GlobalProtect logs identify network traffic between a GlobalProtect portal or gateway, and GlobalProtect apps.
See the following for information related to supported log formats:
String of all gateways that were available and attempted for the client location. Contains gateway name, ssl response time, and priority, separated by a semicolon.
CEF field name: PanOSAttemptedGateways
EMAIL field name: AttemptedGateways
HTTPS field name: AttemptedGateways
LEEF field name: AttemptedGateways
(COUNT OF REPEATS)
(DG HIERARCHY LEVEL 1)
(DG HIERARCHY LEVEL 2)
(DG HIERARCHY LEVEL 3)
(DG HIERARCHY LEVEL 4)
(GLOBALPROTECT CLIENT VERSION)
(GATEWAY SELECTION TYPE)
(GLOBALPROTECT GATEWAY LOCATION)
(IS DUPLICATE LOG)
(IS PRISMA NETWORKS)
(IS PRISMA USERS)
Time when the log was generated on the firewall's data plane. This string contains a timestamp value that is the number of microseconds since the Unix epoch.
CEF field name: start
EMAIL field name: TimeGenerated
HTTPS field name: TimeGenerated
LEEF field name: devTime
(TIME GENERATED HIGH RESOLUTION)
Time the log was generated in data plane with millisec granularity in format YYYY-MM-DDTHH:MM:SS[.DDDDDD]Z.
CEF field name: PanOSTimeGeneratedHighResolution
EMAIL field name: TimeGeneratedHighResolution
HTTPS field name: TimeGeneratedHighResolution
LEEF field name: TimeGeneratedHighResolution
Recommended For You
Recommended videos not found.