| config | Configuration logs—entries for
changes to the firewall configuration. |
| system | System logs—entries for each
system event on the firewall. |
| audit | Audit logs—entries for changes made to the service
writing the logs. |
| auth | Authentication logs—information
about authentication events that occur when end users try to access
network resources for which access is controlled by Authentication Policy rules. |
| dns_security | DNS Security Logs—information from two sources:
The DNS Security log data in Strata Logging Service
represents only a subset of all DNS requests and responses detected
in your network. To view all malicious DNS requests, check threat . Strata Logging Service does not store
dns_security logs automatically. To
begin storing them, you must set quota for
dns_security to a value greater
than 0.
The Strata Logging Service Estimator does not yet
support DNS Security logs, so you must calculate log storage
manually. The average size of a DNS Security log is
approximately 833 bytes. |
| extpcap | Extended packet capture—packet captures
in a proprietary Palo Alto Networks format. The firewall only collects
these if you enable extended capture in Vulnerability
Protection or Anti-Spyware profiles. |
| file_data | Data filtering logs—entries
for the security rules that help prevent sensitive information such as
credit card numbers from leaving the area that the firewall protects. |
| globalprotect | |
| hipmatch | HIP Match logs—information
about the security status of the end devices accessing your network. |
| iptag | IP-Tag logs—how and when
a source IP address is registered or unregistered on the firewall
and what tag the firewall applied to the address. |
| sctp | Stream Control Transmission Protol
logs—events and associations based on logs generated by the
firewall while it performs stateful inspection, protocol validation,
and filtering of SCTP traffic. |
| threat | Threat logs—entries generated
when traffic matches one of the Security Profiles attached to a
security rule on the firewall. |
| traffic | Traffic logs—entries for
the start and end of each session. |
| tunnel | Tunnel Inspection logs—entries
of non-encrypted tunnel sessions. |
| url | URL Filtering logs—entries
for traffic that matches the URL Filtering profile attached to a
security policy rule. |
| userid | User-ID logs—information
about IP address-to-username mappings and Authentication Timestamps,
such as the sources of the mapping information and the times when users
authenticated. |
| decryption | Decryption logs—information
about sessions that match a Decryption policy to help you gain context
about that traffic so you can accurately and easily diagnose and resolve
decryption issues. |
| rbi | Remote Browser Isolation
logs—display information about Remote Browser Isolation
events. |
| gp_troubleshoot |
GlobalProtect troubleshooting logs contains information about the
GlobalProtect client and its host to help app users resolve
issues.
|
| agent | Reserved for future use. |
| epm | Reserved for future use. |
| events | Reserved for future use. |
