https://live.paloaltonetworks.com/t5/next-generation-firewall/clarification-on-system-log-subtypes-categorized-as-security/m-p/1234667#M6124 <P>Hello&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/194129197">@suresh.nalamolu</a></P> <P>&nbsp;</P> <P>thanks for post!</P> <P>&nbsp;</P> <P>Based on documentation:&nbsp;<A href="https://docs.paloaltonetworks.com/pan-os/11-1/pan-os-admin/monitoring/use-syslog-for-monitoring/syslog-field-descriptions/system-log-fields" target="_self">System Log Fields</A>&nbsp;the list of System log sub types you mentioned in your post is complete. In general, System logs are related to Firewall's health / Firewall's operation events / Outcome of Firewall's configuration.</P> <P>&nbsp;</P> <P>As&nbsp;Security Analyst / SOC Analyst / Security Engineer, I would be looking more into Threat, WildFire, URL and Traffic logs. System logs are more important for Firewall Administrator. Personally, I found some of the system logs useful. For example Auth system log sub type is handy to detect excessive logging failures, credential brute forcing into Firewall. Other than this, I found all other log types more handy for Firewall admin.</P> <P>&nbsp;</P> <P>Kind Regards</P> <P>Pavel&nbsp;&nbsp;</P> Fri, 25 Jul 2025 01:22:51 GMT PavelK 2025-07-25T01:22:51Z https://live.paloaltonetworks.com/t5/next-generation-firewall/clarification-on-system-log-subtypes-categorized-as-security/m-p/1234532#M6112 <P>I’m currently reviewing the subtypes available under <STRONG>System Logs</STRONG> in Palo Alto Networks, and I’d like to confirm which of the following subtypes are categorized or considered as <STRONG>Security</STRONG> related events.</P><P>here is the list I've:</P><UL><LI>&nbsp;Auth</LI><LI>crypto</LI><LI>dhcp</LI><LI>dnsproxy</LI><LI>dos</LI><LI>general</LI><LI>global-protect</LI><LI>ha</LI><LI>hw</LI><LI>nat</LI><LI>ntpd</LI><LI>pbf</LI><LI>port</LI><LI>pppoe</LI><LI>ras</LI><LI>routing</LI><LI>satd</LI><LI>sslmgr</LI><LI>sslvpn</LI><LI>userid</LI><LI>url-filtering</LI><LI>vpn</LI><LI>wildfire</LI></UL><P>Could someone please confirm which of these are considered <STRONG>Security-focused</STRONG> subtypes? If there's any documentation link or reference that details this categorization, that would be greatly appreciated as well.</P> Wed, 23 Jul 2025 10:29:47 GMT https://live.paloaltonetworks.com/t5/next-generation-firewall/clarification-on-system-log-subtypes-categorized-as-security/m-p/1234532#M6112 suresh.nalamolu 2025-07-23T10:29:47Z https://live.paloaltonetworks.com/t5/next-generation-firewall/clarification-on-system-log-subtypes-categorized-as-security/m-p/1234667#M6124 <P>Hello&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/194129197">@suresh.nalamolu</a></P> <P>&nbsp;</P> <P>thanks for post!</P> <P>&nbsp;</P> <P>Based on documentation:&nbsp;<A href="https://docs.paloaltonetworks.com/pan-os/11-1/pan-os-admin/monitoring/use-syslog-for-monitoring/syslog-field-descriptions/system-log-fields" target="_self">System Log Fields</A>&nbsp;the list of System log sub types you mentioned in your post is complete. In general, System logs are related to Firewall's health / Firewall's operation events / Outcome of Firewall's configuration.</P> <P>&nbsp;</P> <P>As&nbsp;Security Analyst / SOC Analyst / Security Engineer, I would be looking more into Threat, WildFire, URL and Traffic logs. System logs are more important for Firewall Administrator. Personally, I found some of the system logs useful. For example Auth system log sub type is handy to detect excessive logging failures, credential brute forcing into Firewall. Other than this, I found all other log types more handy for Firewall admin.</P> <P>&nbsp;</P> <P>Kind Regards</P> <P>Pavel&nbsp;&nbsp;</P> Fri, 25 Jul 2025 01:22:51 GMT https://live.paloaltonetworks.com/t5/next-generation-firewall/clarification-on-system-log-subtypes-categorized-as-security/m-p/1234667#M6124 PavelK 2025-07-25T01:22:51Z