download PDF
    Focus
    1. Home
    2. Strata Logging Service
    3. Strata Logging Service Log Reference
    4. Endpoint Logs
    5. Management
    Download PDF
    Strata Logging Service

    Management

    Table of Contents

    Management

    You can use the management logs to audit any activity or action performed by the user or Prisma Access Agent.
    .
    MANAGEMENT Field
    (Display Name)
    Description
    attempted_gateways
    (ATTEMPTED GATEWAYS)
    String of all gateways that were available and attempted for the client location. Contains gateway name, ssl response time, and priority, separated by a semicolon.
    auth_method
    (AUTH METHOD)
    Authentication method used for the epm connection.
    config_version.​value
    (CONFIG VERSION)
    Config version converted to string represented as major.minor.patch.build in value and as hex in id.
    connect_method
    (CONNECTION METHOD)
    Identifies how a ZTNA client connects to the Portal/Gateway (manual vs on-demand).
    connection_error.​id
    (CONNECTION ERROR ID)
    Enumeration integer assigned to the connection_error field value.
    connection_error.​value
    (CONNECTION ERROR)
    Error information for unsuccessful connection.
    count_of_repeats
    (COUNT OF REPEATS)
    Number of sessions with same Source IP, Destination IP, Application, and Content/Threat Type seen for the summary interval.
    customer_id
    (TENANT ID)
    The ID that uniquely identifies the Strata Logging Service instance which received this log record.
    dg_hier_level_1
    (DG HIERARCHY LEVEL 1)
    A sequence of identification numbers that indicate the device group’s location within a device group hierarchy.
    dg_hier_level_2
    (DG HIERARCHY LEVEL 2)
    A sequence of identification numbers that indicate the device group’s location within a device group hierarchy.
    dg_hier_level_3
    (DG HIERARCHY LEVEL 3)
    A sequence of identification numbers that indicate the device group’s location within a device group hierarchy.
    dg_hier_level_4
    (DG HIERARCHY LEVEL 4)
    A sequence of identification numbers that indicate the device group’s location within a device group hierarchy.
    endpoint_device_name
    (ENDPOINT DEVICE NAME)
    Name of the device that the user used for the connection.
    endpoint_gp_version
    (ZTNA CLIENT VERSION)
    epm client version number.
    endpoint_os_type
    (ENDPOINT OS TYPE)
    OS type of the endpoint on which the epm client is deployed.
    endpoint_os_version
    (ENDPOINT OS VERSION)
    OS version of the endpoint on which the epm client is deployed.
    endpoint_serial_number
    (ENDPOINT SN)
    ID that uniquely identifies the endpoint on which the epm client is deployed.
    event_id.​value
    (EVENT ID VALUE)
    ID of the event within a stage of the ZTNA connection workflow.
    gateway
    (GATEWAY)
    Selected Gateway for the connection.
    gateway_priority.​value
    (GATEWAY PRIORITY)
    Priority of gateway, retrieved from portal configuration.
    gateway_selection_type
    (GATEWAY SELECTION TYPE)
    Gateway Selection Method i.e automatic, preferred or manual.
    gpg_location
    (ZTNA GATEWAY LOCATION)
    Location of the ZTNA Connector Gateway.
    host_id
    (HOST ID)
    ID of the machine that the user used for the connection. Example UUID for an android device.
    is_dup_log
    (IS DUPLICATE LOG)
    Indicates whether this log data is available in multiple locations, such as from Strata Logging Service as well as from an on-premise log collector.
    is_exported
    (LOG EXPORTED)
    Indicates if this log was exported from the agent using the agent's log export function.
    is_forwarded
    (LOG FORWARDED)
    Internal-use field that indicates if the log is being forwarded.
    is_prisma_branch
    (IS PRISMA NETWORKS)
    Internal-use field. If set to 1, the log was generated on a cloud-based agent. If 0, the agent was running on-premise.
