Home
EN
Location
Documentation Home
Palo Alto Networks
Support
Live Community
Knowledge Base
Clear
Log Forwarding App Schema Reference
:
Endpoint Logs
Updated on
Tue Sep 05 13:09:20 UTC 2023
Focus
Download PDF
Updated on
Tue Sep 05 13:09:20 UTC 2023
Focus
Home
Security Operations
Cortex Data Lake
Log Forwarding App Schema Reference
Endpoint Logs
Download PDF
Log Forwarding App Schema Reference
Endpoint Logs
Table of Contents
Filter
Expand all
|
Collapse all
Schema Overview
Common Logs
Audit
Audit CEF Fields
Audit EMAIL Fields
Audit HTTPS Fields
Audit LEEF Fields
Configuration
Configuration Syslog Default Field Order
Configuration CEF Fields
Configuration EMAIL Fields
Configuration HTTPS Fields
Configuration LEEF Fields
System
System Syslog Default Field Order
System CEF Fields
System EMAIL Fields
System HTTPS Fields
System LEEF Fields
Endpoint Logs
GlobalProtect App Troubleshooting
GlobalProtect App Troubleshooting Syslog Default Field Order
GlobalProtect App Troubleshooting CEF Fields
GlobalProtect App Troubleshooting EMAIL Fields
GlobalProtect App Troubleshooting HTTPS Fields
GlobalProtect App Troubleshooting LEEF Fields
Network Logs
Authentication
Authentication Syslog Default Field Order
Authentication CEF Fields
Authentication EMAIL Fields
Authentication HTTPS Fields
Authentication LEEF Fields
DNS Security
DNS Security Syslog Default Field Order
DNS Security CEF Fields
DNS Security EMAIL Fields
DNS Security HTTPS Fields
DNS Security LEEF Fields
Decryption
Decryption Syslog Default Field Order
Decryption CEF Fields
Decryption EMAIL Fields
Decryption HTTPS Fields
Decryption LEEF Fields
File
File Syslog Default Field Order
File CEF Fields
File EMAIL Fields
File HTTPS Fields
File LEEF Fields
GlobalProtect
GlobalProtect Syslog Default Field Order
GlobalProtect CEF Fields
GlobalProtect EMAIL Fields
GlobalProtect HTTPS Fields
GlobalProtect LEEF Fields
HIP Match
HIP Match Syslog Default Field Order
HIP Match CEF Fields
HIP Match EMAIL Fields
HIP Match HTTPS Fields
HIP Match LEEF Fields
IPtag
IPtag Syslog Default Field Order
IPtag CEF Fields
IPtag EMAIL Fields
IPtag HTTPS Fields
IPtag LEEF Fields
Remote Browser Isolation
SCTP
SCTP Syslog Default Field Order
SCTP CEF Fields
SCTP EMAIL Fields
SCTP HTTPS Fields
SCTP LEEF Fields
Threat
Threat Syslog Default Field Order
Threat CEF Fields
Threat EMAIL Fields
Threat HTTPS Fields
Threat LEEF Fields
Traffic
Traffic Syslog Default Field Order
Traffic CEF Fields
Traffic EMAIL Fields
Traffic HTTPS Fields
Traffic LEEF Fields
Tunnel
Tunnel Syslog Default Field Order
Tunnel CEF Fields
Tunnel EMAIL Fields
Tunnel HTTPS Fields
Tunnel LEEF Fields
URL
URL Syslog Default Field Order
URL CEF Fields
URL EMAIL Fields
URL HTTPS Fields
URL LEEF Fields
UserID
UserID Syslog Default Field Order
UserID CEF Fields
UserID EMAIL Fields
UserID HTTPS Fields
UserID LEEF Fields
Endpoint Logs
Endpoint logs are written by applications running on an endpoint.
Endpoints have the following types of logs:
GlobalProtect App Troubleshooting
Previous
System LEEF Fields
Next
GlobalProtect App Troubleshooting
Recommended For You
