Cisco
Login
Search
Software Secure Access
Activity Manage

Cisco Secure Access Help Manage Logging Log Formats and Versioning Data Loss Prevention (DLP) Log Formats Order of Fields in the DLP Log V12 Log Formats

Last updated: Aug 14, 2025

V12 Log Formats

The CSV fields in the header row of the DLP logs.

timestamp,event type,unique event id,severity,identity,owner,name,application,destination,action,rule,data classification,data identifier,content type,file size,sha 256 hash,file label,application category name,traffic direction,private resource name,private resource group name,destination protocol,destination ip,destination port,organization id

The description of each field and the log version in which each field was released, up to Version 12. For more information about log versions, see Find Your Log Schema Version.

Field name Description Release version
timestamp The date and time of the DLP event, expressed as a UTC-formatted string (e.g., 2024-01-16 17:48:41).

 
Unlike the Secure Access dashboard and reports, Secure Access logs do not convert the timestamp to your local timezone.
v6
event type The type of event that matched a data identifier. Real Time denotes a proxy-based DLP event triggered by a Real Time rule and SaaS API denotes a DLP event triggered by any of the SaaS API rules. v8
unique event id The unique identifier for the event. There can be multiple violation matches in one event. v6
severity The severity of the rule: Low/Info, Medium/Warn, High/Alert, or Critical. v6
identity The source that triggered the violation. v6
owner The owner of the file. v6
name The name of the file. v6
application The application of the request. v6
destination The domain of the request. v6
action If the violation was Blocked or Monitored. v6
rule The DLP rule name. v6
data classification The data classification whose data identifier matched on the violation. v6
data identifier The data identifier that matched on the request. v6
content type The mime type of the file that matches the data identifier. v6
file size The size of the file in bytes. v6
sha 256 hash The hex digest of the response content. v6
file label The file name label that matched on the file properties. v7
application category name The category of the requested web application. For more information, see Application Categories. v10
traffic direction Direction of traffic. (Applies only to some applications, such as OpenAI API and OpenAI ChatGPT.) v10
private resource name The name of the private resource. v10
private resource group name The private resource group name if the matched rule destination was a private resource group. v10
destination protocol The protocol of the destination. v10
destination ip The IP address of the destination. v10
destination port The port of the destination. v10
organization id The Secure Access organization ID. For more information, see Find Your Organization ID . v10
Previous topic Optional V12 Log Header Format Next topic DNS Log Formats