System logs—entries for each
system event on the firewall.
audit
Audit logs—entries for changes made to the service
writing the logs.
auth
Authentication logs—information
about authentication events that occur when end users try to access
network resources for which access is controlled by Authentication Policy rules.
dns_security
DNS Security Logs—information from two sources:
DNS Security logs—a
partial record of DNS requests that the firewall has deemed
malicious based on Anti-Spyware policy
rules.
(PAN-OS 10.0 or Later) DNS Security telemetry
logs—supplemental information about DNS activity on
your network.
The DNS Security log data in Strata Logging Service
represents only a subset of all DNS requests and responses detected
in your network. To view all malicious DNS requests, check threat.
Strata Logging Service does not store
dns_security logs automatically. To
begin storing them, you must set quota for
dns_security to a value greater
than 0.
The Strata Logging Service Estimator does not yet
support DNS Security logs, so you must calculate log storage
manually. The average size of a DNS Security log is
approximately 833 bytes.
extpcap
Extended packet capture—packet captures
in a proprietary Palo Alto Networks format. The firewall only collects
these if you enable extended capture in Vulnerability
Protection or Anti-Spyware profiles.
file_data
Data filtering logs—entries
for the security rules that help prevent sensitive information such as
credit card numbers from leaving the area that the firewall protects.
HIP Match logs—information
about the security status of the end devices accessing your network.
iptag
IP-Tag logs—how and when
a source IP address is registered or unregistered on the firewall
and what tag the firewall applied to the address.
sctp
Stream Control Transmission Protol
logs—events and associations based on logs generated by the
firewall while it performs stateful inspection, protocol validation,
and filtering of SCTP traffic.
threat
Threat logs—entries generated
when traffic matches one of the Security Profiles attached to a
security rule on the firewall.
traffic
Traffic logs—entries for
the start and end of each session.
URL Filtering logs—entries
for traffic that matches the URL Filtering profile attached to a
security policy rule.
userid
User-ID logs—information
about IP address-to-username mappings and Authentication Timestamps,
such as the sources of the mapping information and the times when users
authenticated.
decryption
Decryption logs—information
about sessions that match a Decryption policy to help you gain context
about that traffic so you can accurately and easily diagnose and resolve
decryption issues.
