Table of Contents | ||||
---|---|---|---|---|
|
Introduction
The tags beginning with vpn.zscaler
identify events generated by Zscaler Client Connector.
...
Valid tags and data tables
The full tag must have three levels. The first two are fixed asvpn.zscaler
. The third level identifies the type of events sent.
Technology
Brand
Type
vpn
zscaler
access
activity
Product/Service | Tags | Data table |
---|---|---|
Zscaler |
|
|
|
| |
|
| |
|
|
|
Therefore, the valid tags and tables include:For more information, read more About Devo tags.
Table structure
vpn.zscaler.access
Field | Type | Extra fields | Field transformation | Source field name | ||
---|---|---|---|---|---|---|
eventdate |
| |||||
hostname |
| |||||
LogTimestamp |
|
| LogTimestamp_tmp | |||
ConnectionID |
| |||||
Exporter |
| |||||
TimestampRequestReceiveStart |
| |||||
TimestampRequestReceiveHeaderFinish |
| |||||
TimestampRequestReceiveFinish |
| |||||
TimestampRequestTransmitStart |
| |||||
TimestampRequestTransmitFinish |
| |||||
TimestampResponseReceiveStart |
| |||||
TimestampResponseReceiveFinish |
| |||||
TimestampResponseTransmitStart |
| |||||
TimestampResponseTransmitFinish |
| |||||
TotalTimeRequestReceive |
| |||||
TotalTimeRequestTransmit |
| |||||
TotalTimeResponseReceive |
| |||||
TotalTimeResponseTransmit |
| |||||
TotalTimeConnectionSetup |
| |||||
TotalTimeServerResponse |
| |||||
Method |
| |||||
Protocol |
| |||||
Host |
| |||||
URL |
| |||||
UserAgent |
| |||||
XFF |
| |||||
NameID |
| |||||
StatusCode |
| |||||
RequestSize |
| |||||
ResponseSize |
| |||||
ApplicationPort |
| |||||
ClientPublicIp |
| |||||
ClientPublicPort |
| |||||
ClientPrivateIp |
| |||||
Customer |
| |||||
ConnectionStatus |
| |||||
ConnectionReason |
| |||||
hostchain |
| ✓ | ||||
tag |
| ✓ | ||||
rawMessage |
| ✓ |
vpn.zscaler.activity
...
Field | Type | Extra fields | Field transformation | Source field name |
---|---|---|---|---|
eventdate |
| |||
hostname |
| |||
LogTimestamp |
|
...
vpn.zscaler.status_user
| LogTimestamp_tmp | |||||
Customer |
| |||||
SessionID |
| |||||
ConnectionID |
| |||||
InternalReason |
| |||||
ConnectionStatus |
| |||||
IPProtocol |
| |||||
DoubleEncryption |
| |||||
Username |
| |||||
ServicePort |
| |||||
ClientPublicIP |
| |||||
ClientPrivateIP |
| |||||
ClientLatitude |
| |||||
ClientLongitude |
| |||||
ClientCountryCode |
| |||||
ClientZEN |
| |||||
Policy |
| |||||
Connector |
| |||||
ConnectorZEN |
| |||||
ConnectorIP |
| |||||
ConnectorPort |
| |||||
Host_str |
| |||||
Host |
|
| Host_str | |||
Application |
| |||||
AppGroup |
| |||||
Server |
| |||||
ServerIP |
| |||||
ServerPort |
| |||||
PolicyProcessingTime |
| |||||
CAProcessingTime |
| |||||
ConnectorZENSetupTime |
| |||||
ConnectionSetupTime |
| |||||
ServerSetupTime |
| |||||
AppLearnTime |
| |||||
TimestampConnectionStart |
| |||||
TimestampConnectionEnd |
| |||||
