Strata Logging Service
Tunnel CEF Fields
Table of Contents
Expand All
|
Collapse All
Tunnel CEF Fields
The following table identifies the Tunnel field names that the Log Forwarding app
uses when you forward logs using the CEF log format.
CEF Name
|
Field Details
|
---|---|
PanOSAccessPointName
| Query Name: access_point_nameHeader Type: Custom |
act
| |
cat
| |
app
| |
PanOSApplicationCategory
| Query Name: app_categoryHeader Type: Custom |
PanOSApplicationSubcategory
| Query Name: app_sub_categoryHeader Type: Custom |
in
| Query Name: bytes_receivedHeader Type: Predefined |
out
| Query Name: bytes_sentHeader Type: Predefined |
PanOSBytes
| Query Name: bytes_totalHeader Type: Custom |
PanOSConfigVersion
| Query Name: config_version.valueHeader Type: Custom |
PanOSContainerID
| Query Name: container_idHeader Type: Custom |
PanOSApplicationContainer
| Query Name: container_of_appHeader Type: Custom |
PanOSContentVersion
| Query Name: content_versionHeader Type: Custom |
cnt
| Query Name: count_of_repeatsHeader Type: Predefined |
PanOSLoggingServiceID
| Query Name: customer_idHeader Type: Custom |
PanOSDestinationDeviceClass
| Query Name: dest_device_classHeader Type: Custom |
PanOSDestinationDeviceMac
| Query Name: dest_device_macHeader Type: Custom |
PanOSDestinationDeviceModel
| Query Name: dest_device_modelHeader Type: Custom |
PanOSDestinationDeviceOS
| Query Name: dest_device_osHeader Type: Custom |
PanOSDestinationDeviceVendor
| Query Name: dest_device_vendorHeader Type: Custom |
PanOSDestinationDynamicAddressGroup
| Query Name: dest_dynamic_address_groupHeader Type: Custom |
PanOSDestinationEDL
| Query Name: dest_edlHeader Type: Custom |
dst or c6a3
| Query Name: dest_ip.valueHeader Type: PredefinedLabel: || c6a3LabelLabel Text: || Destination IPv6 Address |
PanOSDestinationLocation
| Query Name: dest_locationHeader Type: Custom |
dpt
| Query Name: dest_portHeader Type: Predefined |
duser
| |
dntdom
| |
dusername
| |
duid
| |
PanOSDestinationUUID
| Query Name: dest_uuidHeader Type: Custom |
PanOSDGHierarchyLevel1
| Query Name: dg_hier_level_1Header Type: Custom |
PanOSDGHierarchyLevel2
| Query Name: dg_hier_level_2Header Type: Custom |
PanOSDGHierarchyLevel3
| Query Name: dg_hier_level_3Header Type: Custom |
PanOSDGHierarchyLevel4
| Query Name: dg_hier_level_4Header Type: Custom |
PanOSDynamicUserGroupName
| Query Name: dynusergroup_nameHeader Type: Custom |
cs4
| |
deviceInboundInterface
| |
PanOSInboundInterfaceDetailsPort
| Query Name: inbound_if_details.portHeader Type: Custom |
PanOSInboundInterfaceDetailsSlot
| Query Name: inbound_if_details.slotHeader Type: Custom |
PanOSInboundInterfaceDetailsType
| Query Name: inbound_if_details.type.valueHeader Type: Custom |
PanOSInboundInterfaceDetailsUnit
| Query Name: inbound_if_details.unitHeader Type: Custom |
PanOSCaptivePortal
| Query Name: is_captive_portalHeader Type: Custom |
PanOSIsClienttoServer
| Query Name: is_client_to_serverHeader Type: Custom |
PanOSIsContainer
| Query Name: is_containerHeader Type: Custom |
PanOSIsDecryptMirror
| Query Name: is_decrypt_mirrorHeader Type: Custom |
PanOSIsDecryptedPayloadForward
| Query Name: is_decrypted_payload_fwdedHeader Type: Custom |
PanOSIsDecryptedLog
| Query Name: is_decryption_logHeader Type: Custom |
PanOSIsDuplicateLog
| Query Name: is_dup_logHeader Type: Custom |
PanOSLogExported
| Query Name: is_exportedHeader Type: Custom |
PanOSLogForwarded
| Query Name: is_forwardedHeader Type: Custom |
PanOSIsIPV6
| Query Name: is_ipv6Header Type: Custom |
PanOSIsInspectionBeforeSession
| Query Name: is_l7_inspection_b4_sessionHeader Type: Custom |
PanOSIsMptcpOn
| Query Name: is_mptcp_onHeader Type: Custom |
PanOSNAT
| Query Name: is_natHeader Type: Custom |
PanOSIsNonStandardDestinationPort
