>
    Strata Copilot
    DNS Security (Resolver and SDWAN and Panos 12.1 or later) CEF Fields
    Focus
    Download PDF
    Focus
    1. Home
    2. Strata Logging Service
    3. Strata Logging Service Log Reference
    4. Network Logs
    5. DNS Security (Resolver and SDWAN and Panos 12.1 or later)
    6. DNS Security (Resolver and SDWAN and Panos 12.1 or later) CEF Fields
    Download PDF
    Strata Logging Service

    DNS Security (Resolver and SDWAN and Panos 12.1 or later) CEF Fields

    Table of Contents

    DNS Security (Resolver and SDWAN and Panos 12.1 or later) CEF Fields

    The following table identifies the DNS Security (Resolver and SDWAN and Panos 12.1 or later) field names that the Log Forwarding app uses when you forward logs using the CEF log format.
    CEF Name
    Field Details
    act
    Query Name: action.​value
    Header Type: Predefined
    app
    Query Name: app
    Header Type: Predefined
    PanOSApplicationCategory
    Query Name: app_category
    Header Type: Custom
    PanOSApplicationSubcategory
    Query Name: app_sub_category
    Header Type: Custom
    PanOSCloudHostname
    Query Name: cloud_hostname
    Header Type: Custom
    PanOSConfigVersion
    Query Name: config_version.​value
    Header Type: Custom
    PanOSContainerID
    Query Name: container_id
    Header Type: Custom
    PanOSApplicationContainer
    Query Name: container_of_app
    Header Type: Custom
    PanOSContentVersion
    Query Name: content_version
    Header Type: Custom
    cnt
    Query Name: count_of_repeats
    Header Type: Predefined
    PanOSCortexDataLakeTenantID
    Query Name: customer_id
    Header Type: Custom
    PanOSDestinationDeviceCategory
    Query Name: dest_device_category
    Header Type: Custom
    PanOSDestinationDeviceClass
    Query Name: dest_device_class
    Header Type: Custom
    PanOSDestinationDeviceHost
    Query Name: dest_device_host
    Header Type: Custom
    PanOSDestinationDeviceMac
    Query Name: dest_device_mac
    Header Type: Custom
    PanOSDestinationDeviceModel
    Query Name: dest_device_model
    Header Type: Custom
    PanOSDestinationDeviceOS
    Query Name: dest_device_os
    Header Type: Custom
    PanOSDestinationDeviceOSFamily
    Query Name: dest_device_osfamily
    Header Type: Custom
    PanOSDestinationDeviceOSVersion
    Query Name: dest_device_osversion
    Header Type: Custom
    PanOSDestinationDeviceProfile
    Query Name: dest_device_profile
    Header Type: Custom
    PanOSDestinationDeviceVendor
    Query Name: dest_device_vendor
    Header Type: Custom
    PanOSDestinationDynamicAddressGroup
    Query Name: dest_dynamic_address_group
    Header Type: Custom
    PanOSDestinationEDL
    Query Name: dest_edl
    Header Type: Custom
    PanOSDestinationIP
    Query Name: dest_ip.​value
    Header Type: Custom
    PanOSDestinationLocation
    Query Name: dest_location
    Header Type: Custom
    dpt
    Query Name: dest_port
    Header Type: Predefined
    dntdom
    Query Name: dest_user_info.​domain
    Header Type: Predefined
    Max Length: 255
    dusername
    Query Name: dest_user_info.​name
    Header Type: Predefined
    Max Length: 255
    duid
    Query Name: dest_user_info.​uuid
    Header Type: Predefined
    Max Length: 255
    PanOSDestinationUUID
    Query Name: dest_uuid
    Header Type: Custom
    PanOSDGHierarchyLevel1
    Query Name: dg_hier_level_1
    Header Type: Custom
    PanOSDGHierarchyLevel2
    Query Name: dg_hier_level_2
    Header Type: Custom
    PanOSDGHierarchyLevel3
    Query Name: dg_hier_level_3
    Header Type: Custom
    PanOSDGHierarchyLevel4
