Schema Overview
Log data stored in Palo Alto Networks
are defined by their
log type and field definitions. Collectively, this is called the
schema.
You can query for log records stored in Palo Alto Networks . Logs
can be written to the data lake by many different appliances and applications. This book
describes the logs and log fields that you can retrieve and forward.
In November 2020, log forwarding underwent an upgrade. Log
forwarding profiles created before the upgrade were migrated to the new version. The
default syslog field order described in this guide applies only to log filters that were
migrated from the previous version. For log filters created since the migration, you
specify field order using the columns when you add a log filter.
Palo Alto Networks® doesn't provide direct API access
for log retrieval. To meet your log delivery requirements, use log
forwarding to send data to your external logging infrastructure. This
ensures you can centralize monitoring and maintain long-term data retention
across your network. The API Explorer is deprecated. Use the log forwarding
instead.
For information on how to retrieve log records, see
Explore Logs.
You can work with log records in the following categories:
