Auth logs contain information about authentication events seen by the next-generation firewall. These occur when users access network resources which are controlled by authentication policy rules. Authentication Logs will never appear in Cortex Data Lake if the associated firewalls are not configured with authentication policies.
Authentication logs are most frequently written when the next-generation firewall is configured as a Multi-Factor Authentication gateway, and an end-user is using it to perform authentication.
See the following for information related to supported log formats:
(COUNT OF REPEATS)
(CORTEX DATA LAKE TENANT ID)
(DG HIERARCHY LEVEL 1)
(DG HIERARCHY LEVEL 2)
(DG HIERARCHY LEVEL 3)
(DG HIERARCHY LEVEL 4)
(IS DUPLICATE LOG)
(IS PRISMA NETWORKS)
(IS PRISMA USERS)
(SOURCE DEVICE CATEGORY)
(SOURCE DEVICE OS FAMILY)
(SOURCE DEVICE OS VERSION)
Time when the log was generated on the firewall's data plane. This string contains a timestamp value that is the number of microseconds since the Unix epoch.
CEF field name: start
EMAIL field name: TimeGenerated
HTTPS field name: TimeGenerated
LEEF field name: devTime
(TIME GENERATED HIGH RESOLUTION)
Time the log was generated in data plane with millisec granularity in format YYYY-MM-DDTHH:MM:SS[.DDDDDD]Z.
CEF field name: PanOSTimeGeneratedHighResolution
EMAIL field name: TimeGeneratedHighResolution
HTTPS field name: TimeGeneratedHighResolution
LEEF field name: TimeGeneratedHighResolution
Recommended For You
Recommended videos not found.