DNS Security CEF Fields

The following table identifies the DNS Security field names that the Log Forwarding app uses when you forward logs using the CEF log format.
CEF Name
Field Details
act
Query Name:
action.​value
Header Type:
Predefined
Max Length:
63
PanOSCortexDataLakeTenantID
Query Name:
customer_id
Header Type:
Custom
PanOSDNSResolverIP
Query Name:
dest_ip.​value
Header Type:
Custom
PanOSDNSResponse
Query Name:
dns_response
Header Type:
Custom
PanOSDNSResponseCode
Query Name:
dns_response_code
Header Type:
Custom
duser
Query Name:
dst_user
Header Type:
Predefined
Max Length:
1023
cs5
Query Name:
dst_zone
Header Type:
Predefined
Max Length:
4000
request
Query Name:
fqdn
Header Type:
Predefined
Max Length:
1023
cs4
Query Name:
from_zone
Header Type:
Predefined
Max Length:
4000
PanOSThreatID
Query Name:
gtid
Header Type:
Custom
PanOSLogSource
Query Name:
log_source
Header Type:
Custom
deviceExternalID
Query Name:
log_source_id
Header Type:
Predefined
Max Length:
255
rt
Query Name:
log_time
Header Type:
Predefined
DeviceEventClassID
Query Name:
log_type.​value
Header Type:
Custom
PanOSDNSSecuityVersion
Query Name:
protocol
Header Type:
Custom
PanOSRecordType
Query Name:
record_type
Header Type:
Custom
src
Query Name:
source_ip.​value
Header Type:
Predefined
suser
Query Name:
source_user
Header Type:
Predefined
Max Length:
1023
Name
Query Name:
sub_type.​value
Header Type:
Custom
cat
Query Name:
threat_name
Header Type:
Predefined
Max Length:
1023
start
Query Name:
time_generated
Header Type:
Predefined
cn3
Query Name:
total_time_elapsed
Header Type:
Predefined
Device Vendor
Query Name:
vendor_name
Header Type:
Custom
PanOSDNSCategory
Query Name:
verdict.​value
Header Type:
Custom

Recommended For You