Strata Logging Forwarding Url Log Payload Structure
Schema for a forwarded PAN-OS URL filtering log entry. URL logs capture web access events evaluated by the URL Filtering security profile, providing visibility into browsing activity, policy enforcement, and URL category decisions.
Type: object
Properties: 19
Cloud SecurityCybersecurityFirewallNetwork SecuritySASESOARThreat IntelligenceXDR
UrlLogPayload is a JSON Structure definition published by Palo Alto Networks, describing 19 properties. It conforms to the https://json-structure.org/meta/core/v0/# meta-schema.
{
"$schema": "https://json-structure.org/meta/core/v0/#",
"$id": "https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-structure/strata-logging-forwarding-url-log-payload-structure.json",
"name": "UrlLogPayload",
"description": "Schema for a forwarded PAN-OS URL filtering log entry. URL logs capture web access events evaluated by the URL Filtering security profile, providing visibility into browsing activity, policy enforcement, and URL category decisions.\n",
"type": "object",
"properties": {
"receive_time": {
"type": "datetime",
"description": "Timestamp when the URL log entry was received by Strata Logging Service.\n"
},
"serial": {
"type": "string",
"description": "Serial number of the Palo Alto Networks device that generated this URL log entry.\n"
},
"type": {
"type": "string",
"description": "Log type identifier, always URL for URL filtering log entries.",
"enum": [
"URL"
]
},
"src": {
"type": "string",
"description": "Source IP address of the client making the web request."
},
"dst": {
"type": "string",
"description": "Destination IP address of the web server being accessed."
},
"sport": {
"type": "int32",
"description": "Source port number of the HTTP/HTTPS session."
},
"dport": {
"type": "int32",
"description": "Destination port number of the HTTP/HTTPS session."
},
"app": {
"type": "string",
"description": "Application identified by App-ID for the web session (e.g., web-browsing, ssl, google-base).\n"
},
"url": {
"type": "string",
"description": "The full URL that was requested, including protocol, hostname, path, and query parameters if present.\n"
},
"url_category": {
"type": "string",
"description": "URL category classification assigned by PAN-DB URL filtering database (e.g., business-and-economy, malware, social-networking, command-and-control).\n"
},
"action": {
"type": "string",
"description": "Action applied to the URL request by the URL Filtering security profile configured on the matching security policy rule.\n",
"enum": [
"allow",
"block",
"continue",
"override",
"alert"
]
},
"http_method": {
"type": "string",
"description": "HTTP method of the web request.",
"enum": [
"GET",
"POST",
"PUT",
"DELETE",
"HEAD",
"OPTIONS",
"PATCH",
"CONNECT"
]
},
"content_type": {
"type": "string",
"description": "MIME content type of the HTTP response."
},
"src_user": {
"type": "string",
"description": "Source user identity associated with the web request if User-ID is enabled.\n"
},
"rule_name": {
"type": "string",
"description": "Name of the security policy rule that matched the session containing this URL request.\n"
},
"device_name": {
"type": "string",
"description": "Hostname of the firewall that generated this URL log entry."
},
"vsys": {
"type": "string",
"description": "Virtual system name or identifier on the firewall."
},
"log_forwarding_profile": {
"type": "string",
"description": "Name of the log forwarding profile that forwarded this log entry.\n"
},
"output_format": {
"type": "string",
"description": "Output format in which this log entry was forwarded.",
"enum": [
"CSV",
"LEEF",
"CEF",
"JSON",
"PARQUET"
]
}
}
}