>
    Strata Copilot
    Traffic EMAIL Fields
    Focus
    Download PDF
    Focus
    1. Home
    2. Strata Logging Service
    3. Strata Logging Service Log Reference
    4. Network Logs
    5. Traffic
    6. Traffic EMAIL Fields
    Download PDF
    Strata Logging Service

    Traffic EMAIL Fields

    Table of Contents

    Traffic EMAIL Fields

    Example Traffic log in EMAIL: 
    TimeReceived=2021-01-22T21:43:39.000000Z
DeviceSN=xxxxxxxxxxxxx
LogType=TRAFFIC
Subtype=end
ConfigVersion=10.0
TimeGenerated=2021-01-22T21:43:23.000000Z
SourceAddress=xxx.xx.x.xx
DestinationAddress=xxx.xx.x.xx
NATSource=xxx.xx.x.xx
NATDestination=xxx.xx.x.xx
Rule=allow-business-apps
SourceUser="paloaltonetwork\xxxxx"
DestinationUser=
Application=infoblox-grid
VirtualLocation=vsys1
FromZone=ethernet4Zone-test1
ToZone=untrust
InboundInterface=unknown
OutboundInterface=unknown
LogSetting=rs-logging
SessionID=952362
RepeatCount=1
SourcePort=5547
DestinationPort=6564
NATSourcePort=8940
NATDestinationPort=16125
Protocol=tcp
Action=deny
Bytes=652430
BytesSent=231247
BytesReceived=421183
PacketsTotal=2058
SessionStartTime=2021-01-22T21:42:53.000000Z
SessionDuration=58
URLCategory=1
SequenceNo=20397927
SourceLocation=BR
DestinationLocation=CN
PacketsSent=1086
PacketsReceived=972
SessionEndReason=unknown
VirtualSystemName=
DeviceName=xxxxx
ActionSource=unknown
SourceUUID=
DestinationUUID=
IMSI=0
IMEI=
ParentSessionID=0
ParentStarttime=2021-01-22T21:42:44.000000Z
Tunnel=N/A
EndpointAssociationID=7349874591868649490
ChunksTotal=3424
ChunksSent=3119
ChunksReceived=305
RuleUUID=ec14df0b-c845-4435-87a2-d207730f5ae8
HTTP2Connection=547970
LinkChangeCount=0
SDWANPolicyName=
LinkSwitches=
SDWANCluster=
SDWANDeviceType=
SDWANClusterType=
SDWANSite=
DynamicUserGroupName=dynug-3
X-Forwarded-ForIP=xxx.xx.x.xx
SourceDeviceCategory=X-Phone
SourceDeviceProfile=x-profile
SourceDeviceModel=Redmi
SourceDeviceVendor=Xiaomi
SourceDeviceOSFamily=5 Plus
SourceDeviceOSVersion=Android v8.2
SourceDeviceHost=pan-603
SourceDeviceMac=645701225660
DestinationDeviceCategory=X-Phone
DestinationDeviceProfile=x-profile
DestinationDeviceModel=MI
DestinationDeviceVendor=Xiaomi
DestinationDeviceOSFamily=A1
DestinationDeviceOSVersion=Android v9.1
DestinationDeviceHost=pan-622
DestinationDeviceMac=207974153661
ContainerID=1873cc5c-0d31
ContainerNameSpace=pns_default
ContainerName=pan-dp-77754f4
SourceEDL=
DestinationEDL=
GPHostID=6060606060
EndpointSerialNumber=xxxxxxxxxxxxxx
SourceDynamicAddressGroup= aqua_dag
DestinationDynamicAddressGroup=
HASessionOwner=session_owner-2
TimeGeneratedHighResolution=2021-01-22T21:43:23.795000Z
NSSAINetworkSliceType=a7
NSSAINetworkSliceDifferentiator=5700
    The following table identifies the Traffic field names that the Log Forwarding app uses when you forward logs using the EMAIL log format.
    EMAIL Name
    Query Name
    Action
    action.​value
    ActionSource
    action_source.​value
    AIFwdError
    ai_fwd_error
    AITraffic
    ai_traffic
    Application
    app
    ApplicationCategory
    app_category
    ApplicationSubcategory
    app_sub_category
    BytesReceived
    bytes_received
    BytesSent
    bytes_sent
    Bytes
    bytes_total
    ChunksReceived
    chunks_received
    ChunksSent
    chunks_sent
    ChunksTotal
    chunks_total
    ConfigVersion
