Device Details

Device NameSyslog - Palo Alto Cortex Data Lake CEF
VendorPalo Alto
Device TypePalo Alto Cortex Data Lake
Supported Model Name/NumberN/A
Supported Software VersionN/A
Collection MethodSyslog
Configurable Log OutputNo
Log Source TypeSyslog - Palo Alto Cortex Data Lake CEF
Log Processing PolicyLogRhythm Default V 2.0
Additional InformationN/A

Supported Log Messages

(List of LR tags used to parse the log information for each message type)

TypeProduct VersionSupported Schema Fields

Authentication Event

N/A<vmid>, <serialnumber>, <domainorigin>, <login>, <sip>, <dip>, <policy>, <result>, <protname>, <sname>, <smac>, <useragent , <session>
Configuration MessagesN/A<vmid>, <serialnumber>, <domainorigin>, <login>, <vendorinfo>, <severity>, <sip>, <command>, <account>, <process>, <result>, <object>

Decryption Event Messages

N/A<vmid>, <command>, <sip>, <dip>, <snatip>, <dnatip>, <login>, <account>, <dinterface>, <sinterface>, <sport>, <dport>, <snatport>, <dnatport>, <protname>, <action>, <policy>, <sname>, <smac>, <dname>, <dmac>, <domainimpacted>, <domainorigin>
File Threat MessagesN/A<vmid>, <serialnumber>, <subject>, <domainimpacted>, <account>, <objecttype>, <domainorigin>, <login>, <threatname>, <sip>, <dip>, <snatip>, <dnatip>, <sinterface>, <dinterface>, <session>, <quantity>, <sport>, <dport>, <snatport>, <dnatport>, <protname>, <tag1>, <action>, <object>, <hash>, <group>, <sname>, <smac>, <dname>, <dmac>, <reason>
General System EventN/A<vmid>, <serialnumber>, <result>, <status>, <dip>, <domainimpacted>, <account>, <vendorinfo>, <severity>, <action>, <object>, <subject>

GlobalProtect Status Messages

N/A<vmid>, <tag1>, <status>, <login>, <sname>, <sip>, <snatip>, <reason>, <vendorinfo>, <tag2>, <result>, <duration>, <serialnumber>, <domainorigin>, <domainimpacted>, <account>

Host Profile Messages

N/A<vmid>, <serialnumber>, <domainorigin>, <domainimpacted>, <login>, <account>, <sname>, <dname>, <sip>, <dip>, <object>, <quantity>, <objecttype>, <smac>

IP Tag Messages

N/A<vmid>, <serialnumber>, <sip>, <dip>, <subject>, <action>, <quantity>, <object>, <objecttype>

SCTP Messages

N/A<vmid>, <serialnumber>, <dmac>, <domainimpacted>, <account>, <reason>, <severity>, <smac>, <domainorigin>, <login>, <sip>, <dip>, <snatip>, <dnatip>, <policy>, <sinterface>, <dinterface>, <session>, <quantity>, <sport>, <dport>, <snatport>, <dnatport>, <protname>, <tag1>, <action>, <subject>, <packetsin>, <packetsout>
Threat EventN/A<tag1>, <vmid>, <serialnumber>, <domainimpacted>, <account>, <command>, <severity>, <domainorigin>, <login>, <subject>, <snatip>, <dnatip>, <sinterface>, <dinterface>, <sport>, <dport>, <snatport>, <dnatport>, <protname>, <tag2>, <action>, <object>, <threatid>, <threatname>, <hash>, <objecttype>, <sender>, <recipient>, <sname>, <smac>, <dname>, <dmac>

Traffic Messages

N/A<vmid>, <tag1>, <command>, <serialnumber>, <domainimpacted>, <account>, <domainorigin>, <login>, <sip>, <dip>, <snatip>, <dnatip>, <policy>, <sinterface>, <dinterface>, <session>, <sport>, <dport>, <snatport>, <dnatport>, <protname>, <action>, <bytesin>, <bytesout>, <seconds>, <packetsin>, <packetsout>, <reason>, <subject>, <sname>, <smac>, <dname>, <dmac>

URL Threat Messages

N/A<vmid>, <serialnumber>, <domainimpacted>, <account>, <severity>, <domainorigin>, <login>, <sip>, <dip>, <snatip>, <dnatip>, <policy>, <sinterface>, <dinterface>, <session>, <sport>, <dport>, <snatport>, <dnatport>, <protname>, <tag1>, <action>, <url>, <subject>, <useragent>, <command>, <sname>, <smac>, <dname>, <dmac>

User ID Messages

N/A<vmid>, <action>, <serialnumber>, <domainimpacted>, <account>, <sip>, <dip>, <object>, <sport>, <dport>, <subject>

Revision History

KB VersionLog TypeChange TypeDetails
N/ASyslog - Palo Alto Cortex Data Lake CEFNew Device DocumentationN/A