TimestampCATx |
| |||||
TimestampCARx |
| |||||
TimestampAppLearnStart |
| |||||
TimestampZENFirstRxClient |
| |||||
TimestampZENFirstTxClient |
| |||||
TimestampZENLastRxClient |
| |||||
TimestampZENLastTxClient |
| |||||
TimestampConnectorZENSetupComplete |
| |||||
TimestampZENFirstRxConnector |
| |||||
TimestampZENFirstTxConnector |
| |||||
TimestampZENLastRxConnector |
| |||||
TimestampZENLastTxConnector |
| |||||
ZENTotalBytesRxClient |
| |||||
ZENBytesRxClient |
| |||||
ZENTotalBytesTxClient |
| |||||
ZENBytesTxClient |
| |||||
ZENTotalBytesRxConnector |
| |||||
ZENBytesRxConnector |
| |||||
ZENTotalBytesTxConnector |
| |||||
ZENBytesTxConnector |
| |||||
Idp |
| |||||
NAplication |
| |||||
NApGroup |
| |||||
TimestampNApLearnStart |
| |||||
ClientToClient |
| |||||
hostchain |
| ✓ | ||||
tag |
| ✓ | ||||
rawMessage |
| ✓ |
vpn.zscaler.status_connector
Field | Type | Extra fields | Field transformation | Source field name | ||
---|---|---|---|---|---|---|
eventdate |
| |||||
hostname |
| |||||
LogTimestamp |
|
| LogTimestamp_tmp | |||
Customer |
| |||||
SessionID |
| |||||
SessionType |
| |||||
SessionStatus |
| |||||
Version |
| |||||
Platform |
| |||||
ZEN |
| |||||
Connector |
| |||||
ConnectorGroup |
| |||||
PrivateIP |
| |||||
PublicIP |
| |||||
Latitude |
| |||||
Longitude |
| |||||
CountryCode |
| |||||
TimestampAuthentication |
| |||||
TimestampUnAuthentication |
| |||||
CPUUtilization |
| |||||
MemUtilization |
| |||||
ServiceCount |
| |||||
InterfaceDefRoute |
| |||||
DefRouteGW |
| |||||
PrimaryDNSResolver |
| |||||
HostUpTime |
| |||||
ConnectorUpTime |
| |||||
NumOfInterfaces |
| |||||
BytesRxInterface |
| |||||
PacketsRxInterface |
| |||||
ErrorsRxInterface |
| |||||
DiscardsRxInterface |
| |||||
BytesTxInterface |
| |||||
PacketsTxInterface |
| |||||
ErrorsTxInterface |
| |||||
DiscardsTxInterface |
| |||||
TotalBytesRx |
| |||||
TotalBytesTx |
| |||||
hostchain |
| ✓ | ||||
tag |
| ✓ | ||||
rawMessage |
| ✓ |
vpn.zscaler.status_user
Field | Type | Extra fields | Field transformation | Source field name | ||
---|---|---|---|---|---|---|
eventdate |
| |||||
hostname |
| |||||
LogTimestamp |
|
| LogTimestamp_tmp | |||
Customer |
| |||||
Username |
| |||||
SessionID |
| |||||
SessionStatus |
| |||||
Version |
| |||||
ZEN |
| |||||
CertificateCN |
| |||||
PrivateIP |
| |||||
PublicIP |
| |||||
Latitude |
| |||||
Longitude |
| |||||
CountryCode |
| |||||
TimestampAuthentication |
| |||||
TimestampUnAuthentication |
| |||||
TotalBytesRx |
| |||||
TotalBytesTx |
| |||||
Idp |
| |||||
Hostname |
| |||||
Platform |
| |||||
ClientType |
| |||||
TrustedNetworks |
| |||||
TrustedNetworksNames |
| |||||
SAMLAttributes |
| |||||
PosturesHit |
| |||||
PosturesMisses |
| |||||
ZENLatitude |
| |||||
ZENLongitude |
| |||||
ZENCountryCode |
| |||||
hostchain |
| ✓ | ||||
tag |
| ✓ | ||||
rawMessage |
| ✓ |