| Query Name: is_non_std_dest_portHeader Type: Custom |
PanOSIsPacketCapture
| Query Name: is_packet_captureHeader Type: Custom |
PanOSIsPhishing
| Query Name: is_phishingHeader Type: Custom |
PanOSIsPrismaNetwork
| Query Name: is_prisma_branchHeader Type: Custom |
PanOSIsPrismaUsers
| Query Name: is_prisma_mobileHeader Type: Custom |
PanOSIsProxy
| Query Name: is_proxyHeader Type: Custom |
PanOSIsReconExcluded
| Query Name: is_recon_excludedHeader Type: Custom |
PanOSIsSaaSApplication
| Query Name: is_saas_appHeader Type: Custom |
PanOSIsServertoClient
| Query Name: is_server_to_clientHeader Type: Custom |
PanOSIsSourceXForwarded
| Query Name: is_source_x_fwdedHeader Type: Custom |
PanOSIsSystemReturn
| Query Name: is_sym_returnHeader Type: Custom |
PanOSIsTransaction
| Query Name: is_transactionHeader Type: Custom |
PanOSIsTunnelInspected
| Query Name: is_tunnel_inspectedHeader Type: Custom |
PanOSIsURLDenied
| Query Name: is_url_deniedHeader Type: Custom |
cs6
| |
PanOSLogSource
| Query Name: log_sourceHeader Type: Custom |
LogSourceGroupID
| |
deviceExternalId
| |
dvchost
| |
PanOSLogSourceTimeZoneOffset
| Query Name: log_source_tz_offsetHeader Type: Custom |
rt
| Query Name: log_timeHeader Type: Predefined |
Device Event Class ID
| Query Name: log_type.valueHeader Type: Custom |
PanOSMobileAreaCode
| Query Name: mobile_area_codeHeader Type: Custom |
PanOSMobileBaseStationCode
| Query Name: mobile_base_station_codeHeader Type: Custom |
PanOSMobileCountryCode
| Query Name: mobile_country_codeHeader Type: Custom |
PanOSMobileIP
| Query Name: mobile_ip.valueHeader Type: Custom |
PanOSMobileNetworkCode
| Query Name: mobile_network_codeHeader Type: Custom |
PanOSMobileSubscriberISDN
| Query Name: mobile_subscriber_isdnHeader Type: Custom |
PanOSIMEI
| Query Name: monitor_tag_imeiHeader Type: Custom |
destinationTranslatedAddress
| Query Name: nat_dest.valueHeader Type: Predefined |
destinationTranslatedPort
| Query Name: nat_dest_portHeader Type: Predefined |
sourceTranslatedAddress
| Query Name: nat_source.valueHeader Type: Predefined |
sourceTranslatedPort
| Query Name: nat_source_portHeader Type: Predefined |
PanOSNonStandardDestinationPort
| Query Name: non_standard_dest_portHeader Type: Custom |
PanOSNSSAINetworkSliceDifferentiator
| Query Name: nssai_network_slice_differentiator.valueHeader Type: Custom |
PanOSNSSAINetworkSliceType
| Query Name: nssai_network_slice_type.valueHeader Type: Custom |
deviceOutboundInterface
| |
PanOSOutboundInterfaceDetailsPort
| Query Name: outbound_if_details.portHeader Type: Custom |
PanOSOutboundInterfaceDetailsSlot
| Query Name: outbound_if_details.slotHeader Type: Custom |
PanOSOutboundInterfaceDetailsType
| Query Name: outbound_if_details.type.valueHeader Type: Custom |
PanOSOutboundInterfaceDetailsUnit
| Query Name: outbound_if_details.unitHeader Type: Custom |
PanOSPacketsDroppedMax
| Query Name: packets_dropped_max_encapHeader Type: Custom |
cfp2
| Query Name: packets_dropped_strict_checkHeader Type: PredefinedLabel: cfp2LabelLabel Text: PacketsDroppedStrict |
PanOSPacketsDroppedTunnel
| Query Name: packets_dropped_tunnel_fragHeader Type: Custom |
cfp1
| Query Name: packets_dropped_ukn_protoHeader Type: PredefinedLabel: cfp1LabelLabel Text: PacketsDroppedProtocol |
PanOSPacketsReceived
| Query Name: packets_receivedHeader Type: Custom |
PanOSPacketsSent
| Query Name: packets_sentHeader Type: Custom |
cn2
| |
PanOSPanoramaSN
| Query Name: panorama_serialHeader Type: Custom |
PanOSParentSessionID
| Query Name: parent_session_idHeader Type: Custom |
PanOSParentStarttime
| Query Name: parent_start_timeHeader Type: Custom |
PanOSProtocolDataUnitsessionID
| Query Name: pdu_session_idHeader Type: Custom |
PlatformType
| Query Name: platform_typeHeader Type: Custom |
PanOSContainerName
