>
    Strata Copilot
    SD-WAN Traffic CEF Fields
    Focus
    Download PDF
    Focus
    1. Home
    2. Strata Logging Service
    3. Strata Logging Service Log Reference
    4. SD-WAN Logs
    5. SD-WAN Traffic
    6. SD-WAN Traffic CEF Fields
    Download PDF
    Strata Logging Service

    SD-WAN Traffic CEF Fields

    Table of Contents

    SD-WAN Traffic CEF Fields

    The following table identifies the SD-WAN Traffic field names that the Log Forwarding app uses when you forward logs using the CEF log format.
    CEF Name
    Field Details
    act
    Query Name: action.​value
    Header Type: Predefined
    app
    Query Name: app
    Header Type: Predefined
    PanOSApplicationCategory
    Query Name: app_category
    Header Type: Custom
    PanOSApplicationSubcategory
    Query Name: app_sub_category
    Header Type: Custom
    Predefined
    Query Name: bytes_received
    Header Type: Custom
    Predefined
    Query Name: bytes_sent
    Header Type: Custom
    PanOSApplicationCharacteristics
    Query Name: characteristics_of_app
    Header Type: Custom
    PanOSApplicationContainer
    Query Name: container_of_app
    Header Type: Custom
    PanOSCortexDataLakeTenantID
    Query Name: customer_id
    Header Type: Custom
    PanOSDestinationIP
    Query Name: dest_ip.​value
    Header Type: Custom
    dpt
    Query Name: dest_port
    Header Type: Predefined
    PanOSDestinationUserDomain
    Query Name: dest_user_info.​domain
    Header Type: Custom
    PanOSDestinationUserName
    Query Name: dest_user_info.​name
    Header Type: Custom
    PanOSDestinationUserUUID
    Query Name: dest_user_info.​uuid
    Header Type: Custom
    cs4
    Query Name: from_zone
    Header Type: Predefined
    deviceInboundInterface
    Query Name: inbound_if.​value
    Header Type: Predefined
    Custom
    Query Name: is_client_to_server
    Header Type: Custom
    PanOSIsIPV6
    Query Name: is_ipv6
    Header Type: Custom
    PanOSIsSaaSApplication
    Query Name: is_saas_app
    Header Type: Custom
    PanOSLogSource
    Query Name: log_source
    Header Type: Custom
    LogSourceGroupID
    Query Name: log_source_group_id
    Header Type: Custom
    deviceExternalID
    Query Name: log_source_id
    Header Type: Predefined
    dvchost
    Query Name: log_source_name
    Header Type: Predefined
    PanOSLogSourceTimeZoneOffset
    Query Name: log_source_tz_offset
    Header Type: Custom
    rt
    Query Name: log_time
    Header Type: Predefined
    DeviceEventClassID
    Query Name: log_type.​value
    Header Type: Custom
    deviceOutboundInterface
    Query Name: outbound_if.​value
    Header Type: Predefined
    Custom
    Query Name: packets_received
    Header Type: Custom
    Custom
    Query Name: packets_sent
    Header Type: Custom
    PanOSPathValue
    Query Name: path.​value
    Header Type: Custom
    PanOSPathLabel
    Query Name: path_label
    Header Type: Custom
    PlatformType
    Query Name: platform_type
    Header Type: Custom
    PanOSSDWANElementId
    Query Name: prisma_sdwan_element_id
    Header Type: Custom
    PanOSSDWANElementName
    Query Name: prisma_sdwan_element_name
    Header Type: Custom
    PanOSSDWANSiteId
    Query Name: prisma_sdwan_site_id
    Header Type: Custom
    PanOsSDWANSiteName
    Query Name: prisma_sdwan_site_name
    Header Type: Custom
    PanOSSDWANTenantId
    Query Name: prisma_sdwan_tenant_id
    Header Type: Custom
    proto
    Query Name: protocol.​value
    Header Type: Predefined
    PanOSApplicationRisk
    Query Name: risk_of_app
    Header Type: Custom
    cs1
    Query Name: rule_matched
    Header Type: Predefined
    PanOSRuleUUID
    Query Name: rule_matched_uuid
    Header Type: Custom
    PanOSSanctionedStateOfApp
    Query Name: sanctioned_state_of_app
    Header Type: Custom
    reason
    Query Name: session_end_reason.​value
    Header Type: Predefined
    cn1
    Query Name: session_id
    Header Type: Predefined
    Custom
    Query Name: session_start_time
    Header Type: Custom
    PanOSSourceDeviceCategory
    Query Name: source_device_category
    Header Type: Custom
    PanOSSourceDeviceClass
    Query Name: source_device_class
    Header Type: Custom
    PanOSSourceDeviceHost
    Query Name: source_device_host
    Header Type: Custom
    PanOSSourceDeviceMac
    Query Name: source_device_mac
    Header Type: Custom
    PanOSSourceDeviceModel
    Query Name: source_device_model
    Header Type: Custom
    PanOSSourceDeviceOS
    Query Name: source_device_os
    Header Type: Custom
    PanOSSourceDeviceOSFamily
    Query Name: source_device_osfamily
    Header Type: Custom
    PanOSSourceDeviceOSVersion
    Query Name: source_device_osversion
    Header Type: Custom
    PanOSSourceDeviceProfile
    Query Name: source_device_profile
    Header Type: Custom
    PanOSSourceDeviceVendor
    Query Name: source_device_vendor
    Header Type: Custom
    src
    Query Name: source_ip.​value
    Header Type: Predefined
    spt
    Query Name: source_port
    Header Type: Predefined
    suser
    Query Name: source_user
    Header Type: Predefined
    PanOSSourceUserDomain
    Query Name: source_user_info.​domain
    Header Type: Custom
    PanOSSourceUserName
    Query Name: source_user_info.​name
    Header Type: Custom
    PanOSSourceUserUUID
    Query Name: source_user_info.​uuid
    Header Type: Custom
    Name
    Query Name: sub_type.​value
    Header Type: Custom
    PanOSApplicationTechnology
    Query Name: technology_of_app
    Header Type: Custom
    start
    Query Name: time_generated
    Header Type: Predefined
    PanOSTimeGeneratedHighResolution
    Query Name: time_generated_high_res
    Header Type: Custom
    cs5
    Query Name: to_zone
    Header Type: Predefined
    Predefined
    Query Name: total_time_elapsed
    Header Type: Custom
    PanOSTrafficClass
    Query Name: traffic_class
    Header Type: Custom
    PanOSTSGID
    Query Name: tsg_id
    Header Type: Custom
    cs2
    Query Name: url_category.​value
    Header Type: Predefined
    Device Vendor
    Query Name: vendor_name
    Header Type: Custom

    © 2026 Palo Alto Networks, Inc. All rights reserved.