| receive_time |
string |
Timestamp when the authentication log entry was received by Strata Logging Service. |
| serial |
string |
Serial number of the Palo Alto Networks device that generated this authentication log entry. |
| type |
string |
Log type identifier, always AUTH for authentication log entries. |
| subtype |
string |
Authentication log subtype indicating the outcome of the authentication event. |
| src |
string |
Source IP address of the authenticating client. |
| src_user |
string |
Username or user principal name presented during authentication. |
| auth_method |
string |
Authentication protocol or method used to authenticate the user. |
| auth_source |
string |
The name of the authentication source, server profile, or identity provider (e.g., Okta-SAML, corp-ldap, radius-server). |
| auth_result |
string |
The result of the authentication attempt indicating whether it succeeded, failed, required an additional challenge, or timed out. |
| mfa_vendor |
string |
Multi-factor authentication vendor name if MFA was triggered during authentication (e.g., Duo, Okta, PingID, RSA SecurID). |
| mfa_result |
string |
Result of the MFA challenge if multi-factor authentication was triggered as part of the authentication flow. |
| rule_name |
string |
Name of the Authentication Policy rule that triggered the authentication challenge for this session. |
| auth_profile |
string |
Name of the authentication profile configured on the firewall that was used to process this authentication event. |
| device_name |
string |
Hostname of the firewall that generated this authentication log entry. |
| vsys |
string |
Virtual system name or identifier on the firewall. |
| log_forwarding_profile |
string |
Name of the log forwarding profile that forwarded this log entry. |
| output_format |
string |
Output format in which this log entry was forwarded. |