Document toolboxDocument toolbox

netstat.zscaler

Owned by Juan Tomás Alonso Nieto (Deactivated)
Last updated: Sept 05, 2023 by Borja Moro Moreno
2 min read
[ 1 Introduction ] [ 2 Valid tags and data tables ] [ 3 Table structure ]

Introduction

The tags beginning with netstat.zscaler identify network statistic events generated by Zscaler.

Valid tags and data tables

The full tag must have at least 3 levels. The first two are fixed as netstat.zscaler. The third level corresponds to the product while the fourth identifies the type of events sent.

These are the valid tags and corresponding data tables that will receive the parsers' data:

Product/Service

Tag

Data table

Product/Service

Tag

Data table

Zscaler Analyzer

netstat.zscaler.analyzer

netstat.zscaler.analyzer

netstat.zscaler.analyzer_zpa

netstat.zscaler.analyzer_zpa

netstat.zscaler.analyzer_zpa.json

For more information, read more About Devo tags.

Table structure

These are the fields displayed in these tables:

netstat.zscaler.analyzer

Field

Type

Source field name

Extra fields

Field

Type

Source field name

Extra fields

eventdate

timestamp

 

 

machine

str

 

 

rawMessage

str

 

✓

serverdate

timestamp

 

 

priority

str

 

 

severity

str

 

 

URL

str

 

 

LoadTime

float8

 

 

CumTime

float8

 

 

newEmbeddedURL

str

 

 

message

str

rawMessage

 

hostchain

str

 

✓

tag

str

 

✓

netstat.zscaler.analyzer_zpa

Field

Type

Field Transformation

Source field name

Extra fields

Field

Type

Field Transformation

Source field name

Extra fields

eventdate

timestamp

 

 

 

machine

str

 

 

 

logTimestamp

str

 

 

 

Customer

str

 

 

 

SessionID

str

 

 

 

ConnectionID

str

ConnectionID_first_piece + "," + ConnectionID_secnd_piece

ConnectionID_secnd_piece

ConnectionID_first_piece

 

InternalReason

str

 

 

 

ConnectionStatus

str

 

 

 

IPProtocol

str

 

 

 

DoubleEncryption

str

 

 

 

Username

str

 

 

 

ServicePort

str

 

 

 

ClientPublicIP

ip4

 

 

 

ClientPrivateIP

ip4

 

 

 

ClientLatitude

float8

 

 

 

ClientLongitude

float8

 

 

 

ClientCountryCode

str

 

 

 

ClientZEN

str

 

 

 

Policy

str

 

 

 

Connector

str

 

 

 

ConnectorZEN

str

 

 

 

ConnectorIP

ip4

 

 

 

ConnectorPort

str

 

 

 

Host

str

 

 

 

Application

str

 

 

 

AppGroup

str

 

 

 

Server

str

 

 

 

ServerIP

ip4

 

 

 

ServerPort

str

 

 

 

PolicyProcessingTime

str

 

 

 

CAProcessingTime

str

 

 

 

ConnectorZENSetupTime

str

 

 

 

ConnectionSetupTime

str

 

 

 

ServerSetupTime

str

 

 

 

AppLearnTime

str

 

 

 

TimestampConnectionStart

timestamp

 

 

 

TimestampConnectionEnd

timestamp

 

 

 

TimestampCATx

timestamp

 

 

 

TimestampCARx

timestamp

 

 

 

TimestampAppLearnStart

timestamp

 

 

 

TimestampZENFirstRxClient

timestamp

 

 

 

TimestampZENFirstTxClient

timestamp

 

 

 

TimestampZENLastRxClient

timestamp

 

 

 

TimestampZENLastTxClient

timestamp

 

 

 

TimestampConnectorZENSetupComplete

timestamp

 

 

 

TimestampZENFirstRxConnector

timestamp

 

 

 

TimestampZENFirstTxConnector

timestamp

 

 

 

TimestampZENLastRxConnector

timestamp

 

 

 

TimestampZENLastTxConnector

timestamp

 

 

 

ZENTotalBytesRxClient

int8

 

 

 

ZENBytesRxClient

int8

 

 

 

ZENTotalBytesTxClient

int8

 

 

 

ZENBytesTxClient

int8

 

 

 

ZENTotalBytesRxConnector

int8

 

 

 

ZENBytesRxConnector

int8

 

 

 

ZENTotalBytesTxConnector

int8

 

 

 

ZENBytesTxConnector

int8

 

 

 

Idp

str

 

 

 

message

str

 

rawMessage

 

rawMessage

str

 

 

✓

tag

str

 

 

✓

hostchain

str

 

 

✓

Â