System Logs are common to any product, application, or service that writes to Cortex Data Lake. These are used to record system events that occur within the writing entity. The definition of a system event will differ from one writing entity to the next, so to learn about the events that causes a system log to be written, consult the documentation for the product, application, or service that writes these logs.
For example, Palo Alto Networks next-generation firewalls write a system log any time the firewall can't reach the syslog servers, any time WildFire is updated, any time an administrator visits the Monitor tab, or whenever someone logs onto the firewall.
See the following for information related to supported log formats:
(AGENT DATA COLLECTION STATUS)
(AGENT ISOLATION STATUS)
(DG HIERARCHY LEVEL 1)
(DG HIERARCHY LEVEL 2)
(DG HIERARCHY LEVEL 3)
(DG HIERARCHY LEVEL 4)
Time when the log was generated on the firewall's data plane. This string contains a timestamp value that is the number of microseconds since the Unix epoch.
CEF field name: PanOSEventTime
EMAIL field name: EventTime
HTTPS field name: EventTime
LEEF field name: devTime
(IS DUPLICATE LOG)
(LOG SOURCE ID)
ID that uniquely identifies the source of the log. If the source is a firewall, this is its serial number. If the source is TMS, this is the trapsId.
CEF field name: deviceExternalId
EMAIL field name: LogSourceID
HTTPS field name: LogSourceID
LEEF field name: LogSourceID
(LOG SOURCE NAME)
Name of the source of the log. If the source is a firewall, this is the device_name value. If the source is TMS, this is either the customer or tenant name.
CEF field name: dvchost
EMAIL field name: LogSourceName
HTTPS field name: LogSourceName
LEEF field name: LogSourceName
Specifies the log type. Possible field values are: traffic, config, system, threat, appstat, trsum, thsum, event, alarm, hipmatch, userid, iptag, mdm, extpcap, urlsum, gtp, gtpsum, auth, panflex, extflex, sctp, sctpsum, analytics, action, scan, sam.
CEF field name: Device Event Class ID
EMAIL field name: LogType
HTTPS field name: LogType
LEEF field name: cat
(TIME GENERATED HIGH RESOLUTION)
Time the log was generated in data plane with millisec granularity in format YYYY-MM-DDTHH:MM:SS[.DDDDDD]Z.
CEF field name: PanOSTimeGeneratedHighResolution
EMAIL field name: TimeGeneratedHighResolution
HTTPS field name: TimeGeneratedHighResolution
LEEF field name: TimeGeneratedHighResolution
Recommended For You
Recommended videos not found.