proxy.zscaler
Introduction
The tags beginning with proxy.zscaler identify events generated by Zscaler products.
Tag structure
The full tag must have 4 levels. The first two are fixed as proxy.zscaler. The third level identifies the type of events sent, and the fourth level indicates the event subtype.
Technology | Brand | Type | Subtype |
---|---|---|---|
proxy | zscaler |
|
|
Therefore, the valid tags include:
- proxy.zscaler.access
- proxy.zscaler.nss
proxy.zscaler.nss_web.cef
- proxy.zscaler.nss_firewall.cef
- proxy.zscaler.nss_web.csv
- proxy.zscaler.nss_firewall.csv
- proxy.zscaler.nss_firewall.json
And these are the corresponding data tables:
- proxy.zscaler.access
- proxy.zscaler.nss
proxy.zscaler.nss_web
- proxy.zscaler.nss_firewall
How is the data sent to Devo?
You can forward logs generated by Zscaler in both CEF0 and CSV format using any Syslog drain (for example, Syslog-ng).
Please, contact Devo for support about how to configure Zscaler NSS Web / Firewall feeds' output (for example, fields order for CSV format or csX and cnX fields mapping for CEF format) before starting to use nss_web or nss_firewall parsers.
Log samples
The following are sample logs sent to each of the proxy.zscaler data tables. Also, find how the information will be parsed in your data table under each sample log.
Extra columns
Fields marked as Extra in the table below are not shown by default in data tables and need to be explicitly requested in the query. You can find them marked as Extra when you perform a query so they can be easily identified. Learn more about this in Selecting unrevealed columns.