System EMAIL Fields

Example System log in EMAIL:
LogTime=2021-02-22T06:00:54.000000Z LogSourceID=xxxxxxxxxxxxxx LogType=SYSTEM Subtype=general ConfigVersion=0.0 VirtualSystemID=0 AgentTimeZoneOffset= AgentVersion= EndpointCPUArchitecture= EndpointDeviceDomain= EndpointDeviceName= EndpointIPaddress= EndpointOSType= EndpointOSVersion= EndpointUserDomain= EndpointUserName=xxxxx EndpointUserUUID= IsDuplicateLog=false IsPrismaNetwork=false IsPrismaUsers=false LogCategory= LogExported=false LogForwarded=true LogSource=firewall LogSourceTimeZoneOffset= Severity=Informational TenantID=xxxxxxxxxxxxx TimeGeneratedHighResolution=2021-02-22T06:00:46.000000Z VDIEndpoint= VendorName=Palo Alto Networks AgentStatus= AgentDataCollectionStatus= AgentID= AgentIsolationStatus= AgentContentVersion= EventTime=2021-02-22T06:00:46.000000Z VirtualLocation= EventName=general EventComponent= VendorSeverity=Informational EventDescription=WildFire version 559357-566509 downloaded by Auto update agent SequenceNo=30904438 DGHierarchyLevel1=0 DGHierarchyLevel2=0 DGHierarchyLevel3=0 DGHierarchyLevel4=0 VirtualSystemName= LogSourceName=xxxxx DeviceGroup= Template=
The following table identifies the System field names that the Log Forwarding app uses when you forward logs using the EMAIL log format.
EMAIL Name
Query Name
AgentContentVersion
AgentDataCollectionStatus
AgentID
AgentIsolationStatus
AgentStatus
AgentVersion
ConfigVersion
TenantID
DeviceGroup
DGHierarchyLevel1
DGHierarchyLevel2
DGHierarchyLevel3
DGHierarchyLevel4
EndpointCPUArchitecture
EndpointDeviceDomain
EndpointDeviceName
EndpointIPaddress
VDIEndpoint
EndpointOSType
EndpointOSVersion
AgentTimeZoneOffset
EndpointUserDomain
EndpointUserName
EndpointUserUUID
EventComponent
EventDescription
EventName
EventTime
IsDuplicateLog
LogExported
LogForwarded
IsPrismaNetwork
IsPrismaUsers
LogCategory
LogSource
LogSourceID
LogSourceName
LogSourceTimeZoneOffset
LogTime
LogType
SequenceNo
Severity
Subtype
Template
TimeGeneratedHighResolution
VendorName
VendorSeverity
VirtualLocation
VirtualSystemID
VirtualSystemName

Recommended For You