Palo Alto Networks · Schema
UrlLogPayload
Schema for a forwarded PAN-OS URL filtering log entry. URL logs capture web access events evaluated by the URL Filtering security profile, providing visibility into browsing activity, policy enforcement, and URL category decisions.
Cloud SecurityCybersecurityFirewallNetwork SecuritySASESOARThreat IntelligenceXDR
Properties
| Name | Type | Description |
|---|---|---|
| receive_time | string | Timestamp when the URL log entry was received by Strata Logging Service. |
| serial | string | Serial number of the Palo Alto Networks device that generated this URL log entry. |
| type | string | Log type identifier, always URL for URL filtering log entries. |
| src | string | Source IP address of the client making the web request. |
| dst | string | Destination IP address of the web server being accessed. |
| sport | integer | Source port number of the HTTP/HTTPS session. |
| dport | integer | Destination port number of the HTTP/HTTPS session. |
| app | string | Application identified by App-ID for the web session (e.g., web-browsing, ssl, google-base). |
| url | string | The full URL that was requested, including protocol, hostname, path, and query parameters if present. |
| url_category | string | URL category classification assigned by PAN-DB URL filtering database (e.g., business-and-economy, malware, social-networking, command-and-control). |
| action | string | Action applied to the URL request by the URL Filtering security profile configured on the matching security policy rule. |
| http_method | string | HTTP method of the web request. |
| content_type | string | MIME content type of the HTTP response. |
| src_user | string | Source user identity associated with the web request if User-ID is enabled. |
| rule_name | string | Name of the security policy rule that matched the session containing this URL request. |
| device_name | string | Hostname of the firewall that generated this URL log entry. |
| vsys | string | Virtual system name or identifier on the firewall. |
| log_forwarding_profile | string | Name of the log forwarding profile that forwarded this log entry. |
| output_format | string | Output format in which this log entry was forwarded. |
JSON Schema
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"title": "UrlLogPayload",
"description": "Schema for a forwarded PAN-OS URL filtering log entry. URL logs capture web access events evaluated by the URL Filtering security profile, providing visibility into browsing activity, policy enforcement, and URL category decisions.\n",
"$id": "https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-schema/strata-logging-forwarding-url-log-payload-schema.json",
"type": "object",
"properties": {
"receive_time": {
"type": "string",
"format": "date-time",
"description": "Timestamp when the URL log entry was received by Strata Logging Service.\n"
},
"serial": {
"type": "string",
"description": "Serial number of the Palo Alto Networks device that generated this URL log entry.\n"
},
"type": {
"type": "string",
"enum": [
"URL"
],
"description": "Log type identifier, always URL for URL filtering log entries."
},
"src": {
"type": "string",
"description": "Source IP address of the client making the web request."
},
"dst": {
"type": "string",
"description": "Destination IP address of the web server being accessed."
},
"sport": {
"type": "integer",
"description": "Source port number of the HTTP/HTTPS session."
},
"dport": {
"type": "integer",
"description": "Destination port number of the HTTP/HTTPS session."
},
"app": {
"type": "string",
"description": "Application identified by App-ID for the web session (e.g., web-browsing, ssl, google-base).\n"
},
"url": {
"type": "string",
"description": "The full URL that was requested, including protocol, hostname, path, and query parameters if present.\n"
},
"url_category": {
"type": "string",
"description": "URL category classification assigned by PAN-DB URL filtering database (e.g., business-and-economy, malware, social-networking, command-and-control).\n"
},
"action": {
"type": "string",
"enum": [
"allow",
"block",
"continue",
"override",
"alert"
],
"description": "Action applied to the URL request by the URL Filtering security profile configured on the matching security policy rule.\n"
},
"http_method": {
"type": "string",
"enum": [
"GET",
"POST",
"PUT",
"DELETE",
"HEAD",
"OPTIONS",
"PATCH",
"CONNECT"
],
"description": "HTTP method of the web request."
},
"content_type": {
"type": "string",
"description": "MIME content type of the HTTP response."
},
"src_user": {
"type": "string",
"description": "Source user identity associated with the web request if User-ID is enabled.\n"
},
"rule_name": {
"type": "string",
"description": "Name of the security policy rule that matched the session containing this URL request.\n"
},
"device_name": {
"type": "string",
"description": "Hostname of the firewall that generated this URL log entry."
},
"vsys": {
"type": "string",
"description": "Virtual system name or identifier on the firewall."
},
"log_forwarding_profile": {
"type": "string",
"description": "Name of the log forwarding profile that forwarded this log entry.\n"
},
"output_format": {
"type": "string",
"enum": [
"CSV",
"LEEF",
"CEF",
"JSON",
"PARQUET"
],
"description": "Output format in which this log entry was forwarded."
}
}
}