topic Understanding Prisma Access Syslog Header &amp; messages in Prisma Access Discussions https://live.paloaltonetworks.com/t5/prisma-access-discussions/understanding-prisma-access-syslog-header-amp-messages/m-p/584750#M746 <P>Hello Team,</P> <P>I am working on Prisma Access syslog csv format. We are able to forward &amp; receive csv logs successfully.</P> <P>Now, I am trying to understand the format. I could able to understand the message part as all the field details are provided in the Palo Alto documentation clearly. However, header is where I am looking for little clarity. Following is the sample header of old log(few things masked):</P> <P>&nbsp;</P> <P>889 &lt;14&gt;1 2022-09-29T13:57:16.953Z stream-logfwd20-xxxxxxxx--xxxxxxxx-xxxx-abcxyz-1x2x logforwarder - panwlogs -</P> <P>&nbsp;</P> <P>I want to know:</P> <P>1. What is the "logforwarder" and "panwlogs"? And are these going to be static?</P> <P>2. Syslog header structure.</P> <P>3. How can I differentiate log coming Panorama vs Prisma Access via CDL?</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>Any support document or help regarding above points would would really appreciate.</P> <P>Thank you.</P> <P>&nbsp;</P> <P><LI-PRODUCT title="Prisma Access" id="Prisma_Access"></LI-PRODUCT> <LI-PRODUCT title="Cortex Data Lake" id="Cortex_Data_Lake"></LI-PRODUCT> <LI-PRODUCT title="Panorama" id="Panorama"></LI-PRODUCT>&nbsp;</P> Wed, 24 Apr 2024 07:34:24 GMT sushant1601 2024-04-24T07:34:24Z Understanding Prisma Access Syslog Header & messages https://live.paloaltonetworks.com/t5/prisma-access-discussions/understanding-prisma-access-syslog-header-amp-messages/m-p/584750#M746 <P>Hello Team,</P> <P>I am working on Prisma Access syslog csv format. We are able to forward &amp; receive csv logs successfully.</P> <P>Now, I am trying to understand the format. I could able to understand the message part as all the field details are provided in the Palo Alto documentation clearly. However, header is where I am looking for little clarity. Following is the sample header of old log(few things masked):</P> <P>&nbsp;</P> <P>889 &lt;14&gt;1 2022-09-29T13:57:16.953Z stream-logfwd20-xxxxxxxx--xxxxxxxx-xxxx-abcxyz-1x2x logforwarder - panwlogs -</P> <P>&nbsp;</P> <P>I want to know:</P> <P>1. What is the "logforwarder" and "panwlogs"? And are these going to be static?</P> <P>2. Syslog header structure.</P> <P>3. How can I differentiate log coming Panorama vs Prisma Access via CDL?</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>Any support document or help regarding above points would would really appreciate.</P> <P>Thank you.</P> <P>&nbsp;</P> <P><LI-PRODUCT title="Prisma Access" id="Prisma_Access"></LI-PRODUCT> <LI-PRODUCT title="Cortex Data Lake" id="Cortex_Data_Lake"></LI-PRODUCT> <LI-PRODUCT title="Panorama" id="Panorama"></LI-PRODUCT>&nbsp;</P> Wed, 24 Apr 2024 07:34:24 GMT https://live.paloaltonetworks.com/t5/prisma-access-discussions/understanding-prisma-access-syslog-header-amp-messages/m-p/584750#M746 sushant1601 2024-04-24T07:34:24Z