    is_prisma_mobile
    (IS PRISMA USERS)
    Internal use field. If set to 1, the log record was generated using a cloud-based epm instance. If 0, epm was hosted on-premise.
    log_source
    (LOG SOURCE)
    Identifies the origin of the data. That is, the system that produced the data.
    log_source_group_id
    (LOG SOURCE GROUP ID)
    ID that uniquely identifies the logSourceGroupId of the log. That is, the log_source_id of the group.
    log_source_id
    (DEVICE SN)
    ID that uniquely identifies the source of the log. That is, the serial number of the agent that generated the log.
    log_source_name
    (DEVICE NAME)
    Name of the source of the log. That is, the hostname of the agent that logged the network traffic.
    log_source_tz_offset
    (LOG SOURCE TIMEZONE OFFSET)
    Time Zone offset from GMT of the source of the log.
    log_time
    (TIME RECEIVED)
    Time the log was received in Strata Logging Service. This is populated by the platform.
    log_type.​value
    (LOG TYPE)
    Identifies the log type.
    login_duration
    (LOGIN DURATION)
    Duration for which the connected user was logged on.
    opaque
    (DESCRIPTION)
    Description of the event (extra information not captured in other fields around an event).
    panorama_serial
    (PANORAMA SN)
    Panorama Serial associated with Strata Logging Service.
    platform_type
    (PLATFORM TYPE)
    The platform type (Valid types are VM, PA, NGFW, CNGFW).
    portal
    (PORTAL)
    The endpoint management Portal or Gateway that the user is connected to.
    private_ip.​value
    (PRIVATE IPV4)
    Private IP address (v4) of the connected user.
    private_ipv6.​value
    (PRIVATE IPV6)
    Private IP address (v6) of the connected user.
    project_name
    (PROJECT NAME)
    Indicates the customers project name.
    public_ip.​value
    (PUBLIC IPV4)
    Public IP address (v4) of the connected user.
    public_ipv6.​value
    (PUBLIC IPV6)
    Public IP address (v6) of the connected user.
    quarantine_reason
    (QUARANTINE REASON)
    The reason for the quarantine action performed.
    sequence_no
    (SEQUENCE NO)
    The log entry identifier, which is incremented sequentially. Each log type has a unique number space.
    source_region
    (SOURCE REGION)
    Region of the connected Gateway (or User).
    source_user
    (SOURCE USER NAME)
    The username of the connected user.
    source_user_info.​domain
    (SOURCE USER DOMAIN)
    The domain of the connected user.
    source_user_info.​name
    (SOURCE USER INFO)
    The name of the connected user.
    source_user_info.​uuid
    (SOURCE USER UUID)
    A unique identifier of the connected user.
    ssl_response_time
    (SSL RESPONSE TIME)
    SSL Response Time in milliseconds.
    stage
    (STAGE)
    Name of the stage in the ZTNA connection workflow.
    status.​value
    (EVENT STATUS)
    The status of the management event.
    sub_type.​value
    (LOG SUBTYPE)
    Identifies the log subtype.
    time_generated
    (TIME GENERATED)
    Time the log was generated on the data plane in format YYYY-MM-DDTHH:MM:SS[.DDDDDD]Z.
    time_generated_high_res
    (TIME GENERATED HIGH RESOLUTION)
    Time the log was generated in data plane with millisec granularity in format YYYY-MM-DDTHH:MM:SS[.DDDDDD]Z.
    tunnel
    (TUNNEL TYPE)
    Tunnel Type i.e. SSL or VPN.
    vendor_name
    (VENDOR NAME)
    Identifies the vendor that produced the data.
    vsys
    (VIRTUAL SYSTEM)
    String representation of the unique identifier for a virtual system on a Palo Alto Networks agent.
    vsys_id
    (VIRTUAL SYSTEM ID)
    A unique identifier for a virtual system on a Palo Alto Networks agent.
    vsys_name
    (VIRTUAL SYSTEM NAME)
    The name of the virtual system associated with the network traffic.

    © 2025 Palo Alto Networks, Inc. All rights reserved.