Configuration LEEF Fields

Example Configuration log in LEEF:
Sep 21 02:01:01 gke-standard-cluster-2-pool-3-f004381a-0gw6 732 <14>1 2021-09-21T02:01:01.316Z stream-logfwd20-d324e775--09201841-lxtx-harness-0cc4 logforwarder - panwlogs - LEEF:2.0|Palo Alto Networks|Next Generation Firewall|10.1|general| |profileToken=Palotoken devTimeFormat=YYYY-MM-DDTHH:MM:SSZ
The following table identifies the Configuration field names that the Log Forwarding app uses when you forward logs using the LEEF log format.
When you create a syslog forwarding profile , you can optionally create a profile token that the Log Forwarding app uses when it sends logs to the syslog server. If you configure a profile token, it appears in the log line immediately after the log type information (for example,
TRAFFIC
,
THREAT
,
HIPMATCH
, and so forth). The token will appear on a parameter called
profileToken
.
LEEF Name
Query Name
Field Type
AdminUsername
Custom
AdminUserDomain
Custom
AdminUserName
Custom
AdminUserUUID
Custom
Client
Custom
ConfigVersion
Custom
TenantID
Custom
DeviceGroup
Custom
DGHierarchyLevel1
Custom
DGHierarchyLevel2
Custom
DGHierarchyLevel3
Custom
DGHierarchyLevel4
Custom
IPaddress
Custom
EventDescription
Custom
EventDetails
Custom
EventID
Header
EventPath
Custom
EventID
Header
devTime
Predefined
IsDuplicateLog
Custom
LogExported
Custom
IsPrismaNetwork
Custom
IsPrismaUsers
Custom
LogCategory
Custom
LogSource
Custom
LogSourceID
Custom
LogSourceName
Custom
LogSourceTimeZoneOffset
Custom
LogTime
Custom
cat
Predefined
SequenceNo
Custom
Severity
Custom
SubType
Custom
Template
Custom
TimeGeneratedHighResolution
Custom
Vendor
Header
VendorSeverity
Custom
VirtualLocation
Custom
VirtualSystemID
Custom
VirtualSystemName
Custom

Recommended For You