| Query Name: pod_nameHeader Type: Custom |
PanOSContainerNameSpace
| Query Name: pod_namespaceHeader Type: Custom |
proto
| |
PanOSRadioAccessTechnology
| Query Name: radio_access_technologyHeader Type: Custom |
PanOSApplicationRisk
| Query Name: risk_of_appHeader Type: Custom |
cs1
| |
PanOSRuleUUID
| Query Name: rule_matched_uuidHeader Type: Custom |
PanOSSanctionedStateofApp
| Query Name: sanctioned_state_of_appHeader Type: Custom |
externalId
| |
PanOSSessionOwnerMidx
| Query Name: sess_owner_rt_midxHeader Type: Custom |
reason
| |
cn1
| |
PanOSSessionStartTime
| Query Name: session_start_timeHeader Type: Custom |
PanOSSessionTracker
| Query Name: session_trackerHeader Type: Custom |
PanOSSeverity
| Query Name: severityHeader Type: Custom |
PanOSSourceDeviceClass
| Query Name: source_device_classHeader Type: Custom |
PanOSSourceDeviceMac
| Query Name: source_device_macHeader Type: Custom |
PanOSSourceDeviceModel
| Query Name: source_device_modelHeader Type: Custom |
PanOSSourceDeviceOS
| Query Name: source_device_osHeader Type: Custom |
PanOSSourceDeviceVendor
| Query Name: source_device_vendorHeader Type: Custom |
PanOSSourceDynamicAddressGroup
| Query Name: source_dynamic_address_groupHeader Type: Custom |
PanOSSourceEDL
| Query Name: source_edlHeader Type: Custom |
src or c6a2
| Query Name: source_ip.valueHeader Type: PredefinedLabel: || c6a2LabelLabel Text: || Source IPv6 Address |
PanOSSourceLocation
| Query Name: source_locationHeader Type: Custom |
spt
| Query Name: source_portHeader Type: Predefined |
suser
| |
sntdom
| |
susername
| |
suid
| |
PanOSSourceUUID
| Query Name: source_uuidHeader Type: Custom |
PanOSStandardPortsOfApp
| Query Name: standard_ports_of_appHeader Type: Custom |
Name
| Query Name: sub_type.valueHeader Type: Custom |
PanOSApplicationTechnology
| Query Name: technology_of_appHeader Type: Custom |
start
| Query Name: time_generatedHeader Type: Predefined |
PanOSTimeGeneratedHighResolution
| Query Name: time_generated_high_resHeader Type: Custom |
cs5
| |
cn3
| |
cs2
| Query Name: tunnel.valueHeader Type: PredefinedLabel: cs2LabelLabel Text: TunnelMax Length: 4000 |
PanOSTunnelCauseCode
| Query Name: tunnel_cause_codeHeader Type: Custom |
PanOSTunnelEndpointID1
| Query Name: tunnel_endpoint_id_1Header Type: Custom |
PanOSTunnelEndpointID2
| Query Name: tunnel_endpoint_id_2Header Type: Custom |
PanOSTunnelEventCode
| Query Name: tunnel_event_codeHeader Type: Custom |
PanOSTunnelEventType
| Query Name: tunnel_event_typeHeader Type: Custom |
PanOSTunnelInspectionRule
| Query Name: tunnel_inspection_ruleHeader Type: Custom |
PanOSTunnelInterface
| Query Name: tunnel_interfaceHeader Type: Custom |
PanOSTunnelMessageType
| Query Name: tunnel_message_typeHeader Type: Custom |
PanOSTunnelRemoteIMSIID
| Query Name: tunnel_remote_imsi_idHeader Type: Custom |
PanOSTunnelRemoteUserIP
| Query Name: tunnel_remote_user_ip.valueHeader Type: Custom |
cfp4
| Query Name: tunnel_sessions_closedHeader Type: PredefinedLabel: cfp4LabelLabel Text: TunnelSessionsClosed |
cfp3
| Query Name: tunnel_sessions_createdHeader Type: PredefinedLabel: cfp3LabelLabel Text: TunnelSessionsCreated |
PanOSTunneledApplication
| Query Name: tunneled_appHeader Type: Custom |
PanOSIMSI
| Query Name: tunnelid_imsiHeader Type: Custom |
PanOSURLCategory
| Query Name: url_category.valueHeader Type: Custom |
PanOSUsers
| Query Name: usersHeader Type: Custom |
Device Vendor
| Query Name: vendor_nameHeader Type: Custom |
PanOSVendorSeverity
| Query Name: vendor_severity.valueHeader Type: Custom |
cs3
| Query Name: vsysHeader Type: PredefinedLabel: cs3LabelLabel Text: VirtualLocationMax Length: 4000 |
PanOSVirtualSystemID
| Query Name: vsys_idHeader Type: Custom |
PanOSVirtualSystemName
| Query Name: vsys_nameHeader Type: Custom |