Management LEEF Fields

Table of Contents

Management LEEF Fields

The following table identifies the Management field names that the Log Forwarding app uses when you forward logs using the LEEF log format.

When you create a syslog forwarding profile , you can optionally create a profile token that the Log Forwarding app uses when it sends logs to the syslog server. If you configure a profile token, it appears in the log line immediately after the log type information (for example, TRAFFIC, THREAT, HIPMATCH, and so forth). The token will appear on a parameter called profileToken.

LEEF Name	Query Name	Field Type
AttemptedGateways	attempted_gateways	Custom
AuthMethod	auth_method	Custom
ConfigVersion	config_version.value	Custom
ConnectionMethod	connect_method	Custom
ConnectionErrorID	connection_error.id	Custom
ConnectionError	connection_error.value	Custom
CountOfRepeats	count_of_repeats	Custom
TenantID	customer_id	Custom
DGHierarchyLevel1	dg_hier_level_1	Custom
DGHierarchyLevel2	dg_hier_level_2	Custom
DGHierarchyLevel3	dg_hier_level_3	Custom
DGHierarchyLevel4	dg_hier_level_4	Custom
EndpointDeviceName	endpoint_device_name	Custom
ZTNAClientVersion	endpoint_gp_version	Custom
EndpointOSType	endpoint_os_type	Custom
EndpointOSVersion	endpoint_os_version	Custom
EndpointSN	endpoint_serial_number	Custom
EventID	event_id.value	Header
Gateway	gateway	Custom
GatewayPriority	gateway_priority.value	Custom
GatewaySelectionType	gateway_selection_type	Custom
ZTNAGatewayLocation	gpg_location	Custom
HostID	host_id	Custom
IsDuplicateLog	is_dup_log	Custom
LogExported	is_exported	Custom
LogForwarded	is_forwarded	Custom
IsPrismaNetworks	is_prisma_branch	Custom
IsPrismaUsers	is_prisma_mobile	Custom
LogSource	log_source	Custom
LogSourceGroupID	log_source_group_id	Custom
DeviceSN	log_source_id	Custom
DeviceName	log_source_name	Custom
LogSourceTimeZoneOffset	log_source_tz_offset	Custom
TimeReceived	log_time	Custom
cat	log_type.value	Predefined
LoginDuration	login_duration	Custom
Description	opaque	Custom
PanoramaSN	panorama_serial	Custom
PlatformType	platform_type	Custom
Portal	portal	Custom
PrivateIPv4	private_ip.value	Custom
PrivateIPv6	private_ipv6.value	Custom
ProjectName	project_name	Custom
PublicIPv4	public_ip.value	Custom
PublicIPv6	public_ipv6.value	Custom
QuarantineReason	quarantine_reason	Custom
SequenceNo	sequence_no	Custom
SourceRegion	source_region	Custom
usrName	source_user	Predefined
SourceUserInfoDomain	source_user_info.domain	Custom
SourceUserInfoName	source_user_info.name	Custom
SourceUserInfoUUID	source_user_info.uuid	Custom
SSLResponseTime	ssl_response_time	Custom
Stage	stage	Custom
EventStatus	status.value	Custom
SubType	sub_type.value	Custom
devTime	time_generated	Predefined
TimeGeneratedHighResolution	time_generated_high_res	Custom
TunnelType	tunnel	Custom
Vendor	vendor_name	Header
VirtualSystem	vsys	Custom
VirtualSystemID	vsys_id	Custom
VirtualSystemName	vsys_name	Custom

Management HTTPS Fields

Troubleshooting (Prisma Access Agent)

Strata Logging Service Docs

Management LEEF Fields

Strata Logging Service Docs

Management LEEF Fields

Activation & Onboarding

Next-Generation Firewalls

SASE

Cloud-Delivered Security Services

Endpoints

Visibility & Monitoring

Best Practices

Experts Corner