>
    Strata Copilot
    UserID EMAIL Fields
    Focus
    Download PDF
    Focus
    1. Home
    2. Strata Logging Service
    3. Strata Logging Service Log Reference
    4. Network Logs
    5. UserID
    6. UserID EMAIL Fields
    Download PDF
    Strata Logging Service

    UserID EMAIL Fields

    Table of Contents

    UserID EMAIL Fields

    Example UserID log in EMAIL: 
    TimeReceived=2021-02-23T02:43:57.000000Z
DeviceSN=xxxxxxxxxxxxx
LogType=USERID
Subtype=logout
ConfigVersion=
TimeGenerated=2021-02-23T02:43:57.000000Z
VirtualLocation=vsys1
SourceIP=xxxxxxxxxxxx
User="paloaltonetworks\xxxxx"
MappingDataSourceName=fake-data-source-169
EventID=0
CountofRepeats=1
MappingTimeout=3531
SourcePort=21015
DestinationPort=49760
MappingDataSource=probing
MappingDataSourceType=netbios_probing
SequenceNo=6711379990526558750
DGHierarchyLevel1=12
DGHierarchyLevel2=0
DGHierarchyLevel3=0
DGHierarchyLevel4=0
VirtualSystemName=
DeviceName=PA-5220
VirtualSystemID=1
MFAFactorType=xxxxx
AuthCompletionTime=2019-07-09T18:15:44.000000Z
AuthFactorNo=3
UGFlags=0x100
UserIdentifiedBySource=xxxxxxxxxxxxxx
Tag=
TimeGeneratedHighResolution=2019-07-25T23:30:12.000000Z
    The following table identifies the UserID field names that the Log Forwarding app uses when you forward logs using the EMAIL log format.
    EMAIL Name
    Query Name
    AuthCompletionTime
    auth_completion_time
    AuthFactorNo
    auth_factor_num
    AuthenticatedUserDomain
    authenticated_user_info.​domain
    AuthenticatedUserName
    authenticated_user_info.​name
    AuthenticatedUserUUID
    authenticated_user_info.​uuid
    ConfigVersion
    config_version.​value
    CountofRepeats
    count_of_repeats
    CortexDataLakeTenantID
    customer_id
    DestinationPort
    dest_port
    DGHierarchyLevel1
    dg_hier_level_1
    DGHierarchyLevel2
    dg_hier_level_2
    DGHierarchyLevel3
    dg_hier_level_3
    DGHierarchyLevel4
    dg_hier_level_4
    EventID
    event_id
    IsDuplicateLog
    is_dup_log
    IsDuplicateUser
    is_duplicate_user
    LogExported
    is_exported
    LogForwarded
    is_forwarded
    IsPrismaNetworks
    is_prisma_branch
    IsPrismaUsers
    is_prisma_mobile
    LogSource
    log_source
    LogSourceGroupID
    log_source_group_id
    DeviceSN
    log_source_id
    DeviceName
    log_source_name
    LogSourceTimeZoneOffset
    log_source_tz_offset
    TimeReceived
    log_time
    LogType
    log_type.​value
    MappingDataSource
    mapping_data_source.​value
    MappingDataSourceName
    mapping_data_source_name
    MappingDataSourceType
    mapping_data_source_type.​value
    MappingTimeout
    mapping_timeout
    MFAFactorType
    mfa_factor_type
    PanoramaSN
    panorama_serial
    PlatformType
    platform_type
    SequenceNo
    sequence_no
    SourceIP
    source_ip.​value
    SourcePort
    source_port
    Subtype
    sub_type.​value
    Tag
    tag_name
    TimeGenerated
    time_generated
    TimeGeneratedHighResolution
    time_generated_high_res
    UGFlags
    ug_flags
    User
    user
    UserGroupFound
    user_group_found
    UserIdentifiedBySource
    user_identified_by_source_as
    VendorName
    vendor_name
    VirtualLocation
    vsys
    VirtualSystemID
    vsys_id
    VirtualSystemName
    vsys_name

    © 2025 Palo Alto Networks, Inc. All rights reserved.