You are viewing an old version of this page. View the current version.
Compare with Current
View Page History
« Previous
Version 12
Next »
Introduction
The tags beginning with proxy.zscaler
identify events generated by Zscaler products belonging to Zscaler.
The full tag must have at least 3 levels. The first two are fixed as proxy.zscaler
. The third level identifies the product or event type, and the rest of them indicate the event subtypes.
These are the valid tags and corresponding data tables that will receive the parsers' data:
Product / Service | Tags | Data tables |
---|
Zscaler Secure Web Gateway (ZSGW) | proxy.zscaler.access
| proxy.zscaler.access
|
proxy.zscaler.access.json_event
|
proxy.zscaler.nss
| proxy.zscaler.nss
|
proxy.zscaler.nss_firewall.cef
| proxy.zscaler.nss_firewall
|
proxy.zscaler.nss_firewall.csv
|
proxy.zscaler.nss_firewall.json
|
proxy.zscaler.nss_web.cef
| proxy.zscaler.nss_web
|
proxy.zscaler.nss_web.csv
|
Zscaler Internet Access (ZIA) | proxy.zscaler.zia.alert.syslog
| proxy.zscaler.zia.alert
|
proxy.zscaler.zia.dns.json
| proxy.zscaler.zia.dns
|
proxy.zscaler.zia.firewall.json
| proxy.zscaler.zia.firewall
|
proxy.zscaler.zia.saas_collaboration.json
| proxy.zscaler.zia.saas_collaboration
|
proxy.zscaler.zia.saas_crm.json
| proxy.zscaler.zia.saas_crm
|
proxy.zscaler.zia.saas_email.json
| proxy.zscaler.zia.saas_email
|
proxy.zscaler.zia.saas_file.json
| proxy.zscaler.zia.saas_file
|
proxy.zscaler.zia.saas_itsm.json
| proxy.zscaler.zia.saas_itsm
|
proxy.zscaler.zia.saas_repository.json
| proxy.zscaler.zia.saas_repository
|
proxy.zscaler.zia.tunnel
| proxy.zscaler.zia.tunnel
|
proxy.zscaler.zia.tunnel.json
|
proxy.zscaler.zia.web
| proxy.zscaler.zia.web
|
proxy.zscaler.zia.web.json
|
For more information, read more About Devo tags.
How is the data sent to Devo?
You can forward logs generated by Zscaler in both CEF0 and CSV format using any Syslog drain (for example, Syslog-ng).
Zscaler Internet Access (ZIA)
Logs generated by ZIA must be sent to the Devo platform via the Devo Relay to secure communication. See the required relay rules below and see how to define them here.
Relay rule 1 - Alerts
Source port → as required
Target tag → proxy.zscaler.zia.alert.syslog
Max packet size (bytes) → 5120
Select the Sent without syslog tag checkbox.
Relay rule 2 - DNS
Source port → as required
Target tag → proxy.zscaler.zia.dns.json
Max packet size (bytes) → 5120
Select the Sent without syslog tag checkbox.
Relay rule 4 - Firewall
Source port → as required
Target tag → proxy.zscaler.zia.firewall.json
Max packet size (bytes) → 5120
Select the Sent without syslog tag checkbox.
Relay rule 4 - SaaS Collaboration
Source port → as required
Target tag → proxy.zscaler.zia.saas_collaboration.json
Max packet size (bytes) → 5120
Select the Sent without syslog tag checkbox.
Relay rule 5 - SaaS CRM
Source port → as required
Target tag → proxy.zscaler.zia.saas_crm.json
Max packet size (bytes) → 5120
Select the Sent without syslog tag checkbox.
Relay rule 6 - SaaS Email
Source port → as required
Target tag → proxy.zscaler.zia.saas_email.json
Max packet size (bytes) → 5120
Select the Sent without syslog tag checkbox.
Relay rule 7 - SaaS File
Source port → as required
Target tag → proxy.zscaler.zia.saas_file.json
Max packet size (bytes) → 5120
Select the Sent without syslog tag checkbox.
Relay rule 8 - SaaS ITSM
Source port → as required
Target tag → proxy.zscaler.zia.saas_itsm.json
Max packet size (bytes) → 5120
Select the Sent without syslog tag checkbox.
Relay rule 9 - SaaS Repository
Source port → as required
Target tag → proxy.zscaler.zia.saas_repository.json
Max packet size (bytes) → 5120
Select the Sent without syslog tag checkbox.
Relay rule 10 - Tunnel
Source port → as required
Target tag → proxy.zscaler.zia.tunnel.json
Max packet size (bytes) → 5120
Select the Sent without syslog tag checkbox.
Relay rule 11 - Web
Source port → as required
Target tag → proxy.zscaler.zia.web.json
Max packet size (bytes) → 5120
Select the Sent without syslog tag checkbox.
Table structure
These are the fields displayed in these tables: