>
    Strata Copilot
    Directory sync LEEF Fields
    Focus
    Download PDF
    Focus
    1. Home
    2. Strata Logging Service
    3. Strata Logging Service Log Reference
    4. Cloud Identity Engine Logs
    5. Directory sync
    6. Directory sync LEEF Fields
    Download PDF
    Strata Logging Service

    Directory sync LEEF Fields

    Table of Contents

    Directory sync LEEF Fields

    The following table identifies the Directory sync field names that the Log Forwarding app uses when you forward logs using the LEEF log format.
    When you create a syslog forwarding profile , you can optionally create a profile token that the Log Forwarding app uses when it sends logs to the syslog server. If you configure a profile token, it appears in the log line immediately after the log type information (for example, TRAFFIC, THREAT, HIPMATCH, and so forth). The token will appear on a parameter called profileToken.
    LEEF Name
    Query Name
    Field Type
    CIETimeReceived
    cie_log_time
    Custom
    ClientApplicationId
    client_application_id
    Custom
    Count
    count
    Custom
    CountSummaryApplication
    count_summary.​application
    Custom
    CountSummaryComputer
    count_summary.​computer
    Custom
    CountSummaryContainer
    count_summary.​container
    Custom
    CountSummaryGroup
    count_summary.​group
    Custom
    CountSummaryOU
    count_summary.​ou
    Custom
    CountSummar RoleAssignments
    count_summary.​roleassignments
    Custom
    CountSummaryUser
    count_summary.​user
    Custom
    s
    customer_id
    Predefined
    DirectoryId
    directory_id
    Custom
    DirectoryName
    directory_name
    Custom
    DirectoryType
    directory_type
    Custom
    EventCategory
    event_category
    Custom
    EventSequenceId
    event_sequence_id
    Custom
    EventState
    event_state
    Custom
    EventType
    event_type
    Custom
    FailureReasonCode
    failure_reason_code
    Custom
    FlattenedMembershipCountCIE
    flattened_membership_count_cie
    Custom
    FlattenedMembershipCountCIEPreviousSync
    flattened_membership_count_cie_previous_sync
    Custom
    FlattenedMembershipCountIDP
    flattened_membership_count_idp
    Custom
    ImmediateMembershipCountCIE
    immediate_membership_count_cie
    Custom
    ImmediateMembershipCountCIEPreviousSync
    immediate_membership_count_cie_previous_sync
    Custom
    ImmediateMembershipCountIDP
    immediate_membership_count_idp
    Custom
    LogSource
    log_source
    Custom
    LogSourceGroupID
    log_source_group_id
    Custom
    DeviceSN
    log_source_id
    Custom
    DeviceName
    log_source_name
    Custom
    LogSourceTimeZoneOffset
    log_source_tz_offset
    Custom
    TimeReceived
    log_time
    Custom
    cat
    log_type.​value
    Predefined
    PlatformType
    platform_type
    Custom
    RecommendedAction
    recommended_action
    Custom
    SourceId
    source_id
    Custom
    SourceType
    source_type
    Custom
    SubType
    sub_type.​value
    Custom
    SyncJobId
    sync_job_id
    Custom
    SyncType
    sync_type
    Custom
    TargetId
    target_id
    Custom
    TargetType
    target_type
    Custom
    devTime
    time_generated
    Predefined
    TimeGeneratedHighResolution
    time_generated_high_res
    Custom
    TSGID
    tsg_id
    Custom
    Vendor
    vendor_name
    Header

    © 2026 Palo Alto Networks, Inc. All rights reserved.