Tunnel Syslog Default Field Order

The following identifies the fields contained by default when you forward logs to a syslog receiver. The fields are identified in the default order that they appear in each log line.
HEADER, log_time, log_source_id, log_type.​value, sub_type.​value, config_version.​value, time_generated, source_ip.​value, dest_ip.​value, nat_source.​value, nat_dest.​value, rule_matched, source_user, dest_user, app, vsys, from_zone, to_zone, inbound_if.​value, outbound_if.​value, log_set, EMPTY, session_id, count_of_repeats, source_port, dest_port, nat_source_port, nat_dest_port, flags, protocol.​value, action.​value, tunnel_event_type, mobile_subscriber_isdn, access_point_name, radio_access_technology, tunnel_message_type, mobile_ip.​value, tunnel_endpoint_id_1, tunnel_endpoint_id_2, tunnel_interface, tunnel_cause_code, vendor_severity.​value, mobile_country_code, mobile_network_code, mobile_area_code, mobile_base_station_code, tunnel_event_code, sequence_no, action_flags, source_location, dest_location, EMPTY, dg_hier_level_1, dg_hier_level_2, dg_hier_level_3, dg_hier_level_4, vsys_name, log_source_name, tunnelid_imsi, monitor_tag_imei, parent_session_id, parent_start_time, tunnel.​value, bytes_total, bytes_sent, bytes_received, packets_total, packets_sent, packets_received, packets_dropped_max_encap, packets_dropped_ukn_proto, packets_dropped_strict_check, packets_dropped_tunnel_frag, tunnel_sessions_created, tunnel_sessions_closed, session_end_reason.​value, action_source.​value, session_start_time, total_time_elapsed, tunnel_inspection_rule, tunnel_remote_user_ip.​value, tunnel_remote_imsi_id, rule_matched_uuid, EMPTY, dynusergroup_name, container_id, pod_namespace, pod_name, source_edl, dest_edl, source_dynamic_address_group, dest_dynamic_address_group, time_generated_high_res, nssai_network_slice_differentiator.​value, nssai_network_slice_type.​value, pdu_session_id

Recommended For You