Strata Logging Service Log Types
Focus
Focus
Strata Logging Service

Strata Logging Service Log Types

Table of Contents

Strata Logging Service
Log Types

You can store these types of logs in
Strata Logging Service
.
In the
Strata Logging Service
app, you can set how much of your overall log storage you want to allocate to the following log types:
Log Type
Description
config
Configuration logs—entries for changes to the firewall configuration.
system
System logs—entries for each system event on the firewall.
audit
Audit logs—entries for changes made to the service writing the logs.
auth
Authentication logs—information about authentication events that occur when end users try to access network resources for which access is controlled by Authentication Policy rules.
dns_security
DNS Security Logs
—information from two sources:
The DNS Security log data in
Strata Logging Service
represents only a subset of all DNS requests and responses detected in your network. To view all malicious DNS requests, check
threat
.
Strata Logging Service
does not store
dns_security
logs automatically. To begin storing them, you must set quota for
dns_security
to a value greater than 0.
The
Strata Logging Service
Estimator does not yet support DNS Security logs, so you must calculate log storage manually. The average size of a DNS Security log is approximately 833 bytes.
extpcap
Extended packet capture
—packet captures in a proprietary Palo Alto Networks format. The firewall only collects these if you enable extended capture in Vulnerability Protection or Anti-Spyware profiles.
file_data
Data filtering logs—entries for the security rules that help prevent sensitive information such as credit card numbers from leaving the area that the firewall protects.
globalprotect
  • GlobalProtect system logs
  • LSVPN/satellite events
  • GlobalProtect portal and gateway logs
  • Clientless VPN logs
hipmatch
HIP Match logs—information about the security status of the end devices accessing your network.
iptag
IP-Tag logs—how and when a source IP address is registered or unregistered on the firewall and what tag the firewall applied to the address.
sctp
Stream Control Transmission Protol logs—events and associations based on logs generated by the firewall while it performs stateful inspection, protocol validation, and filtering of SCTP traffic.
threat
Threat logs—entries generated when traffic matches one of the Security Profiles attached to a security rule on the firewall.
traffic
Traffic logs—entries for the start and end of each session.
tunnel
Tunnel Inspection logs—entries of non-encrypted tunnel sessions.
url
URL Filtering logs—entries for traffic that matches the URL Filtering profile attached to a security policy rule.
userid
User-ID logs—information about IP address-to-username mappings and Authentication Timestamps, such as the sources of the mapping information and the times when users authenticated.
decryption
Decryption logs—information about sessions that match a Decryption policy to help you gain context about that traffic so you can accurately and easily diagnose and resolve decryption issues.
rbi
gp_troubleshoot
GlobalProtect troubleshooting logs contains information about the GlobalProtect client and its host to help app users resolve issues.
prismaaccess_agent
Reserved for future use.
prismaaccess_agent_manager
Reserved for future use.
events
Reserved for future use.

Recommended For You