Table of Contents
Expand all | Collapse all
- Schema Overview
String of all gateways that were available and attempted for the client location. Contains gateway name, ssl response time, and priority, separated by a semicolon.
CEF field name: PanOSAttemptedGateways
EMAIL field name: AttemptedGateways
HTTPS field name: AttemptedGateways
LEEF field name: AttemptedGateways
(COUNT OF REPEATS)
(DG HIERARCHY LEVEL 1)
(DG HIERARCHY LEVEL 2)
(DG HIERARCHY LEVEL 3)
(DG HIERARCHY LEVEL 4)
(GLOBALPROTECT CLIENT VERSION)
(GATEWAY SELECTION TYPE)
(GLOBALPROTECT GATEWAY LOCATION)
(IS DUPLICATE LOG)
(IS PRISMA NETWORKS)
(IS PRISMA USERS)
ID that uniquely identifies the source of the log. That is, the serial number of the firewall that generated the log.
If the log is generated by Prisma Access, the serial number is not displayed.
CEF field name: deviceExternalID
EMAIL field name: DeviceSN
HTTPS field name: DeviceSN
LEEF field name: DeviceSN
Time when the log was generated on the firewall's data plane. This string contains a timestamp value that is the number of microseconds since the Unix epoch.
CEF field name: start
EMAIL field name: TimeGenerated
HTTPS field name: TimeGenerated
LEEF field name: devTime
(TIME GENERATED HIGH RESOLUTION)
Time the log was generated in data plane with millisec granularity in format YYYY-MM-DDTHH:MM:SS[.DDDDDD]Z.
CEF field name: PanOSTimeGeneratedHighResolution
EMAIL field name: TimeGeneratedHighResolution
HTTPS field name: TimeGeneratedHighResolution
LEEF field name: TimeGeneratedHighResolution