File Syslog Default Field Order

Example File log in Syslog:
Oct 13 20:56:15 gke-standard-cluster-2-pool-1-6ea9f13a-fnid 394 <142>1 2020-10-13T20:56:15.519Z stream-logfwd20-156653024-10121421-eq28-harness-16kn logforwarder - panwlogs - Palo Alto Networks,​firewall,​013201004706,​PA-5220,​11122,​2019-07-03T00:36:24.000000Z,​,​3,​THREAT,​5,​file,​xxx.xx.x.xx,​00000000000000000000ffff0a0002e3,​37404,​xxx.xx.x.xx,​00000000000000000000ffff0a65025a,​25,​6,​tcp,​52100,​PNG File Upload,​PA-5220,​0,​client to server,​.D_\u001C=w\u0019ByK\u0001K\u0007N,​page-icon.png,​,​vCbg4~S8|,​hd{dM*QDo,​\"HR\u0017\u001DC(\rSZ<\",​,​3422257956016083937,​2,​Low,​Low,​uDX|F\f*A\u00074g,​0,​0,​0,​any,​4,​alert,​-6917529027641081856,​smtp,​collaboration,​3\r\n4\r\n5\r\n6\r\n7\r\n8,​,​12,​0,​0,​0,​,​xxx.xx.x.xx-xxx.xx.x.xx,​\"K\\m(+\u0018F\u0017\",​&\u0019qTt.!e|xZ\u001E?,​,​,​false,​true,​tap,​,​ethernet,​1181132783616,​0,​0,​ethernet,​1,​19,​false,​false,​false,​false,​test,​\"\u000Fw\fQO&b4g09$\",​0,​xxx.xx.x.xx,​00000000000000000000ffff00000000,​0,​xxx.xx.x.xx,​00000000000000000000ffff00000000,​0,​ethernet,​1181132783616,​0,​0,​ethernet,​1,​19,​0,​1970-01-01T00:00:00.000000Z,​9,​5,​dg-log-policy,​,​false,​6708774908183346528,​4016143,​\"EFX4\u0010Mb'\u001D\u001B\",​xxx.xx.x.xx-xxx.xx.x.xx,​,​\"u\u001BA\u0006\u0011?<m_o\tR\u001E\",​>$BOg]Z5,​,​email,​client-server,​2019-07-31T06:06:06.000000Z,​tap,​0,​N/A,​untunneled,​0,​xxx.xx.x.xx,​1,​smtp,​OSC\u0013%6$\u0002f,​8192,​false,​false,​false,​false,​false,​false,​false,​false,​false,​false,​false,​false,​false,​false,​false,​false,​false,​,​-1322647286,​,​,​\"}Irh!C}\u000B\u000FE\r\u0016IPP\",​,​\"\u0016AJ>E~a`\u000F\u0013:Hfw(\",​,​,​,​\"\u0013)\u000Bj)(\u0018cX<\u0012\",​,​,​28$ffo\u0017v&,​,​,​,​\"[4\u000FBO?\"\"w_\u0010\tD\",​,​\"p5#/\t\u0004e\u0006\",​,​,​\"\u000BO#<L5dFMN\u0015l\u001C\",​\"\u001750g=\u0011'\u0000U\u000EM! \",​\"\u0017w>/l9kC??\",​,​,​\"6\u001D:_\u0018'n\u001B\",​,​,​,​\"\"\"*ZdS\u0001/\u0012A^S\",​,​,​\"\u0013Ifte\u0006nk\u001EsX\",​,​,​true,​false,​oLyqAH\u00079,​,​,​,​
The following identifies the fields contained by default when you forward logs to a syslog receiver. The fields are identified in the default order that they appear in each log line.
HEADER, log_time, log_source_id, log_type.​value, sub_type.​value, config_version.​value, time_generated, source_ip.​value, dest_ip.​value, nat_source.​value, nat_dest.​value, rule_matched, source_user, dest_user, app, vsys, from_zone, to_zone, inbound_if.​value, outbound_if.​value, log_set, EMPTY, session_id, count_of_repeats, source_port, dest_port, nat_source_port, nat_dest_port, flags, protocol.​value, action.​value, file_name, file_id, url_category.​value, vendor_severity.​value, direction_of_attack.​value, sequence_no, action_flags, source_location, dest_location, EMPTY, EMPTY, pcap_id, file_sha_256, EMPTY, EMPTY, EMPTY, EMPTY, EMPTY, EMPTY, EMPTY, EMPTY, EMPTY, report_id, dg_hier_level_1, dg_hier_level_2, dg_hier_level_3, dg_hier_level_4, vsys_name, log_source_name, EMPTY, source_uuid, dest_uuid, EMPTY, tunnelid_imsi, monitor_tag_imei, parent_session_id, parent_start_time, tunnel.​value, EMPTY, content_version, sig_flags, EMPTY, EMPTY, EMPTY, EMPTY, rule_matched_uuid, http2_connection, dynusergroup_name, xff_ip.​value, source_device_category, source_device_profile, source_device_model, source_device_vendor, source_device_osfamily, source_device_osversion, source_device_host, source_device_mac, dest_device_category, dest_device_profile, dest_device_model, dest_device_vendor, dest_device_osfamily, dest_device_osversion, dest_device_host, dest_device_mac, container_id, pod_namespace, pod_name, source_edl, dest_edl, gp_host_id, endpoint_serial_number, domain_edl, source_dynamic_address_group, dest_dynamic_address_group, partial_hash, time_generated_high_res, reason_data_filtering, justification, nssai_network_slice_type.​value

Recommended For You