GlobalProtect App Troubleshooting CEF Fields
Table of Contents
GlobalProtect App Troubleshooting CEF Fields
The following table identifies the GlobalProtect App Troubleshooting field names that the Log Forwarding app
uses when you forward logs using the CEF log format.
CEF Name
|
Field Details
|
|---|---|
PanOSAppTampered
| Query Name: app_tamperedHeader Type: Custom |
PanOSCaptivePortal
| Query Name: captive_portalHeader Type: Custom |
PanOSCPUUsage
| Query Name: cpu_usageHeader Type: Custom |
PanOSGlobalProtectCPUUsage
| Query Name: cpu_usage_gpHeader Type: Custom |
PanOSCrashHistory
| Query Name: crash_historyHeader Type: Custom |
PanOSDebugLogFile
| Query Name: debug_log_file_nameHeader Type: Custom |
PanOSDisableHistory
| Query Name: disable_historyHeader Type: Custom |
PanOSDiskAvailable
| Query Name: disk_availableHeader Type: Custom |
PanOSTotalDiskSpace
| Query Name: disk_totalHeader Type: Custom |
PanOSDNSReachable
| Query Name: dns_reachableHeader Type: Custom |
PanOSDualStackTunnelInterface
| Query Name: dual_stack_networkHeader Type: Custom |
PanOSEnforcerStatus
| Query Name: enforcer_statusHeader Type: Custom |
reason
| |
PanOSErrorDetails
| Query Name: error_detailsHeader Type: Custom |
PanOSErrorStage
| Query Name: error_stageHeader Type: Custom |
start
| Query Name: error_timeHeader Type: Predefined |
PanOSGlobalProtectMTU
| Query Name: gp_mtuHeader Type: Custom |
PanOSGlobalProtectVersion
| Query Name: gp_versionHeader Type: Custom |
PanOSGatewayAddress
| Query Name: gw_addressHeader Type: Custom |
PanOSAttemptedGateways
| Query Name: gw_attemptedHeader Type: Custom |
PanOSGatewayAuthentication
| Query Name: gw_authHeader Type: Custom |
PanOSGatewayConfigurationName
| Query Name: gw_config_nameHeader Type: Custom |
PanOSDLSAstatus
| Query Name: gw_dlsa_enabledHeader Type: Custom |
PanOSFallbacktoSSLReason
| Query Name: gw_fall_back_to_sslHeader Type: Custom |
PanOSIPSecEnabled
| Query Name: gw_ipsec_enabledHeader Type: Custom |
PanOSIPSecFailureReason
| Query Name: gw_ipsec_failure_reasonHeader Type: Custom |
PanOSJitter
| Query Name: gw_jitterHeader Type: Custom |
PanOSLatency
| Query Name: gw_latencyHeader Type: Custom |
PanOSLocation
| Query Name: gw_locationHeader Type: Custom |
PanOSGatewayLogoutTime
| Query Name: gw_logout_timeHeader Type: Custom |
PanOSPacketLoss
| Query Name: gw_packet_lossHeader Type: Custom |
PanOSGatewayReachable
| Query Name: gw_reachableHeader Type: Custom |
PanOSGatewaySSLCertificateValid
| Query Name: gw_server_certHeader Type: Custom |
PanOSSSLFailureReason
| Query Name: gw_ssl_failure_reasonHeader Type: Custom |
PanOSGatewayStatus
| Query Name: gw_statusHeader Type: Custom |
PanOSTunnelRename
| Query Name: gw_tunnel_renamedHeader Type: Custom |
PanOSPrivileges
| Query Name: has_privilegesHeader Type: Custom |
dtz
| |
PanOSHostID
| Query Name: host_idHeader Type: Custom |
dvchost
| |
PanOSInstallHistory
| Query Name: install_historyHeader Type: Custom |
PanOSInternalNetwork
| Query Name: internal_networkHeader Type: Custom |
PanOSInternetAccess
| Query Name: internet_accessHeader Type: Custom |
PanOSJailbrokenStatus
| Query Name: jail_brokenHeader Type: Custom |
PanOSLastHIPReportTime
| Query Name: last_hip_report_timeHeader Type: Custom |
PanOSLastLogoutTime
| Query Name: last_logout_timeHeader Type: Custom |
PanOSLocale
| Query Name: localeHeader Type: Custom |
Device Event Class ID
| Query Name: log_type.valueHeader Type: Custom |
PanOSTotalMemory
| Query Name: memory_totalHeader Type: Custom |
PanOSMemoryUsage
| Query Name: memory_usageHeader Type: Custom |
PanOSGlobalProtectMemoryUsage
| Query Name: memory_usage_gpHeader Type: Custom |
PanOSNetworkAccess
| Query Name: network_accessHeader Type: Custom |
PanOSPortalGatewayLatency
| Query Name: network_latencyHeader Type: Custom |
PanOSType
| Query Name: network_typeHeader Type: Custom |
PanOSOperatingSystem
| Query Name: osHeader Type: Custom |
PanOSPanoramaSN
| Query Name: panorama_serialHeader Type: Custom |
PanOSPortalAddress
| Query Name: portal_addressHeader Type: Custom |
PanOSPortalAuthentication
| Query Name: portal_authHeader Type: Custom |
PanOSCachedConfiguration
| Query Name: portal_cached_configHeader Type: Custom |
PanOSPortalConfigurationName
| Query Name: portal_config_nameHeader Type: Custom |
PanOSConfigurationRefresh
| Query Name: portal_config_refreshHeader Type: Custom |
flexDate1
| Query Name: portal_last_connect_timeHeader Type: PredefinedLabel: flexDate1LabelLabel Text: Last Connect Time |
PanOSPortalReachable
| Query Name: portal_reachableHeader Type: Custom |
PanOSPortalSSLCertificateValid
| Query Name: portal_server_certHeader Type: Custom |
PanOSPortalStatus
| Query Name: portal_statusHeader Type: Custom |
PanOSProxyServer
| Query Name: proxy_serverHeader Type: Custom |
rt
| Query Name: report_idHeader Type: Predefined |
PanOSReportID
| Query Name: report_timeHeader Type: Custom |
Name
| Query Name: report_typeHeader Type: Custom |
deviceExternalId
| |
PanOSServerPerformance
| Query Name: server_performanceHeader Type: Custom |
PanOSSplit-tunnelconfiguration
| Query Name: split_tunnel_statusHeader Type: Custom |
PanOSUserComment
| Query Name: user_commentHeader Type: Custom |
PanOSUsername
| Query Name: user_nameHeader Type: Custom |