    Query Name: dg_hier_level_4
    Header Type: Custom
    flexString2
    Query Name: direction_of_attack.​value
    Header Type: Predefined
    PanOSDNSRequestName
    Query Name: dns_request_name
    Header Type: Custom
    PanOSDNSRdata
    Query Name: dns_response
    Header Type: Custom
    PanOSDNSResponseCode
    Query Name: dns_response_code
    Header Type: Custom
    PanOSDNSResponseFlags
    Query Name: dns_response_flags
    Header Type: Custom
    PanOSDNSResponseTTL
    Query Name: dns_response_ttl
    Header Type: Custom
    PanOSDNSResponseType
    Query Name: dns_response_type
    Header Type: Custom
    PanOSDomainEDL
    Query Name: domain_edl
    Header Type: Custom
    duser
    Query Name: dst_user
    Header Type: Predefined
    cs5
    Query Name: dst_zone
    Header Type: Predefined
    PanOSDynamicUserGroupName
    Query Name: dynusergroup_name
    Header Type: Custom
    PanOSEndpointSerialNumber
    Query Name: endpoint_serial_number
    Header Type: Custom
    FlowSources
    Query Name: flow_type.​value
    Header Type: Custom
    request
    Query Name: fqdn
    Header Type: Predefined
    cs4
    Query Name: from_zone
    Header Type: Predefined
    PanOSThreatID
    Query Name: gtid
    Header Type: Custom
    PanOSHostID
    Query Name: host_id
    Header Type: Custom
    PanOSHTTP2Connection
    Query Name: http2_connection
    Header Type: Custom
    PanOSHTTPMethod
    Query Name: http_method.​value
    Header Type: Custom
    deviceInboundInterface
    Query Name: inbound_if.​value
    Header Type: Predefined
    PanOSInboundInterfaceDetailsPort
    Query Name: inbound_if_details.​port
    Header Type: Custom
    PanOSInboundInterfaceDetailsSlot
    Query Name: inbound_if_details.​slot
    Header Type: Custom
    PanOSInboundInterfaceDetailsType
    Query Name: inbound_if_details.​type.​value
    Header Type: Custom
    PanOSInboundInterfaceDetailsUnit
    Query Name: inbound_if_details.​unit
    Header Type: Custom
    PanOSCaptivePortal
    Query Name: is_captive_portal
    Header Type: Custom
    PanOSIsClienttoServer
    Query Name: is_client_to_server
    Header Type: Custom
    PanOSIsContainer
    Query Name: is_container
    Header Type: Custom
    PanOSIsDecryptMirror
    Query Name: is_decrypt_mirror
    Header Type: Custom
    PanOSIsDecrypted
    Query Name: is_decrypted
    Header Type: Custom
    PanOSIsDuplicateLog
    Query Name: is_dup_log
    Header Type: Custom
    PanOSIsEncrypted
    Query Name: is_encrypted
    Header Type: Custom
    PanOSLogExported
    Query Name: is_exported
    Header Type: Custom
    PanOSLogForwarded
    Query Name: is_forwarded
    Header Type: Custom
    PanOSIsIPV6
    Query Name: is_ipv6
    Header Type: Custom
    PanOSIsMptcpOn
    Query Name: is_mptcp_on
    Header Type: Custom
    PanOSNAT
    Query Name: is_nat
    Header Type: Custom
    PanOSIsNonStandardDestinationPort
    Query Name: is_non_std_dest_port
    Header Type: Custom
    PanOSIsPacketCapture
    Query Name: is_packet_capture
    Header Type: Custom
    PanOSIsPhishing
    Query Name: is_phishing
    Header Type: Custom
    PanOSIsPrismaNetwork
    Query Name: is_prisma_branch
    Header Type: Custom
    PanOSIsPrismaUsers
    Query Name: is_prisma_mobile
    Header Type: Custom
    PanOSIsProxy
    Query Name: is_proxy
    Header Type: Custom
    PanOSIsReconExcluded
    Query Name: is_recon_excluded
    Header Type: Custom
    PanOSIsSaaSApplication
    Query Name: is_saas_app
    Header Type: Custom
    PanOSIsServertoClient
    Query Name: is_server_to_client
    Header Type: Custom
