Table of Contents
Expand all | Collapse all
- Schema Overview
- Remote Browser Isolation
Contains entries for Stream Control Transmission Protocol (SCTP) traffic. See RFC 4960 for a description of this protocol.
SCTP logs are a special type of traffic log. They are written at the end of every SCTP network session, as well as optionally at the start of every such session.
See the following for information related to supported log formats:
(ASSOCATION END REASON)
The reason the session terminated. If the termination had multiple reasons, only the highest priority reason is identified here.
CEF field name: PanOSAssocationEndReason
EMAIL field name: AssocationEndReason
HTTPS field name: AssocationEndReason
LEEF field name: AssocationEndReason
(CORTEX DATA LAKE TENANT ID)
(DESTINATION DYNAMIC ADDRESS GROUP)
The dynamic address group that Device-ID identifies as the destination for the traffic.
CEF field name: PanOSDestinationDynamicAddressGroup
EMAIL field name: DestinationDynamicAddressGroup
HTTPS field name: DestinationDynamicAddressGroup
LEEF field name: DestinationDynamicAddressGroup
(DG HIERARCHY LEVEL 1)
(DG HIERARCHY LEVEL 2)
(DG HIERARCHY LEVEL 3)
(DG HIERARCHY LEVEL 4)
(ENDPOINT ASSOCIATION ID)
(INBOUND INTERFACE DETAILS PORT)
(INBOUND INTERFACE DETAILS SLOT)
(INBOUND INTERFACE DETAILS TYPE)
(IS DUPLICATE LOG)
(IS PRISMA USERS)
ID that uniquely identifies the source of the log. That is, the serial number of the firewall that generated the log.
If the log is generated by Prisma Access, the serial number is not displayed.
CEF field name: deviceExternalId
EMAIL field name: DeviceSN
HTTPS field name: DeviceSN
LEEF field name: DeviceSN
(OUTBOUND INTERFACE DETAILS PORT)
(OUTBOUND INTERFACE DETAILS SLOT)
(OUTBOUND INTERFACE DETAILS TYPE)
(PAYLOAD PROTOCOL ID)
(SCCP CALLING SSN)
(SOURCE DYNAMIC ADDRESS GROUP)
Time when the log was generated on the firewall's data plane. This string contains a timestamp value that is the number of microseconds since the Unix epoch.
CEF field name: start
EMAIL field name: TimeGenerated
HTTPS field name: TimeGenerated
LEEF field name: devTime
(TIME GENERATED HIGH RESOLUTION)
Time the log was generated in data plane with millisec granularity in format YYYY-MM-DDTHH:MM:SS[.DDDDDD]Z.
CEF field name: PanOSTimeGeneratedHighResolution
EMAIL field name: TimeGeneratedHighResolution
HTTPS field name: TimeGeneratedHighResolution
LEEF field name: TimeGeneratedHighResolution