Page Comparison

Table of Contents

maxLevel	2
type	flat

Introduction

The tags beginning with vpn.zscaler identify events generated by Zscaler Client Connector.

...

Valid tags and data tables

The full tag must have three levels. The first two are fixed asvpn.zscaler. The third level identifies the type of events sent.

Technology

Brand

Type

vpn

zscaler

access

activity

Product/Service	Tags	Data table
Zscaler	`vpn.zscaler.access`	`vpn.zscaler.access`
	`vpn.zscaler.activity`	`vpn.zscaler.activity`
	`vpn.zscaler.status_connector`	`vpn.zscaler.status_connector`
	`vpn.zscaler.status_user`	`vpn.zscaler.status_`

connector
user

Therefore, the valid tags and tables include:For more information, read more About Devo tags.

Table structure

vpn.zscaler.access

Field

Type

Extra fields

Field transformation

Source field name

eventdate

timestamp

hostname

str

LogTimestamp

timestamp

Code Block
parsedate(replace(LogTimestamp_tmp, " ", " "), dateformat("ddd MMM DD HH:mm:ss YYYY", "UTC"))

LogTimestamp_tmp

ConnectionID

str

Exporter

str

TimestampRequestReceiveStart

timestamp

TimestampRequestReceiveHeaderFinish

timestamp

TimestampRequestReceiveFinish

timestamp

TimestampRequestTransmitStart

timestamp

TimestampRequestTransmitFinish

timestamp

TimestampResponseReceiveStart

timestamp

TimestampResponseReceiveFinish

timestamp

TimestampResponseTransmitStart

timestamp

TimestampResponseTransmitFinish

timestamp

TotalTimeRequestReceive

int4

TotalTimeRequestTransmit

int4

TotalTimeResponseReceive

int4

TotalTimeResponseTransmit

int4

TotalTimeConnectionSetup

int4

TotalTimeServerResponse

int4

Method

str

Protocol

str

Host

str

URL

str

UserAgent

str

XFF

str

NameID

str

StatusCode

int4

RequestSize

int4

ResponseSize

int4

ApplicationPort

int4

ClientPublicIp

ip4

ClientPublicPort

int4

ClientPrivateIp

str

Customer

str

ConnectionStatus

str

ConnectionReason

str

hostchain

str

✓

tag

str

✓

rawMessage

str

✓

vpn.zscaler.activity

...

Field	Type	Extra fields	Field transformation	Source field name
eventdate	`timestamp`
hostname	`str`
LogTimestamp	`timestamp`

...

vpn.zscaler.status_user

Code Block
parsedate(replace(LogTimestamp_tmp, " ", " "), dateformat("ddd MMM DD HH:mm:ss YYYY", "UTC"))

LogTimestamp_tmp

Customer

str

SessionID

str

ConnectionID

str

InternalReason

str

ConnectionStatus

str

IPProtocol

int4

DoubleEncryption

int4

Username

str

ServicePort

int4

ClientPublicIP

ip4

ClientPrivateIP

str

ClientLatitude

float8

ClientLongitude

float8

ClientCountryCode

str

ClientZEN

str

Policy

str

Connector

str

ConnectorZEN

str

ConnectorIP

ip4

ConnectorPort

int4

Host_str

str

Host

ip4

Code Block
ifthenelse(Host_str -> '.', ip4(Host_str), null)

Host_str

Application

str

AppGroup

str

Server

str

ServerIP

ip4

ServerPort

int4

PolicyProcessingTime

int4

CAProcessingTime

int4

ConnectorZENSetupTime

int4

ConnectionSetupTime

int4

ServerSetupTime

int4

AppLearnTime

int4

TimestampConnectionStart

timestamp

TimestampConnectionEnd

str

TimestampCATx

timestamp

TimestampCARx

timestamp

TimestampAppLearnStart

str

TimestampZENFirstRxClient

timestamp

TimestampZENFirstTxClient

str

TimestampZENLastRxClient

timestamp

TimestampZENLastTxClient

str

TimestampConnectorZENSetupComplete

timestamp

TimestampZENFirstRxConnector

str

TimestampZENFirstTxConnector

timestamp

TimestampZENLastRxConnector

str

TimestampZENLastTxConnector

timestamp

ZENTotalBytesRxClient

int8

ZENBytesRxClient

int4

ZENTotalBytesTxClient

int4

ZENBytesTxClient

int4

ZENTotalBytesRxConnector

int4

ZENBytesRxConnector

int4

ZENTotalBytesTxConnector

int8

ZENBytesTxConnector

int4

Idp

str

NAplication

str

NApGroup

str

TimestampNApLearnStart

str

ClientToClient

str

hostchain

str

✓

tag

str

✓

rawMessage

str

✓

vpn.zscaler.status_connector

Field

Type

Extra fields

Field transformation

Source field name

eventdate

timestamp

hostname

str

LogTimestamp

timestamp

Code Block
parsedate(replace(LogTimestamp_tmp, " ", " "), dateformat("ddd MMM DD HH:mm:ss YYYY", "UTC"))

LogTimestamp_tmp

Customer

str

SessionID

str

SessionType

str

SessionStatus

str

Version

str

Platform

str

ZEN

str

Connector

str

ConnectorGroup

str

PrivateIP

ip4

PublicIP

ip4

Latitude

float8

Longitude

float8

CountryCode

str

TimestampAuthentication

timestamp

TimestampUnAuthentication

str

CPUUtilization

int4

MemUtilization

int4

ServiceCount

int4

InterfaceDefRoute

str

DefRouteGW

ip4

PrimaryDNSResolver

ip4

HostUpTime

str

ConnectorUpTime

str

NumOfInterfaces

int4

BytesRxInterface

int8

PacketsRxInterface

timestamp

ErrorsRxInterface

int4

DiscardsRxInterface

int4

BytesTxInterface

int8

PacketsTxInterface

timestamp

ErrorsTxInterface

int4

DiscardsTxInterface

int4

TotalBytesRx

int8

TotalBytesTx

int8

hostchain

str

✓

tag

str

✓

rawMessage

str

✓

vpn.zscaler.status_user

Field

Type

Extra fields

Field transformation

Source field name

eventdate

timestamp

hostname

str

LogTimestamp

timestamp

Code Block
parsedate(replace(LogTimestamp_tmp, " ", " "), dateformat("ddd MMM DD HH:mm:ss YYYY", "UTC"))

LogTimestamp_tmp

Customer

str

Username

str

SessionID

str

SessionStatus

str

Version

str

ZEN

str

CertificateCN

str

PrivateIP

str

PublicIP

ip4

Latitude

float8

Longitude

float8

CountryCode

str

TimestampAuthentication

timestamp

TimestampUnAuthentication

str

TotalBytesRx

int8

TotalBytesTx

int8

Idp

str

Hostname

str

Platform

str

ClientType

str

TrustedNetworks

str

TrustedNetworksNames

str

SAMLAttributes

str

PosturesHit

str

PosturesMisses

str

ZENLatitude

float8

ZENLongitude

float8

ZENCountryCode

str

hostchain

str

✓

tag

str

✓

rawMessage

str

✓

Versions Compared

Old Version 3

New Version Current

Key

Introduction

Valid tags and data tables

Table structure

vpn.zscaler.access

vpn.zscaler.activity

vpn.zscaler.status_connector

vpn.zscaler.status_user