    PanOSIsSourceXForwarded
    Query Name: is_source_x_fwded
    Header Type: Custom
    PanOSIsSystemReturn
    Query Name: is_sym_return
    Header Type: Custom
    PanOSIsTransaction
    Query Name: is_transaction
    Header Type: Custom
    PanOSIsTunnelInspected
    Query Name: is_tunnel_inspected
    Header Type: Custom
    PanOSIsURLDenied
    Query Name: is_url_denied
    Header Type: Custom
    PanOSK8SClusterID
    Query Name: k8s_cluster_id
    Header Type: Custom
    PanOSLocalDeepLearningAnalyzed
    Query Name: local_deep_learning
    Header Type: Custom
    PanOSLocation
    Query Name: location
    Header Type: Custom
    cs6
    Query Name: log_set
    Header Type: Predefined
    PanOSLogSource
    Query Name: log_source
    Header Type: Custom
    LogSourceGroupID
    Query Name: log_source_group_id
    Header Type: Custom
    deviceExternalID
    Query Name: log_source_id
    Header Type: Predefined
    dvchost
    Query Name: log_source_name
    Header Type: Predefined
    PanOSLogSourceTimeZoneOffset
    Query Name: log_source_tz_offset
    Header Type: Custom
    rt
    Query Name: log_time
    Header Type: Predefined
    DeviceEventClassID
    Query Name: log_type.​value
    Header Type: Custom
    PanOSIMEI
    Query Name: monitor_tag_imei
    Header Type: Custom
    destinationTranslatedAddress
    Query Name: nat_dest.​value
    Header Type: Predefined
    destinationTranslatedPort
    Query Name: nat_dest_port
    Header Type: Predefined
    sourceTranslatedAddress
    Query Name: nat_source.​value
    Header Type: Predefined
    sourceTranslatedPort
    Query Name: nat_source_port
    Header Type: Predefined
    PanOSNonStandardDestinationPort
    Query Name: non_standard_dest_port
    Header Type: Custom
    PanOSNSSAINetworkSliceType
    Query Name: nssai_network_slice_type.​value
    Header Type: Custom
    deviceOutboundInterface
    Query Name: outbound_if.​value
    Header Type: Predefined
    PanOSOutboundInterfaceDetailsPort
    Query Name: outbound_if_details.​port
    Header Type: Custom
    PanOSOutboundInterfaceDetailsSlot
    Query Name: outbound_if_details.​slot
    Header Type: Custom
    PanOSOutboundInterfaceDetailsType
    Query Name: outbound_if_details.​type.​value
    Header Type: Custom
    PanOSOutboundInterfaceDetailsUnit
    Query Name: outbound_if_details.​unit
    Header Type: Custom
    PanOSPanoramaSN
    Query Name: panorama_serial
    Header Type: Custom
    PanOSParentSessionID
    Query Name: parent_session_id
    Header Type: Custom
    PanOSParentStarttime
    Query Name: parent_start_time
    Header Type: Custom
    PanOSPartialHash
    Query Name: partial_hash
    Header Type: Custom
    PanOSPayloadProtocolID
    Query Name: payload_protocol_id
    Header Type: Custom
    PlatformType
    Query Name: platform_type
    Header Type: Custom
    PanOSContainerName
    Query Name: pod_name
    Header Type: Custom
    PanOSContainerNameSpace
    Query Name: pod_namespace
    Header Type: Custom
    proto
    Query Name: protocol.​value
    Header Type: Predefined
    PanOSDNSRequestType
    Query Name: record_type
    Header Type: Custom
    PanOSReportID
    Query Name: report_id
    Header Type: Custom
    PanOSApplicationRisk
    Query Name: risk_of_app
    Header Type: Custom
    cs1
    Query Name: rule_matched
    Header Type: Predefined
    PanOSRuleUUID
    Query Name: rule_matched_uuid
    Header Type: Custom
    PanOSSanctionedStateOfApp
    Query Name: sanctioned_state_of_app
    Header Type: Custom
    externalId
    Query Name: sequence_no
    Header Type: Predefined
    cn1
    Query Name: session_id
