>
    Strata Copilot
    Strata Logging Service Log Types
    Focus
    Download PDF
    Focus
    1. Home
    2. Strata Logging Service
    3. Strata Logging Service Administration
    4. Monitor Strata Logging Service
    5. Strata Logging Service Log Types
    Download PDF
    Strata Logging Service

    Strata Logging Service Log Types

    Table of Contents

    Strata Logging Service Log Types

    You can store these types of logs in Strata Logging Service.
    In the Strata Logging Service app, you can set how much of your overall log storage you want to allocate to the following log types:
    Log TypeDescription
    configConfiguration logs—entries for changes to the firewall configuration.
    systemSystem logs—entries for each system event on the firewall.
    auditAudit logs—entries for changes made to the service writing the logs.
    authAuthentication logs—information about authentication events that occur when end users try to access network resources for which access is controlled by Authentication Policy rules.
    dns_securityDNS Security Logs—information from two sources:
    The DNS Security log data in Strata Logging Service represents only a subset of all DNS requests and responses detected in your network. To view all malicious DNS requests, check threat.
    Strata Logging Service does not store dns_security logs automatically. To begin storing them, you must set quota for dns_security to a value greater than 0.
    The Strata Logging Service Estimator does not yet support DNS Security logs, so you must calculate log storage manually. The average size of a DNS Security log is approximately 833 bytes.
    extpcapExtended packet capture—packet captures in a proprietary Palo Alto Networks format. The firewall only collects these if you enable extended capture in Vulnerability Protection or Anti-Spyware profiles.
    file_dataData filtering logs—entries for the security rules that help prevent sensitive information such as credit card numbers from leaving the area that the firewall protects.
    globalprotect
    • GlobalProtect system logs
    • LSVPN/satellite events
    • GlobalProtect portal and gateway logs
    • Clientless VPN logs
    hipmatchHIP Match logs—information about the security status of the end devices accessing your network.
    iptagIP-Tag logs—how and when a source IP address is registered or unregistered on the firewall and what tag the firewall applied to the address.
    sctpStream Control Transmission Protol logs—events and associations based on logs generated by the firewall while it performs stateful inspection, protocol validation, and filtering of SCTP traffic.
    threatThreat logs—entries generated when traffic matches one of the Security Profiles attached to a security rule on the firewall.
    trafficTraffic logs—entries for the start and end of each session.
    tunnelTunnel Inspection logs—entries of non-encrypted tunnel sessions.
    urlURL Filtering logs—entries for traffic that matches the URL Filtering profile attached to a security policy rule.
    useridUser-ID logs—information about IP address-to-username mappings and Authentication Timestamps, such as the sources of the mapping information and the times when users authenticated.
    decryptionDecryption logs—information about sessions that match a Decryption policy to help you gain context about that traffic so you can accurately and easily diagnose and resolve decryption issues.
    rbiRemote Browser Isolation logs—display information about Remote Browser Isolation events.
    gp_troubleshoot
    GlobalProtect troubleshooting logs contains information about the GlobalProtect client and its host to help app users resolve issues.
    agentPrisma Access Agent logs contain information to help you troubleshoot any issue related to any activity or action performed by a user on the Prisma Access Agent.
    epmManagement logs contain information to audit any activity or action performed by the user or Prisma Access Agent.
    events
    The event logs contain information that the Prisma Access Browser collects for investigating every activity within your Enterprise Browser deployment.
    ai-firewallThe AI Security logs contain information to help you monitor and investigate threats found in your AI network traffic with AI Runtime Security.

    © 2026 Palo Alto Networks, Inc. All rights reserved.