    config_version.​value
    ContainerID
    container_id
    ApplicationContainer
    container_of_app
    RepeatCount
    count_of_repeats
    CortexDataLakeTenantID
    customer_id
    DestinationDeviceCategory
    dest_device_category
    DestinationDeviceClass
    dest_device_class
    DestinationDeviceHost
    dest_device_host
    DestinationDeviceMac
    dest_device_mac
    DestinationDeviceModel
    dest_device_model
    DestinationDeviceOS
    dest_device_os
    DestinationDeviceOSFamily
    dest_device_osfamily
    DestinationDeviceOSVersion
    dest_device_osversion
    DestinationDeviceProfile
    dest_device_profile
    DestinationDeviceVendor
    dest_device_vendor
    DestinationDynamicAddressGroup
    dest_dynamic_address_group
    DestinationEDL
    dest_edl
    DestinationAddress
    dest_ip.​value
    DestinationLocation
    dest_location
    DestinationPort
    dest_port
    DestinationUser
    dest_user
    DestinationUserDomain
    dest_user_info.​domain
    DestinationUserName
    dest_user_info.​name
    DestinationUserUUID
    dest_user_info.​uuid
    DestinationUUID
    dest_uuid
    DGHierarchyLevel1
    dg_hier_level_1
    DGHierarchyLevel2
    dg_hier_level_2
    DGHierarchyLevel3
    dg_hier_level_3
    DGHierarchyLevel4
    dg_hier_level_4
    DynamicUserGroupName
    dynusergroup_name
    EndpointSerialNumber
    endpoint_serial_number
    EndpointAssociationID
    ep_assoc_id
    FlowType
    flow_type.​value
    FromZone
    from_zone
    HASessionOwner
    ha_session_owner
    GPHostID
    host_id
    HTTP2Connection
    http2_connection
    InboundInterface
    inbound_if.​value
    InboundInterfaceDetailsPort
    inbound_if_details.​port
    InboundInterfaceDetailsSlot
    inbound_if_details.​slot
    InboundInterfaceDetailsType
    inbound_if_details.​type.​value
    InboundInterfaceDetailsUnit
    inbound_if_details.​unit
    CaptivePortal
    is_captive_portal
    IsClienttoServer
    is_client_to_server
    IsContainer
    is_container
    IsDecryptMirror
    is_decrypt_mirror
    IsDecrypted
    is_decrypted
    IsDecryptedPayloadForward
    is_decrypted_payload_fwded
    IsDecryptedLog
    is_decryption_log
    IsDuplicateLog
    is_dup_log
    IsEncrypted
    is_encrypted
    LogExported
    is_exported
    LogForwarded
    is_forwarded
    IsIPV6
    is_ipv6
    IsInspectionBeforeSession
    is_l7_inspection_b4_session
    IsMptcpOn
    is_mptcp_on
    NAT
    is_nat
    IsNonStandardDestinationPort
    is_non_std_dest_port
    IsOffloaded
    is_offloaded
    IsPacketCapture
    is_packet_capture
    IsPhishing
    is_phishing
    IsPrismaNetwork
    is_prisma_branch
    IsPrismaUsers
    is_prisma_mobile
    IsProxy
    is_proxy
    IsReconExcluded
    is_recon_excluded
    IsSaaSApplication
    is_saas_app
    IsServertoClient
    is_server_to_client
    IsSourceXForwarded
    is_source_x_fwded
    IsSystemReturn
    is_sym_return
    IsTransaction
    is_transaction
    IsTunnelInspected
    is_tunnel_inspected
    IsURLDenied
    is_url_denied
    K8SClusterID
    k8s_cluster_id
    LinkChangeCount
    link_change_count
    LinkSwitches
    link_switches
    Location
    location
    LogSetting
    log_set
    LogSource
    log_source
    LogSourceGroupID
    log_source_group_id
    DeviceSN
    log_source_id
