Strata Logging Service
Audit
Table of Contents
Expand All
|
Collapse All
Audit
Audit logs are written to by specific products,
applications, or services. These are used to record changes made to the service writing
the logs.
The products, applications, or services that write audit logs are:
- Prisma Access Integration with Cisco Meraki SD-WAN
See the following for information related to supported log formats:
AUDIT Field
(Display Name)
|
Description
|
|---|---|
event_category
(EVENT CATEGORY)
| The category of the event.
CEF field name: PanOSEventCategory EMAIL field name: EventCategory HTTPS field name: EventCategory LEEF field name: EventCategory |
event_description
(EVENT DESCRIPTION)
| A description of the event.
CEF field name: PanOSEventDescription EMAIL field name: EventDescription HTTPS field name: EventDescription LEEF field name: EventDescription |
event_dest_url
(EVENT DESTINATION URL)
|
The URL related to the destination.
CEF field name: PanOSEventDestinationURL EMAIL field name: EventDestinationURL HTTPS field name: EventDestinationURL LEEF field name: EventDestinationURL |
event_dest_user.user_id
(EVENT DESTINATION USER USER ID) | The user ID related to the destination. CEF field name: PanOSEventDestinationUserUserID EMAIL field name: EventDestinationUserUserID HTTPS field name: EventDestinationUserUserID LEEF field name: EventDestinationUserUserID |
event_dest_vendor
(DESTINATION VENDOR)
| Name of the service that sent the log to . CEF field name: PanOSDestinationVendor EMAIL field name: DestinationVendor HTTPS field name: DestinationVendor LEEF field name: DestinationVendor |
event_detail
(EVENT DETAILS)
| Details about the event.
CEF field name: PanOSEventDetails EMAIL field name: EventDetails HTTPS field name: EventDetails LEEF field name: EventDetails |
event_id
(EVENT ID) | System event identifier. CEF field name: PanOSEventID EMAIL field name: EventID HTTPS field name: EventID LEEF field name: EventID |
event_name
(EVENT NAME)
| The name associated with an event
CEF field name: PanOSEventName EMAIL field name: EventName HTTPS field name: EventName LEEF field name: EventName |
event_result
(EVENT RESULT)
| The result of an event.
CEF field name: PanOSEventResult EMAIL field name: EventResult HTTPS field name: EventResult LEEF field name: EventResult |
event_source_user.user_id
(EVENT SOURCE USER USER ID) | The user ID related to the source. CEF field name: PanOSEventSourceUserUserID EMAIL field name: EventSourceUserUserID HTTPS field name: EventSourceUserUserID LEEF field name: EventSourceUserUserID |
event_time
(EVENT TIME) | Time when the log was generated.
CEF field name: PanOSEventTime EMAIL field name: EventTime HTTPS field name: EventTime LEEF field name: EventTime |
log_source
(LOG SOURCE)
|
Identifies the origin of the data. That is, the system that produced the data.
CEF field name: PANOSLogSource EMAIL field name: LogSource HTTPS field name: LogSource LEEF field name: LogSource |
log_source_group_id
(LOG SOURCE GROUP ID)
|
ID that uniquely identifies the logSourceGroupId of the log. That is, the log source Id of the group.
CEF field name: PanOSLogSourceGroupID EMAIL field name: LogSourceGroupID HTTPS field name: LogSourceGroupID LEEF field name: LogSourceGroupID |
log_source_id
(DEVICE SN)
| Unique identifier of the log source. For example, if a firewall generated the log, this
would be the serial number of the firewall. CEF field name: deviceExternalID EMAIL field name: DeviceSN HTTPS field name: DeviceSN LEEF field name: DeviceSN |
log_source_name
(DEVICE NAME)
|
Name of the source of the log. That is, the hostname of the firewall that logged the network traffic.
CEF field name: dvchost EMAIL field name: DeviceName HTTPS field name: DeviceName LEEF field name: DeviceName |
log_time
(TIME RECEIVED)
| Time the log was received in . This is populated by the
platform. CEF field name: rt EMAIL field name: TimeReceived HTTPS field name: TimeReceived LEEF field name: TimeReceived |
log_type.value
(LOG TYPE)
| Identifies the log type. CEF field name: Device Event Class ID EMAIL field name: LogType HTTPS field name: LogType LEEF field name: cat |
platform_type
(PLATFORM TYPE)
|
The platform type (Valid types are VM, PA, NGFW, CNGFW).
CEF field name: PlatformType EMAIL field name: PlatformType HTTPS field name: PlatformType LEEF field name: PlatformType |
tsg_id
(TSG ID)
|
The Tenant Service Group that uniquely identifies the Cortex Data Lake instance which received this log record.
CEF field name: PanOSTSGID EMAIL field name: TSGID HTTPS field name: TSGID LEEF field name: TSGID |
vendor_name
(VENDOR NAME)
|
Identifies the vendor that produced the data.
CEF field name: Device Vendor EMAIL field name: VendorName HTTPS field name: Vendor LEEF field name: Vendor |
vendor_severity.value
(VENDOR SEVERITY)
|
Severity associated with the event.
CEF field name: PanOSVendorSeverity EMAIL field name: VendorSeverity HTTPS field name: VendorSeverity LEEF field name: VendorSeverity |