Traffic Syslog Default Field Order
Table of Contents
Traffic Syslog Default Field Order
Example Traffic log in Syslog:
Oct 12 21:28:47 gke-standard-cluster-2-pool-1-6ea9f13a-moqf 953 <142>1 2020-10-12T21:28:47.110Z stream-logfwd20-156653024-10121421-eq28-harness-16kn logforwarder - panwlogs - 1,2020-10-12T21:28:42.000000Z,007051000113358,TRAFFIC,start,10.0,2020-10-12T19:56:43.000000Z,xxx.xx.x.xx,xxx.xx.x.xx,xxx.xx.x.xx,xxx.xx.x.xx,allow-all-employees,"xxxxx\xxxxx o"xxxxxxxxxx"'"xxxxxxxxxx"test",,psiphon,vsys1,ethernet4Zone-test2,partners,,,rs-logging,,371791,1,26367,21078,5556,16804,2048,tcp,allow,1230723,526649,704074,2229,2020-10-12T19:56:14.000000Z,40,any,,563731018,-9223372036854775808,BR,AU,,1237,992,unknown,0,0,0,0,,PA-VM,unknown,,,0,,0,2020-10-12T19:56:14.000000Z,GTP-U-TCI,-2522015791327477700,2295,729,1566,75fd49ee-9899-4257-94f3-54abc79faa5a,424809,0,,,,,,,dynug-1-test,xxx.xx.x.xx,X-Phone,x-profile,Note 4G,Lenovo,K6,Android v9,pan-505,596703749274,X-Phone,x-profile,MI,Xiaomi,A1,Android v9.1,pan-622,620797415366,1873cc5c-0d31,pns_default,pan-dp-77754f4,,,5050505050,LN0000001,,,session_owner-0,2020-10-12T19:56:44.728000Z,c6,122f7
The following identifies the default field order for filters
migrated from an earlier version of the log forwarding application.
For log filters created after that migration, you specify the field order when you
create a log filter
by specifying the columns you want to receive.
The fields are identified in the default order that they appear in each log
line.
HEADER, log_time, log_source_id, log_type.value, sub_type.value, config_version.value, time_generated, source_ip.value, dest_ip.value, nat_source.value, nat_dest.value, rule_matched, source_user, dest_user, app, vsys, from_zone, to_zone, inbound_if.value, outbound_if.value, log_set, EMPTY, session_id, count_of_repeats, source_port, dest_port, nat_source_port, nat_dest_port, flags, protocol.value, action.value, bytes_total, bytes_sent, bytes_received, packets_total, session_start_time, total_time_elapsed, url_category.value, EMPTY, sequence_no, action_flags, source_location, dest_location, EMPTY, packets_sent, packets_received, session_end_reason.value, dg_hier_level_1, dg_hier_level_2, dg_hier_level_3, dg_hier_level_4, vsys_name, log_source_name, action_source.value, source_uuid, dest_uuid, tunnelid_imsi, monitor_tag_imei, parent_session_id, parent_start_time, tunnel.value, ep_assoc_id, chunks_total, chunks_sent, chunks_received, rule_matched_uuid, http2_connection, link_change_count, policy_id, link_switches, sdwan_cluster, sdwan_device_type, sdwan_cluster_type, sdwan_site, dynusergroup_name, xff_ip.value, source_device_category, source_device_profile, source_device_model, source_device_vendor, source_device_osfamily, source_device_osversion, source_device_host, source_device_mac, dest_device_category, dest_device_profile, dest_device_model, dest_device_vendor, dest_device_osfamily, dest_device_osversion, dest_device_host, dest_device_mac, container_id, pod_namespace, pod_name, source_edl, dest_edl, host_id, endpoint_serial_number, source_dynamic_address_group, dest_dynamic_address_group, ha_session_owner, time_generated_high_res, nssai_network_slice_type.value, nssai_network_slice_differentiator.value