    DeviceName
    log_source_name
    LogSourceTimeZoneOffset
    log_source_tz_offset
    TimeReceived
    log_time
    LogType
    log_type.​value
    IMEI
    monitor_tag_imei
    NATDestination
    nat_dest.​value
    NATDestinationPort
    nat_dest_port
    NATSource
    nat_source.​value
    NATSourcePort
    nat_source_port
    NonStandardDestinationPort
    non_standard_dest_port
    NSSAINetworkSliceDifferentiator
    nssai_network_slice_differentiator.​value
    NSSAINetworkSliceType
    nssai_network_slice_type.​value
    OutboundInterface
    outbound_if.​value
    OutboundInterfaceDetailsPort
    outbound_if_details.​port
    OutboundInterfaceDetailsSlot
    outbound_if_details.​slot
    OutboundInterfaceDetailsType
    outbound_if_details.​type.​value
    OutboundInterfaceDetailsUnit
    outbound_if_details.​unit
    PacketsReceived
    packets_received
    PacketsSent
    packets_sent
    PacketsTotal
    packets_total
    PanoramaSN
    panorama_serial
    ParentSessionID
    parent_session_id
    ParentStarttime
    parent_start_time
    PlatformType
    platform_type
    ContainerName
    pod_name
    ContainerNameSpace
    pod_namespace
    SDWANPolicyName
    policy_id
    Protocol
    protocol.​value
    ApplicationRisk
    risk_of_app
    Rule
    rule_matched
    RuleUUID
    rule_matched_uuid
    SanctionedStateOfApp
    sanctioned_state_of_app
    SDWANFECRatio
    sdwan_FEC_ratio
    SDWANCluster
    sdwan_cluster
    SDWANClusterType
    sdwan_cluster_type
    SDWANDeviceType
    sdwan_device_type
    SDWANSite
    sdwan_site
    SequenceNo
    sequence_no
    SessionOwnerMidx
    sess_owner_rt_midx
    SessionEndReason
    session_end_reason.​value
    SessionID
    session_id
    SessionStartTime
    session_start_time
    SessionTracker
    session_tracker
    SourceDeviceCategory
    source_device_category
    SourceDeviceClass
    source_device_class
    SourceDeviceHost
    source_device_host
    SourceDeviceMac
    source_device_mac
    SourceDeviceModel
    source_device_model
    SourceDeviceOS
    source_device_os
    SourceDeviceOSFamily
    source_device_osfamily
    SourceDeviceOSVersion
    source_device_osversion
    SourceDeviceProfile
    source_device_profile
    SourceDeviceVendor
    source_device_vendor
    SourceDynamicAddressGroup
    source_dynamic_address_group
    SourceEDL
    source_edl
    SourceAddress
    source_ip.​value
    SourceLocation
    source_location
    SourcePort
    source_port
    SourceUser
    source_user
    SourceUserDomain
    source_user_info.​domain
    SourceUserName
    source_user_info.​name
    SourceUserUUID
    source_user_info.​uuid
    SourceUUID
    source_uuid
    Subtype
    sub_type.​value
    ApplicationTechnology
    technology_of_app
    TimeGenerated
    time_generated
    TimeGeneratedHighResolution
    time_generated_high_res
    ToZone
    to_zone
    SessionDuration
    total_time_elapsed
    Tunnel
    tunnel.​value
    TunneledApplication
    tunneled_app
    IMSI
    tunnelid_imsi
    URLCategory
    url_category.​value
    Users
    users
    VendorName
    vendor_name
    VirtualLocation
    vsys
    VirtualSystemID
    vsys_id
    VirtualSystemName
    vsys_name
    X-Forwarded-ForIP
    xff_ip.​value

    © 2025 Palo Alto Networks, Inc. All rights reserved.