Tunnel EMAIL Fields

Example Tunnel log in EMAIL:
TimeReceived=2021-02-23T01:55:36.000000Z DeviceSN=xxxxxxxxxxxxx LogType=GTP Subtype=end ConfigVersion=10.0 TimeGenerated=2021-02-23T01:55:26.000000Z SourceAddress=xxx.xx.x.xx DestinationAddress=xxx.xx.x.xx NATSource=xxx.xx.x.xx NATDestination=xxx.xx.x.xx Rule=allow-all-employees SourceUser="paloaltonetwork\xxxxx" DestinationUser="paloaltonetwork\xxxxx" Application=translator-1 VirtualLocation=vsys1 FromZone=ethernet4Zone-test1 ToZone=untrust InboundInterface=unknown OutboundInterface=unknown LogSetting=rs-logging SessionID=44264 RepeatCount=1 SourcePort=20006 DestinationPort=14659 NATSourcePort=32577 NATDestinationPort=7527 Protocol=tcp Action=allow TunnelEventType=40 MobileSubscriberISDN= AccessPointName= RadioAccessTechnology=11 TunnelMessageType=0 MobileIP= TunnelEndpointID1=0 TunnelEndpointID2=0 TunnelInterface=0 TunnelCauseCode=0 VendorSeverity=Unused MobileCountryCode=0 MobileNetworkCode=0 MobileAreaCode=0 MobileBaseStationCode=0 TunnelEventCode=0 SequenceNo=1394230140 SourceLocation=east-coast DestinationLocation=chicago DGHierarchyLevel1=11 DGHierarchyLevel2=0 DGHierarchyLevel3=0 DGHierarchyLevel4=0 VirtualSystemName= DeviceName=xxxxx IMSI=0 IMEI= ParentSessionID=0 ParentStarttime=1970-01-01T00:00:00.000000Z Tunnel=HTTP2-CONNECTION Bytes=7604628883345 BytesSent=41191473158 BytesReceived=7563437410187 PacketsTotal=1614045305 PacketsSent=1614045296 PacketsReceived=9 PacketsDroppedMax=0 PacketsDroppedProtocol=724369410 PacketsDroppedStrict=0 PacketsDroppedTunnel=153 TunnelSessionsCreated=541065246 TunnelSessionsClosed=83951616 SessionEndReason=n-a ActionSource= SessionStartTime=1970-01-01T00:00:19.000000Z SessionDuration=2124021760 TunnelInspectionRule= TunnelRemoteUserIP= TunnelRemoteIMSIID=0 RuleUUID=d0658a8e-c749-4b1c-a7dc-3247de1c94e7 DynamicUserGroupName= ContainerID= ContainerNameSpace= ContainerName= SourceEDL= DestinationEDL= SourceDynamicAddressGroup= DestinationDynamicAddressGroup= TimeGeneratedHighResolution=2021-02-23T01:55:26.770000Z NSSAINetworkSliceDifferentiator=0 NSSAINetworkSliceType=0 ProtocolDataUnitsessionID=0
The following table identifies the Tunnel field names that the Log Forwarding app uses when you forward logs using the EMAIL log format.
EMAIL Name
Query Name
AccessPointName
Action
ActionSource
Application
app
ApplicationCategory
ApplicationSubcategory
BytesReceived
BytesSent
Bytes
ConfigVersion
ContainerID
ApplicationContainer
ContentVersion
RepeatCount
LoggingServiceID
DestinationDeviceClass
DestinationDeviceMac
DestinationDeviceModel
DestinationDeviceOS
DestinationDeviceVendor
DestinationDynamicAddressGroup
DestinationEDL
DestinationAddress
DestinationLocation
DestinationPort
DestinationUser
DestinationUserDomain
DestinationUserName
DestinationUserUUID
DestinationUUID
DGHierarchyLevel1
DGHierarchyLevel2
DGHierarchyLevel3
DGHierarchyLevel4
DynamicUserGroupName
FromZone
InboundInterface
InboundInterfaceDetailsPort
InboundInterfaceDetailsSlot
InboundInterfaceDetailsType
InboundInterfaceDetailsUnit
CaptivePortal
IsClienttoServer
IsContainer
IsDecryptMirror
IsDecryptedPayloadForward
IsDecryptedLog
IsDuplicateLog
LogExported
LogForwarded
IsIPV6
IsInspectionBeforeSession
IsMptcpOn
NAT
IsNonStandardDestinationPort
IsPacketCapture
IsPhishing
IsPrismaNetwork
IsPrismaUsers
IsProxy
IsReconExcluded
IsSaaSApplication
IsServertoClient
IsSourceXForwarded
IsSystemReturn
IsTransaction
IsTunnelInspected
IsURLDenied
LogSetting
LogSource
DeviceSN
DeviceName
LogSourceTimeZoneOffset
TimeReceived
LogType
MobileAreaCode
MobileBaseStationCode
MobileCountryCode
MobileIP
MobileNetworkCode
MobileSubscriberISDN
IMEI
NATDestination
NATDestinationPort
NATSource
NATSourcePort
NonStandardDestinationPort
NSSAINetworkSliceDifferentiator
NSSAINetworkSliceType
OutboundInterface
OutboundInterfaceDetailsPort
OutboundInterfaceDetailsSlot
OutboundInterfaceDetailsType
OutboundInterfaceDetailsUnit
PacketsDroppedMax
PacketsDroppedStrict
PacketsDroppedTunnel
PacketsDroppedProtocol
PacketsReceived
PacketsSent
PacketsTotal
ParentSessionID
ParentStarttime
ProtocolDataUnitsessionID
ContainerName
ContainerNameSpace
Protocol
RadioAccessTechnology
ApplicationRisk
Rule
RuleUUID
SanctionedStateofApp
SequenceNo
SessionOwnerMidx
SessionEndReason
SessionID
SessionStartTime
SessionTracker
Severity
SourceDeviceClass
SourceDeviceMac
SourceDeviceModel
SourceDeviceOS
SourceDeviceVendor
SourceDynamicAddressGroup
SourceEDL
SourceAddress
SourceLocation
SourcePort
SourceUser
SourceUserDomain
SourceUserName
SourceUserUUID
SourceUUID
StandardPortsOfApp
Subtype
ApplicationTechnology
TimeGenerated
TimeGeneratedHighResolution
ToZone
SessionDuration
Tunnel
TunnelCauseCode
TunnelEndpointID1
TunnelEndpointID2
TunnelEventCode
TunnelEventType
TunnelInspectionRule
TunnelInterface
TunnelMessageType
TunnelRemoteIMSIID
TunnelRemoteUserIP
TunnelSessionsClosed
TunnelSessionsCreated
TunneledApplication
IMSI
URLCategory
Users
VendorName
VendorSeverity
VirtualLocation
VirtualSystemID
VirtualSystemName

Recommended For You