Skip to main content
Skip table of contents

Syslog - Palo Alto Cortex XDR

Device Details

Device Name

Palo Alto Cortex XDR


Palo Alto

Device Type

Network and Endpoint Protection

Supported Model Name/Number


Supported Software Version


Collection Method


Configurable Log Output


Log Source Type

Syslog - Palo Alto Cortex XDR

Log Processing Policy

LogRhythm Default v2.0



Additional Information

Supported Log Messages

(List of LR Tags used to parse the log information for each message type)

TypeProduct VersionSupported Schema Fields
Catch AllN/A<severity>
Cortext Agent MessagesN/A<version>, <vmid>, <vendorinfo>, <severity>, <sname>, <domainorigin>, <login> , <threatname>, <threatid>, <url>, <process>, <command>, <hash>, <object>,  <parentprocesspath>, <reason>, <action>
Cortex Agent Audit MessagesN/A<version>, <vmid>, <vendorinfo>, <tag1>, <severity>, <domainorigin>, <sname>, <threatname>, <action>, <tag2>, <result>, <tag3>, <reason>, <subject>
Cortex Alert MessagesN/A<version>, <vmid>, <vendorinfo>, <severity>, <sname>, <domainorigin>, <login>, <threatname>,<tag2>, <threatid>, <url>, <process>, <command>, <status>, <parentprocessname>, <dip>, <dport>, <sip>, <sport>, <protname>, <hash>, <object>, <hash>, <reason>, <action>, <tag1>, <subject>
Cortex BIOC MessagesN/A<version>, <vmid>, <vendorinfo>, <severity>, <sname>, <domainorigin>, <login>, <threatname>, <threatid>, <url>, <process>, <command>, <hash>, <object> <parentprocesspath>, <action>
Cortex IOC MessagesN/A<version>, <vmid>, <vendorinfo>, <severity>, <sname>, <login>, <domainorigin>, <threatname>, <threatid>, <url>, <process>, <command>, <dip>, <dport>, <sip>, <sport>, <protname>, <hash>, <object>, <parentprocesspath>, <action>
Cortex Management Audit MessagesN/A<version>, <vmid>, <vendorinfo>, <tag1>, <severity>, <threatid>, <login>, <domainorigin>, <action>, <result>, <tag2>, <reason>, <subject>

Revision History

KB VersionLog TypeChange TypeDetails
KB 7.1.588.0Syslog - Palo Alto Cortex XDRNew Log Source Type and DocumentationNew device support
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.