Palo Alto Networks · Schema
TrafficLogPayload
Schema for a forwarded PAN-OS traffic log entry. Traffic logs capture session metadata for every network connection processed by the firewall, providing comprehensive network visibility for security operations, compliance, and analytics.
Cloud SecurityCybersecurityFirewallNetwork SecuritySASESOARThreat IntelligenceXDR
Properties
| Name | Type | Description |
|---|---|---|
| receive_time | string | Timestamp when the log entry was received by Strata Logging Service from the generating firewall device. |
| serial | string | Serial number of the Palo Alto Networks firewall or Prisma Access node that generated this log entry. |
| type | string | Log type identifier, always TRAFFIC for traffic log entries. |
| subtype | string | Traffic log subtype indicating what session lifecycle event triggered this log entry. |
| src | string | Source IP address of the network session. |
| dst | string | Destination IP address of the network session. |
| sport | integer | Source port number of the network session. |
| dport | integer | Destination port number of the network session. |
| proto | string | IP protocol name or number for the session (e.g., tcp, udp, icmp). |
| app | string | Application identified by PAN-OS App-ID, such as ssl, web-browsing, dns, or a specific SaaS application name. |
| action | string | Enforcement action applied to the session by the matching security policy rule. |
| bytes_sent | integer | Total bytes sent from client to server in this session. |
| bytes_received | integer | Total bytes received by client from server in this session. |
| session_id | string | Unique session identifier assigned by the firewall for this network session. |
| rule_name | string | Name of the security policy rule that matched and processed this session. |
| src_zone | string | Source security zone from which the session originated. |
| dst_zone | string | Destination security zone to which the session is destined. |
| src_user | string | Source user identity associated with the session if User-ID is enabled on the ingress zone. |
| dst_user | string | Destination user identity if available. |
| nat_src | string | Post-NAT source IP address after address translation. |
| nat_dst | string | Post-NAT destination IP address after address translation. |
| nat_sport | integer | Post-NAT source port after port address translation. |
| nat_dport | integer | Post-NAT destination port after port address translation. |
| packets_sent | integer | Total packets sent from client in this session. |
| packets_received | integer | Total packets received by client in this session. |
| session_duration | integer | Total session duration in seconds. |
| device_name | string | Hostname of the firewall that generated this log entry. |
| vsys | string | Virtual system name or identifier on the firewall. |
| log_forwarding_profile | string | Name of the Strata Logging Service log forwarding profile that forwarded this log entry. |
| output_format | string | Output format in which this log entry was forwarded to the destination. |