GlobalProtect App Troubleshooting LEEF Fields

The following table identifies the GlobalProtect App Troubleshooting field names that the Log Forwarding app uses when you forward logs using the LEEF log format.
When you create a syslog forwarding profile , you can optionally create a profile token that the Log Forwarding app uses when it sends logs to the syslog server. If you configure a profile token, it appears in the log line immediately after the log type information (for example,
TRAFFIC
,
THREAT
,
HIPMATCH
, and so forth). The token will appear on a parameter called
profileToken
.
LEEF Name
Query Name
Field Type
AppTampered
Custom
CaptivePortal
Custom
CPUUsage
Custom
GlobalProtectCPUUsage
Custom
CrashHistory
Custom
DebugLogFile
Custom
DisableHistory
Custom
DiskAvailable
Custom
TotalDiskSpace
Custom
DNSReachable
Custom
DualStackTunnelInterface
Custom
EnforcerStatus
Custom
ErrorMessage
Custom
ErrorDetails
Custom
ErrorStage
Custom
ErrorGeneratedTime
Custom
GlobalProtectMTU
Custom
GlobalProtectVersion
Custom
GatewayAddress
Custom
AttemptedGateways
Custom
GatewayAuthentication
Custom
GatewayConfigurationName
Custom
DLSAstatus
Custom
FallbacktoSSLReason
Custom
IPSecEnabled
Custom
IPSecFailureReason
Custom
Jitter
Custom
Latency
Custom
Location
Custom
GatewayLogoutTime
Custom
PacketLoss
Custom
GatewayReachable
Custom
GatewaySSLCertificateValid
Custom
SSLFailureReason
Custom
GatewayStatus
Custom
TunnelRename
Custom
Privileges
Custom
HostTimeOffset
Custom
HostID
Custom
identHostName
Predefined
InstallHistory
Custom
InternalNetwork
Custom
InternetAccess
Custom
JailbrokenStatus
Custom
LastHIPReportTime
Custom
LastLogoutTime
Custom
Locale
Custom
cat
Predefined
TotalMemory
Custom
MemoryUsage
Custom
GlobalProtectMemoryUsage
Custom
NetworkAccess
Custom
PortalGatewayLatency
Custom
Type
Custom
OperatingSystem
os
Custom
PortalAddress
Custom
PortalAuthentication
Custom
CachedConfiguration
Custom
PortalConfigurationName
Custom
ConfigurationRefresh
Custom
LastConnectTime
Custom
PortalReachable
Custom
PortalSSLCertificateValid
Custom
PortalStatus
Custom
ProxyServer
Custom
devTime
Predefined
ReportID
Custom
EventID
Header
SerialNumber
Custom
ServerPerformance
Custom
Split-tunnelconfiguration
Custom
UserComment
Custom
usrName
Predefined

Recommended For You