Specify the Logs You Want to Send
You can choose the logs that you want your log forwarding profile to send by using the logtypes parameter.
logtypes accepts an array of five objects:
allColumnsexcludedColumnsfilterincludedColumnslogtype
allColumns
A boolean value. When True:
- sends all available fields for the chosen
logtype, minus anyexcludedColumns
When False:
- sends only
includedColumns - If
includedColumnsis empty, sends a default subset of log fields, minus anyexcludedColumns - If
excludedColumnsis also empty, sends the entire default subset of log fields
This JSON file contains the log fields included for
both scenarios and each log type. In the file, the log fields under ALL are those sent for each
log type when allColumns is True and excludedColumns is empty. The log fields under DEFAULT
are those sent for each log type when allColumns is False and the other parameters are empty.
logtype
logtype represents the type of log that you want to forward:
| Log Type | Value |
|---|---|
| Traffic | "firewall.traffic" |
| Threat | "firewall.threat" |
| Authentication | "firewall.auth" |
| URL | "firewall.url" |
| File | "firewall.file" |
| UserID | "firewall.userid" |
| IPtag | "firewall.iptag" |
| HIP Match | "firewall.hipmatch" |
| Tunnel | "firewall.tunnel" |
| SCTP | "firewall.sctp" |
| GlobalProtect | "firewall.globalprotect" |
| Decryption | "firewall.decription" |
| Common - System | "common.system" |
| Common - Configuration | "common.config" |
| Endpoint - GlobalProtect Troubleshooting | "endpoint.globalprotect troubleshooting" |
For more information about the parameters mentioned, see the API Reference.
For the log types and log fields that you can send, see the Schema Reference.