GlobalProtect App Troubleshooting CEF Fields

The following table identifies the GlobalProtect App Troubleshooting field names that the Log Forwarding app uses when you forward logs using the CEF log format.
CEF Name
Field Details
PanOSAppTampered
Query Name:
app_tampered
Header Type:
Custom
PanOSCaptivePortal
Query Name:
captive_portal
Header Type:
Custom
PanOSCPUUsage
Query Name:
cpu_usage
Header Type:
Custom
PanOSGlobalProtectCPUUsage
Query Name:
cpu_usage_gp
Header Type:
Custom
PanOSCrashHistory
Query Name:
crash_history
Header Type:
Custom
PanOSDebugLogFile
Header Type:
Custom
PanOSDisableHistory
Query Name:
disable_history
Header Type:
Custom
PanOSDiskAvailable
Query Name:
disk_available
Header Type:
Custom
PanOSTotalDiskSpace
Query Name:
disk_total
Header Type:
Custom
PanOSDNSReachable
Query Name:
dns_reachable
Header Type:
Custom
PanOSDualStackTunnelInterface
Query Name:
dual_stack_network
Header Type:
Custom
PanOSEnforcerStatus
Query Name:
enforcer_status
Header Type:
Custom
reason
Query Name:
error
Header Type:
Predefined
Max Length:
1023
PanOSErrorDetails
Query Name:
error_details
Header Type:
Custom
PanOSErrorStage
Query Name:
error_stage
Header Type:
Custom
start
Query Name:
error_time
Header Type:
Predefined
PanOSGlobalProtectMTU
Query Name:
gp_mtu
Header Type:
Custom
PanOSGlobalProtectVersion
Query Name:
gp_version
Header Type:
Custom
PanOSGatewayAddress
Query Name:
gw_address
Header Type:
Custom
PanOSAttemptedGateways
Query Name:
gw_attempted
Header Type:
Custom
PanOSGatewayAuthentication
Query Name:
gw_auth
Header Type:
Custom
PanOSGatewayConfigurationName
Query Name:
gw_config_name
Header Type:
Custom
PanOSDLSAstatus
Query Name:
gw_dlsa_enabled
Header Type:
Custom
PanOSFallbacktoSSLReason
Header Type:
Custom
PanOSIPSecEnabled
Query Name:
gw_ipsec_enabled
Header Type:
Custom
PanOSIPSecFailureReason
Header Type:
Custom
PanOSJitter
Query Name:
gw_jitter
Header Type:
Custom
PanOSLatency
Query Name:
gw_latency
Header Type:
Custom
PanOSLocation
Query Name:
gw_location
Header Type:
Custom
PanOSGatewayLogoutTime
Query Name:
gw_logout_time
Header Type:
Custom
PanOSPacketLoss
Query Name:
gw_packet_loss
Header Type:
Custom
PanOSGatewayReachable
Query Name:
gw_reachable
Header Type:
Custom
PanOSGatewaySSLCertificateValid
Query Name:
gw_server_cert
Header Type:
Custom
PanOSSSLFailureReason
Header Type:
Custom
PanOSGatewayStatus
Query Name:
gw_status
Header Type:
Custom
PanOSTunnelRename
Query Name:
gw_tunnel_renamed
Header Type:
Custom
PanOSPrivileges
Query Name:
has_privileges
Header Type:
Custom
dtz
Header Type:
Predefined
Max Length:
255
PanOSHostID
Query Name:
host_id
Header Type:
Custom
dvchost
Query Name:
host_name
Header Type:
Predefined
Max Length:
100
PanOSInstallHistory
Query Name:
install_history
Header Type:
Custom
PanOSInternalNetwork
Query Name:
internal_network
Header Type:
Custom
PanOSInternetAccess
Query Name:
internet_access
Header Type:
Custom
PanOSJailbrokenStatus
Query Name:
jail_broken
Header Type:
Custom
PanOSLastHIPReportTime
Header Type:
Custom
PanOSLastLogoutTime
Query Name:
last_logout_time
Header Type:
Custom
PanOSLocale
Query Name:
locale
Header Type:
Custom
Device Event Class ID
Query Name:
log_type.​value
Header Type:
Custom
PanOSTotalMemory
Query Name:
memory_total
Header Type:
Custom
PanOSMemoryUsage
Query Name:
memory_usage
Header Type:
Custom
PanOSGlobalProtectMemoryUsage
Query Name:
memory_usage_gp
Header Type:
Custom
PanOSNetworkAccess
Query Name:
network_access
Header Type:
Custom
PanOSPortalGatewayLatency
Query Name:
network_latency
Header Type:
Custom
PanOSType
Query Name:
network_type
Header Type:
Custom
PanOSOperatingSystem
Query Name:
os
Header Type:
Custom
PanOSPortalAddress
Query Name:
portal_address
Header Type:
Custom
PanOSPortalAuthentication
Query Name:
portal_auth
Header Type:
Custom
PanOSCachedConfiguration
Header Type:
Custom
PanOSPortalConfigurationName
Query Name:
portal_config_name
Header Type:
Custom
PanOSConfigurationRefresh
Header Type:
Custom
flexDate1
Header Type:
Predefined
Label:
flexDate1Label
Label Text:
Last Connect Time
PanOSPortalReachable
Query Name:
portal_reachable
Header Type:
Custom
PanOSPortalSSLCertificateValid
Query Name:
portal_server_cert
Header Type:
Custom
PanOSPortalStatus
Query Name:
portal_status
Header Type:
Custom
PanOSProxyServer
Query Name:
proxy_server
Header Type:
Custom
rt
Query Name:
report_id
Header Type:
Predefined
PanOSReportID
Query Name:
report_time
Header Type:
Custom
Name
Query Name:
report_type
Header Type:
Custom
deviceExternalId
Query Name:
serial_number
Header Type:
Predefined
Max Length:
255
PanOSServerPerformance
Query Name:
server_performance
Header Type:
Custom
PanOSSplit-tunnelconfiguration
Header Type:
Custom
PanOSUserComment
Query Name:
user_comment
Header Type:
Custom
PanOSUsername
Query Name:
user_name
Header Type:
Custom

Recommended For You