GlobalProtect Syslog Default Field Order

Example GlobalProtect log in Syslog:
Oct 13 01:22:41 gke-standard-cluster-2-pool-1-6ea9f13a-g2z7 848 <142>1 2020-10-13T01:22:40.959Z stream-logfwd20-156653024-10121421-eq28-harness-16kn logforwarder - panwlogs - 1,​2020-10-13T01:22:32.000000Z,​007051000113358,​GLOBALPROTECT,​globalprotect,​10.0,​2020-10-13T01:22:06.000000Z,​vsys1,​gateway-switch-to-ssl,​before-login,​SAML,​ipsec,​xxxxx\xxxxx xxxxx,​FI,​machine_name3,​xxx.xx.x.xx,​::c307:39c8:ffff:0,​xxx.xx.x.xx,​::f32b:d251:ffff:0,​67:11:5a:e2:d2:32,​serialno_list-1,​66567,​Intel Mac OS,​9.3.5,​16777216,​Admin,​,​opaque_list-0,​success,​San Francisco,​1,​connect_method_list-2,​0,​portal_list-2,​557533,​-9223372036854775808,​2020-10-13T01:22:07.388000Z,​select_type-0,​50055,​medium,​"gateway-5,​925,​1;gateway-4,​196,​2;gateway-5,​583,​1;gateway-4,​996,​5;gateway-1,​442,​2;gateway-6,​121,​4;gateway-0,​16,​1;gateway-6,​173,​0;gateway-2,​753,​0;gateway-6,​651,​0;gateway-3,​602,​3;gateway-1,​55,​0;gateway-1,​384,​2;gateway-4,​871,​3;gateway-3,​546,​5;",​
The following identifies the fields contained by default when you forward logs to a syslog receiver. The fields are identified in the default order that they appear in each log line.

Recommended For You