>
    Strata Copilot
    DNS Security (PAN-OS 11.2 or earlier) CEF Fields
    Focus
    Download PDF
    Focus
    1. Home
    2. Strata Logging Service
    3. Strata Logging Service Log Reference
    4. Network Logs
    5. DNS Security
    6. DNS Security (PAN-OS 11.2 or earlier) CEF Fields
    Download PDF
    Strata Logging Service

    DNS Security (PAN-OS 11.2 or earlier) CEF Fields

    Table of Contents

    DNS Security (PAN-OS 11.2 or earlier) CEF Fields

    The following table identifies the DNS Security (PAN-OS 11.2 or earlier) field names that the Log Forwarding app uses when you forward logs using the CEF log format.
    CEF Name
    Field Details
    act
    Query Name: action.​value
    Header Type: Predefined
    Max Length: 63
    PanOSCortexDataLakeTenantID
    Query Name: customer_id
    Header Type: Custom
    PanOSDNSResolverIP
    Query Name: dest_ip.​value
    Header Type: Custom
    PanOSDNSResponse
    Query Name: dns_response
    Header Type: Custom
    PanOSDNSResponseCode
    Query Name: dns_response_code
    Header Type: Custom
    duser
    Query Name: dst_user
    Header Type: Predefined
    Max Length: 1023
    cs5
    Query Name: dst_zone
    Header Type: Predefined
    Max Length: 4000
    request
    Query Name: fqdn
    Header Type: Predefined
    Max Length: 1023
    cs4
    Query Name: from_zone
    Header Type: Predefined
    Max Length: 4000
    PanOSThreatID
    Query Name: gtid
    Header Type: Custom
    PanOSLogSource
    Query Name: log_source
    Header Type: Custom
    LogSourceGroupID
    Query Name: log_source_group_id
    Header Type: Custom
    Max Length: 255
    deviceExternalID
    Query Name: log_source_id
    Header Type: Predefined
    Max Length: 255
    rt
    Query Name: log_time
    Header Type: Predefined
    DeviceEventClassID
    Query Name: log_type.​value
    Header Type: Custom
    PanOSPanoramaSN
    Query Name: panorama_serial
    Header Type: Custom
    PlatformType
    Query Name: platform_type
    Header Type: Custom
    PanOSDNSSecuityVersion
    Query Name: protocol
    Header Type: Custom
    PanOSRecordType
    Query Name: record_type
    Header Type: Custom
    src
    Query Name: source_ip.​value
    Header Type: Predefined
    suser
    Query Name: source_user
    Header Type: Predefined
    Max Length: 1023
    Name
    Query Name: sub_type.​value
    Header Type: Custom
    cat
    Query Name: threat_name
    Header Type: Predefined
    Max Length: 1023
    start
    Query Name: time_generated
    Header Type: Predefined
    cn3
    Query Name: total_time_elapsed
    Header Type: Predefined
    Device Vendor
    Query Name: vendor_name
    Header Type: Custom
    PanOSDNSCategory
    Query Name: verdict.​value
    Header Type: Custom

    © 2026 Palo Alto Networks, Inc. All rights reserved.