    Header Type: Predefined
    PanOSSeverity
    Query Name: severity
    Header Type: Custom
    PanOSSigFlags
    Query Name: sig_flags
    Header Type: Custom
    PanOSSourceDeviceCategory
    Query Name: source_device_category
    Header Type: Custom
    PanOSSourceDeviceClass
    Query Name: source_device_class
    Header Type: Custom
    PanOSSourceDeviceHost
    Query Name: source_device_host
    Header Type: Custom
    PanOSSourceDeviceMac
    Query Name: source_device_mac
    Header Type: Custom
    PanOSSourceDeviceModel
    Query Name: source_device_model
    Header Type: Custom
    PanOSSourceDeviceOS
    Query Name: source_device_os
    Header Type: Custom
    PanOSSourceDeviceOSFamily
    Query Name: source_device_osfamily
    Header Type: Custom
    PanOSSourceDeviceOSVersion
    Query Name: source_device_osversion
    Header Type: Custom
    PanOSSourceDeviceProfile
    Query Name: source_device_profile
    Header Type: Custom
    PanOSSourceDeviceVendor
    Query Name: source_device_vendor
    Header Type: Custom
    PanOSSourceDynamicAddressGroup
    Query Name: source_dynamic_address_group
    Header Type: Custom
    PanOSSourceEDL
    Query Name: source_edl
    Header Type: Custom
    src
    Query Name: source_ip.​value
    Header Type: Predefined
    PanOSSourceLocation
    Query Name: source_location
    Header Type: Custom
    spt
    Query Name: source_port
    Header Type: Predefined
    suser
    Query Name: source_user
    Header Type: Predefined
    sntdom
    Query Name: source_user_info.​domain
    Header Type: Predefined
    Max Length: 1023
    susername
    Query Name: source_user_info.​name
    Header Type: Predefined
    Max Length: 1023
    suid
    Query Name: source_user_info.​uuid
    Header Type: Predefined
    Max Length: 1023
    PanOSSourceUUID
    Query Name: source_uuid
    Header Type: Custom
    Name
    Query Name: sub_type.​value
    Header Type: Custom
    PanOSApplicationTechnology
    Query Name: technology_of_app
    Header Type: Custom
    PanOSDNSCategory
    Query Name: threat_category.​value
    Header Type: Custom
    cat
    Query Name: threat_name
    Header Type: Predefined
    start
    Query Name: time_generated
    Header Type: Predefined
    PanOSTimeGeneratedHighResolution
    Query Name: time_generated_high_res
    Header Type: Custom
    cn3
    Query Name: total_time_elapsed
    Header Type: Predefined
    PanOSTSGID
    Query Name: tsg_id
    Header Type: Custom
    PanOSTunnel
    Query Name: tunnel.​value
    Header Type: Custom
    PanOSTunneledApplication
    Query Name: tunneled_app
    Header Type: Custom
    PanOSIMSI
    Query Name: tunnelid_imsi
    Header Type: Custom
    cs2
    Query Name: url_category.​value
    Header Type: Predefined
    Label: cs2Label
    Label Text: URLCategory
    Max Length: 4000
    PanOSURLDomain
    Query Name: url_domain
    Header Type: Custom
    PanOSURLCounter
    Query Name: url_idx
    Header Type: Custom
    PanOSUsers
    Query Name: users
    Header Type: Custom
    Device Vendor
    Query Name: vendor_name
    Header Type: Custom
    PanOSVendorSeverity
    Query Name: vendor_severity.​value
    Header Type: Custom
    PanOSVerdict
    Query Name: verdict.​value
    Header Type: Custom
    cs3
    Query Name: vsys
    Header Type: Predefined
    PanOSVirtualSystemID
    Query Name: vsys_id
    Header Type: Custom
    PanOSVirtualSystemName
    Query Name: vsys_name
    Header Type: Custom
    PanOSX-Forwarded-ForIP
    Query Name: xff_ip.​value
    Header Type: Custom

    © 2026 Palo Alto Networks, Inc. All rights reserved.