Device Details
|
Device Name |
Strata Logging Service |
|---|---|
|
Vendor |
Palo Alto |
|
Device Type |
Strata Logging Service |
|
Supported Model Name/Number |
N/A |
|
Supported Software Version |
N/A |
|
Collection Method |
Syslog |
|
Configurable Log Output |
CEF |
|
Log Source Type |
Syslog - Palo Alto Strata Logging Service CEF |
|
Log Processing Policy |
LogRhythm Default V 2.0 |
|
Exceptions |
N/A |
|
Additional Information |
https://docs.paloaltonetworks.com/strata-logging-service https://docs.paloaltonetworks.com/cortex/cortex-data-lake/log-forwarding-schema-reference |
Supported Log Messages
(List of LR tags used to parse the log information for each message type)
|
Type |
Product Version |
Supported Schema Fields |
|---|---|---|
|
Authentication Event |
N/A |
<vmid>, <severity>, <serialnumber>, <domainorigin>, <login>, <sip>, <dip>, <policy>, <result>, <protname>, <sname>, <smac>, <useragent , <session> |
|
Configuration Messages |
N/A |
<vmid>, <severity>, <serialnumber>, <domainorigin>, <login>, <vendorinfo>, <sip>, <command>, <account>, <process>, <result>, <object> |
|
Decryption Event Messages |
N/A |
<vmid>, <command>, <severity>, <sip>, <dip>, <snatip>, <dnatip>, <login>, <account>, <dinterface>, <sinterface>, <sport>, <dport>, <snatport>, <dnatport>, <protname>, <action>, <policy>, <sname>, <smac>, <dname>, <dmac>, <domainimpacted>, <domainorigin> |
|
File Threat Messages |
N/A |
<vmid>, <serialnumber>, <severity>, <subject>, <domainimpacted>, <account>, <objecttype>, <domainorigin>, <login>, <threatname>, <sip>, <dip>, <snatip>, <dnatip>, <sinterface>, <dinterface>, <session>, <quantity>, <sport>, <dport>, <snatport>, <dnatport>, <protname>, <tag1>, <action>, <object>, <hash>, <group>, <sname>, <smac>, <dname>, <dmac>, <reason> |
|
General System Event |
N/A |
<vmid>, <severity>, <serialnumber>, <result>, <status>, <dip>, <domainimpacted>, <account>, <vendorinfo>, <action>, <object>, <subject> |
|
GlobalProtect Status Messages |
N/A |
<vmid>, <severity>, <tag1>, <status>, <login>, <sname>, <sip>, <snatip>, <version>, <reason>, <vendorinfo>, <tag2>, <result>, <seconds>, <serialnumber>, <domainorigin>, <domainimpacted>, <account> |
|
Host Profile Messages |
N/A |
<vmid>, <severity>, <serialnumber>, <domainorigin>, <domainimpacted>, <login>, <account>, <sname>, <dname>, <sip>, <dip>, <object>, <quantity>, <objecttype>, <smac> |
|
IP Tag Messages |
N/A |
<vmid>, <severity>, <serialnumber>, <sip>, <dip>, <subject>, <action>, <quantity>, <object>, <objecttype> |
|
SCTP Messages |
N/A |
<vmid>, <severity>, <serialnumber>, <dmac>, <domainimpacted>, <account>, <reason>, <smac>, <domainorigin>, <login>, <sip>, <dip>, <snatip>, <dnatip>, <policy>, <sinterface>, <dinterface>, <session>, <quantity>, <sport>, <dport>, <snatport>, <dnatport>, <protname>, <tag1>, <action>, <subject>, <packetsin>, <packetsout> |
|
Threat Event |
N/A |
<tag1>, <vmid>, <severity>, <serialnumber>, <domainimpacted>, <account>, <command>, <domainorigin>, <login>, <subject>, <sip>, <dip>, <snatip>, <dnatip>, <sinterface>, <dinterface>, <sport>, <dport>, <snatport>, <dnatport>, <protname>, <tag2>, <action>, <object>, <threatid>, <threatname>, <hash>, <objecttype>, <sender>, <recipient>, <sname>, <smac>, <dname>, <dmac> |
|
Traffic Messages |
N/A |
<vmid>, <tag1>, <command>, <severity>, <serialnumber>, <domainimpacted>, <account>, <domainorigin>, <login>, <sip>, <dip>, <snatip>, <dnatip>, <policy>, <object>, <sinterface>, <dinterface>, <session>, <sport>, <dport>, <snatport>, <dnatport>, <protname>, <action>, <bytesin>, <bytesout>, <seconds>, <packetsin>, <packetsout>, <reason>, <subject>, <sname>, <smac>, <dname>, <dmac> |
|
URL Threat Messages |
N/A |
<vmid>, <severity>, <serialnumber>, <domainimpacted>, <account>, <domainorigin>, <login>, <sip>, <dip>, <snatip>, <dnatip>, <policy>, <sinterface>, <dinterface>, <session>, <sport>, <dport>, <snatport>, <dnatport>, <protname>, <tag1>, <action>, <url>, <subject>, <useragent>, <command>, <sname>, <smac>, <dname>, <dmac> |
|
User ID Messages |
N/A |
<vmid>, <severity>, <action>, <serialnumber>, <domainimpacted>, <account>, <sip>, <dip>, <object>, <sport>, <dport>, <subject> |
|
Catch All : Level 1 |
N/A |
<tag1>, <severity> |
Revision History
|
KB Version |
Log Type |
Change Type |
Details |
|---|---|---|---|
|
N/A |
Syslog - Palo Alto Strata Logging Service CEF |
New Device Documentation |
N/A |