>
    Strata Copilot
    Authentication CEF Fields
    Focus
    Download PDF
    Focus
    1. Home
    2. Strata Logging Service
    3. Strata Logging Service Log Reference
    4. Network Logs
    5. Authentication
    6. Authentication CEF Fields
    Download PDF
    Strata Logging Service

    Authentication CEF Fields

    Table of Contents

    Authentication CEF Fields

    The following table identifies the Authentication field names that the Log Forwarding app uses when you forward logs using the CEF log format.
    CEF Name
    Field Details
    PanOSAuthenticationDescription
    Query Name: auth_description
    Header Type: Custom
    msg
    Query Name: auth_event_name.​value
    Header Type: Predefined
    Max Length: 1023
    cn1
    Query Name: auth_factor_num
    Header Type: Predefined
    Label: cn1Label
    Label Text: AuthFactorNo
    cs4
    Query Name: auth_policy
    Header Type: Predefined
    Label: cs4Label
    Label Text: AuthenticationPolicy
    Max Length: 4000
    PanOSAuthenticationProtocol
    Query Name: auth_proto
    Header Type: Custom
    cs1
    Query Name: auth_server_profile
    Header Type: Predefined
    Label: cs1Label
    Label Text: AuthServerProfile
    Max Length: 4000
    PanOSAuthenticatedUserDomain
    Query Name: authenticated_user_info.​domain
    Header Type: Custom
    PanOSAuthenticatedUserName
    Query Name: authenticated_user_info.​name
    Header Type: Custom
    PanOSAuthenticatedUserUUID
    Query Name: authenticated_user_info.​uuid
    Header Type: Custom
    cs5
    Query Name: client_type
    Header Type: Predefined
    Label: cs5Label
    Label Text: ClientType
    Max Length: 4000
    PanOSClientTypeName
    Query Name: client_type_name.​value
    Header Type: Custom
    PanOSConfigVersion
    Query Name: config_version.​value
    Header Type: Custom
    cnt
    Query Name: count_of_repeats
    Header Type: Predefined
    PanOSCortexDataLakeTenantID
    Query Name: customer_id
    Header Type: Custom
    PanOSDGHierarchyLevel1
    Query Name: dg_hier_level_1
    Header Type: Custom
    PanOSDGHierarchyLevel2
    Query Name: dg_hier_level_2
    Header Type: Custom
    PanOSDGHierarchyLevel3
    Query Name: dg_hier_level_3
    Header Type: Custom
    PanOSDGHierarchyLevel4
    Query Name: dg_hier_level_4
    Header Type: Custom
    PanOSIsDuplicateLog
    Query Name: is_dup_log
    Header Type: Custom
    PanOSLogExported
    Query Name: is_exported
    Header Type: Custom
    PanOSLogForwarded
    Query Name: is_forwarded
    Header Type: Custom
    PanOSIsPrismaNetworks
    Query Name: is_prisma_branch
    Header Type: Custom
    PanOSIsPrismaUsers
    Query Name: is_prisma_mobile
    Header Type: Custom
    PanOSLocation
    Query Name: location
    Header Type: Custom
    cs6
    Query Name: log_set
    Header Type: Predefined
    Label: cs6Label
    Label Text: LogSetting
    Max Length: 4000
    PanOSLogSource
    Query Name: log_source
    Header Type: Custom
    LogSourceGroupID
    Query Name: log_source_group_id
    Header Type: Custom
    Max Length: 255
    deviceExternalId
    Query Name: log_source_id
    Header Type: Predefined
    Max Length: 255
    dvchost
    Query Name: log_source_name
    Header Type: Predefined
    Max Length: 100
    PanOSLogSourceTimeZoneOffset
    Query Name: log_source_tz_offset
    Header Type: Custom
    rt
    Query Name: log_time
    Header Type: Predefined
    DeviceEventClassId
    Query Name: log_type.​value
    Header Type: Custom
    cn2
    Query Name: mfa_auth_id
    Header Type: Predefined
    Label: cn2Label
    Label Text: MFAAuthenticationID
    PanOSMFAVendor
    Query Name: mfa_vendor
    Header Type: Custom
    cs2
    Query Name: normalize_user
    Header Type: Predefined
    Label: cs2Label
    Label Text: NormalizeUser
    Max Length: 4000
    fname
    Query Name: object
    Header Type: Predefined
    Max Length: 1023
    PanOSPanoramaSN
    Query Name: panorama_serial
    Header Type: Custom
    PlatformType
    Query Name: platform_type
    Header Type: Custom
    PanOSRuleMatched
    Query Name: rule_matched
    Header Type: Custom
    PanOSRuleMatchedUUID
    Query Name: rule_matched_uuid
    Header Type: Custom
    externalId
    Query Name: sequence_no
    Header Type: Predefined
    Max Length: 40
    PanOSAuthCacheServiceRegion
    Query Name: service_region
    Header Type: Custom
    PanOSSessionID
    Query Name: session_id
    Header Type: Custom
    PanOSSourceDeviceCategory
    Query Name: source_device_category
    Header Type: Custom
    PanOSSourceDeviceHost
    Query Name: source_device_host
    Header Type: Custom
    PanOSSourceDeviceMac
    Query Name: source_device_mac
    Header Type: Custom
    PanOSSourceDeviceModel
    Query Name: source_device_model
    Header Type: Custom
    PanOSSourceDeviceOSFamily
    Query Name: source_device_osfamily
    Header Type: Custom
    PanOSSourceDeviceOSVersion
    Query Name: source_device_osversion
    Header Type: Custom
    PanOSSourceDeviceProfile
    Query Name: source_device_profile
    Header Type: Custom
    PanOSSourceDeviceVendor
    Query Name: source_device_vendor
    Header Type: Custom
    src and dst, or c6a2 and c6a3
    Query Name: source_ip.​value
    Header Type: Predefined
    Label: || c6a2Label && c6a3Label
    Label Text: || Source IPv6 Address && Destination IPv6 Address
    Name
    Query Name: sub_type.​value
    Header Type: Custom
    start
    Query Name: time_generated
    Header Type: Predefined
    PanOSTimeGeneratedHighResolution
    Query Name: time_generated_high_res
    Header Type: Custom
    duser
    Query Name: user
    Header Type: Predefined
    Max Length: 1023
    PanOSUserAgentString
    Query Name: user_agent
    Header Type: Custom
    Device Vendor
    Query Name: vendor_name
    Header Type: Custom
    cs3
    Query Name: vsys
    Header Type: Predefined
    Label: cs3Label
    Label Text: VirtualLocation
    Max Length: 4000
    PanOSVirtualSystemID
    Query Name: vsys_id
    Header Type: Custom
    PanOSVirtualSystemName
    Query Name: vsys_name
    Header Type: Custom

    © 2026 Palo Alto Networks, Inc. All rights reserved.