>
    IPtag CEF Fields
    Focus
    Download PDF
    Focus
    1. Home
    2. Strata Logging Service
    3. Network Logs
    4. IPtag
    5. IPtag CEF Fields
    Download PDF
    Strata Logging Service

    IPtag CEF Fields

    Table of Contents

    IPtag CEF Fields

    Example IPtag log in CEF: 
    Mar 1 21:20:15 xxx.xx.x.xx 1042 <14>1 2021-03-01T21:20:15.116Z stream-logfwd20-587718190-03011312-b28y-harness-x4nx logforwarder - panwlogs - CEF:0|Palo Alto Networks|LF|2.0|IPTAG|iptag|3|ProfileToken=xxxxx dtz=UTC rt=Mar 01 2021 21:20:13 deviceExternalId=xxxxxxxxxxxxx PanOSTenantID=xxxxxxxxxxxxx PanOSIsDuplicateLog=false PanOSIsPrismaNetworks=false PanOSIsPrismaUsers=false PanOSLogExported=false PanOSLogForwarded=true PanOSLogSetting= PanOSLogSource=firewall PanOSLogSourceTimeZoneOffset= PanOSRuleMatched= PanOSRuleMatchedUUID= PanOSConfigVersion= start=Mar 01 2021 21:20:13 cs3=vsys1 cs3Label=VirtualLocation src=xxx.xx.x.xx dst=xxx.xx.x.xx PanOSTagName= PanOSEventID=Unregister cnt=1 PanOSMappingTimeout=10 PanOSMappingDataSource=XMLAPI PanOSMappingDataSourceType=XML-API PanOSMappingDataSourceSubType=Unknown externalId=xxxxxxxxxxxxx PanOSDGHierarchyLevel1=18 PanOSDGHierarchyLevel2=0 PanOSDGHierarchyLevel3=0 PanOSDGHierarchyLevel4=0 PanOSVirtualSystemName= dvchost=PA-VM cn2=1 cn2Label=VirtualSystemID PanOSIPSubnetRange= PanOSTimeGeneratedHighResolution=Jul 25 2019 23:30:12
    The following table identifies the IPtag field names that the Log Forwarding app uses when you forward logs using the CEF log format.
    CEF Name
    Field Details
    PanOSConfigVersion
    Query Name: config_version.​value
    Header Type: Custom
    cnt
    Query Name: count_of_repeats
    Header Type: Predefined
    PanOSTenantID
    Query Name: customer_id
    Header Type: Custom
    PanOSDGHierarchyLevel1
    Query Name: dg_hier_level_1
    Header Type: Custom
    PanOSDGHierarchyLevel2
    Query Name: dg_hier_level_2
    Header Type: Custom
    PanOSDGHierarchyLevel3
    Query Name: dg_hier_level_3
    Header Type: Custom
    PanOSDGHierarchyLevel4
    Query Name: dg_hier_level_4
    Header Type: Custom
    PanOSEventID
    Query Name: event_id.​value
    Header Type: Custom
    PanOSIPSubnetRange
    Query Name: ip_subnet_range
    Header Type: Custom
    PanOSIsDuplicateLog
    Query Name: is_dup_log
    Header Type: Custom
    PanOSLogExported
    Query Name: is_exported
    Header Type: Custom
    PanOSLogForwarded
    Query Name: is_forwarded
    Header Type: Custom
    PanOSIsPrismaNetworks
    Query Name: is_prisma_branch
    Header Type: Custom
    PanOSIsPrismaUsers
    Query Name: is_prisma_mobile
    Header Type: Custom
    PanOSLogSetting
    Query Name: log_set
    Header Type: Custom
    PanOSLogSource
    Query Name: log_source
    Header Type: Custom
    LogSourceGroupID
    Query Name: log_source_group_id
    Header Type: Custom
    deviceExternalId
    Query Name: log_source_id
    Header Type: Predefined
    Max Length: 255
    dvchost
    Query Name: log_source_name
    Header Type: Predefined
    Max Length: 100
    PanOSLogSourceTimeZoneOffset
    Query Name: log_source_tz_offset
    Header Type: Custom
    rt
    Query Name: log_time
    Header Type: Predefined
    Device Event Class ID
    Query Name: log_type.​value
    Header Type: Custom
    PanOSMappingDataSource
    Query Name: mapping_data_source_name
    Header Type: Custom
    PanOSMappingDataSourceSubType
    Query Name: mapping_data_source_sub_type.​value
    Header Type: Custom
    PanOSMappingDataSourceType
    Query Name: mapping_data_source_type.​value
    Header Type: Custom
    PanOSMappingTimeout
    Query Name: mapping_timeout
    Header Type: Custom
    PanOSPanoramaSN
    Query Name: panorama_serial
    Header Type: Custom
    PlatformType
    Query Name: platform_type
    Header Type: Custom
    PanOSRuleMatched
    Query Name: rule_matched
    Header Type: Custom
    PanOSRuleMatchedUUID
    Query Name: rule_matched_uuid
    Header Type: Custom
    externalId
    Query Name: sequence_no
    Header Type: Predefined
    Max Length: 40
    src and dst, or c6a2 and c6a3
    Query Name: source_ip.​value
    Header Type: Predefined
    Label: || c6a2Label && c6a3Label
    Label Text: || Source IPv6 Address && Destination IPv6 Address
    Name
    Query Name: sub_type.​value
    Header Type: Custom
    PanOSTagName
    Query Name: tag_name
    Header Type: Custom
    start
    Query Name: time_generated
    Header Type: Predefined
    PanOSTimeGeneratedHighResolution
    Query Name: time_generated_high_res
    Header Type: Custom
    Device Vendor
    Query Name: vendor_name
    Header Type: Custom
    cs3
    Query Name: vsys
    Header Type: Predefined
    Label: cs3Label
    Label Text: VirtualLocation
    Max Length: 4000
    cn2
    Query Name: vsys_id
    Header Type: Predefined
    Label: cn2Label
    Label Text: VirtualSystemID
    PanOSVirtualSystemName
    Query Name: vsys_name
    Header Type: Custom

    © 2024 Palo Alto Networks, Inc. All rights reserved.