Syslog - Palo Alto Strata Logging Service CEF
Device Details
Device Name | Strata Logging Service |
|---|---|
Vendor | Palo Alto |
Device Type | Strata Logging Service |
Supported Model Name/Number | N/A |
Supported Software Version | N/A |
Collection Method | Syslog |
Configurable Log Output | CEF |
Log Source Type | Syslog - Palo Alto Strata Logging Service CEF |
Log Processing Policy | LogRhythm Default V 2.0 |
Exceptions | N/A |
Additional Information | https://docs.paloaltonetworks.com/strata-logging-service https://docs.paloaltonetworks.com/cortex/cortex-data-lake/log-forwarding-schema-reference |
Supported Log Messages
(List of LR tags used to parse the log information for each message type)
Type | Product Version | Supported Schema Fields |
|---|---|---|
Authentication Event | N/A | <vmid>, <severity>, <serialnumber>, <domainorigin>, <login>, <sip>, <dip>, <policy>, <result>, <protname>, <sname>, <smac>, <useragent , <session> |
Configuration Messages | N/A | <vmid>, <severity>, <serialnumber>, <domainorigin>, <login>, <vendorinfo>, <sip>, <command>, <account>, <process>, <result>, <object> |
Decryption Event Messages | N/A | <vmid>, <command>, <severity>, <sip>, <dip>, <snatip>, <dnatip>, <login>, <account>, <dinterface>, <sinterface>, <sport>, <dport>, <snatport>, <dnatport>, <protname>, <action>, <policy>, <sname>, <smac>, <dname>, <dmac>, <domainimpacted>, <domainorigin> |
File Threat Messages | N/A | <vmid>, <serialnumber>, <severity>, <subject>, <domainimpacted>, <account>, <objecttype>, <domainorigin>, <login>, <threatname>, <sip>, <dip>, <snatip>, <dnatip>, <sinterface>, <dinterface>, <session>, <quantity>, <sport>, <dport>, <snatport>, <dnatport>, <protname>, <tag1>, <action>, <object>, <hash>, <group>, <sname>, <smac>, <dname>, <dmac>, <reason> |
General System Event | N/A | <vmid>, <severity>, <serialnumber>, <result>, <status>, <dip>, <domainimpacted>, <account>, <vendorinfo>, <action>, <object>, <subject> |
GlobalProtect Status Messages | N/A | <vmid>, <severity>, <tag1>, <status>, <login>, <sname>, <sip>, <snatip>, <version>, <reason>, <vendorinfo>, <tag2>, <result>, <seconds>, <serialnumber>, <domainorigin>, <domainimpacted>, <account> |
Host Profile Messages | N/A | <vmid>, <severity>, <serialnumber>, <domainorigin>, <domainimpacted>, <login>, <account>, <sname>, <dname>, <sip>, <dip>, <object>, <quantity>, <objecttype>, <smac> |
IP Tag Messages | N/A | <vmid>, <severity>, <serialnumber>, <sip>, <dip>, <subject>, <action>, <quantity>, <object>, <objecttype> |
SCTP Messages | N/A | <vmid>, <severity>, <serialnumber>, <dmac>, <domainimpacted>, <account>, <reason>, <smac>, <domainorigin>, <login>, <sip>, <dip>, <snatip>, <dnatip>, <policy>, <sinterface>, <dinterface>, <session>, <quantity>, <sport>, <dport>, <snatport>, <dnatport>, <protname>, <tag1>, <action>, <subject>, <packetsin>, <packetsout> |
Threat Event | N/A | <tag1>, <vmid>, <severity>, <serialnumber>, <domainimpacted>, <account>, <command>, <domainorigin>, <login>, <subject>, <sip>, <dip>, <snatip>, <dnatip>, <sinterface>, <dinterface>, <sport>, <dport>, <snatport>, <dnatport>, <protname>, <tag2>, <action>, <object>, <threatid>, <threatname>, <hash>, <objecttype>, <sender>, <recipient>, <sname>, <smac>, <dname>, <dmac> |
Traffic Messages | N/A | <vmid>, <tag1>, <command>, <severity>, <serialnumber>, <domainimpacted>, <account>, <domainorigin>, <login>, <sip>, <dip>, <snatip>, <dnatip>, <policy>, <object>, <sinterface>, <dinterface>, <session>, <sport>, <dport>, <snatport>, <dnatport>, <protname>, <action>, <bytesin>, <bytesout>, <seconds>, <packetsin>, <packetsout>, <reason>, <subject>, <sname>, <smac>, <dname>, <dmac> |
URL Threat Messages | N/A | <vmid>, <severity>, <serialnumber>, <domainimpacted>, <account>, <domainorigin>, <login>, <sip>, <dip>, <snatip>, <dnatip>, <policy>, <sinterface>, <dinterface>, <session>, <sport>, <dport>, <snatport>, <dnatport>, <protname>, <tag1>, <action>, <url>, <subject>, <useragent>, <command>, <sname>, <smac>, <dname>, <dmac> |
User ID Messages | N/A | <vmid>, <severity>, <action>, <serialnumber>, <domainimpacted>, <account>, <sip>, <dip>, <object>, <sport>, <dport>, <subject> |
Catch All : Level 1 | N/A | <tag1>, <severity> |
Revision History
KB Version | Log Type | Change Type | Details |
|---|---|---|---|
N/A | Syslog - Palo Alto Strata Logging Service CEF | New Device Documentation | N/A |