vpn.zscaler

[ 1 Introduction ] [ 2 Valid tags and data tables ] [ 3 Table structure ]

Introduction

The tags beginning with vpn.zscaler identify events generated by Zscaler Client Connector.

Valid tags and data tables

The full tag must have three levels. The first two are fixed as vpn.zscaler. The third level identifies the type of events sent.

Product/Service	Tags	Data table

Product/Service	Tags	Data table
Zscaler	`vpn.zscaler.access`	`vpn.zscaler.access`
	`vpn.zscaler.activity`	`vpn.zscaler.activity`
	`vpn.zscaler.status_connector`	`vpn.zscaler.status_connector`
	`vpn.zscaler.status_user`	`vpn.zscaler.status_user`

For more information, read more About Devo tags.

Table structure

vpn.zscaler.access

Field	Type	Extra fields	Field transformation	Source field name

Field	Type	Extra fields	Field transformation	Source field name
eventdate	`timestamp`
hostname	`str`
LogTimestamp	`timestamp`		`parsedate(replace(LogTimestamp_tmp, " ", " "), dateformat("ddd MMM DD HH:mm:ss YYYY", "UTC"))`	LogTimestamp_tmp
ConnectionID	`str`
Exporter	`str`
TimestampRequestReceiveStart	`timestamp`
TimestampRequestReceiveHeaderFinish	`timestamp`
TimestampRequestReceiveFinish	`timestamp`
TimestampRequestTransmitStart	`timestamp`
TimestampRequestTransmitFinish	`timestamp`
TimestampResponseReceiveStart	`timestamp`
TimestampResponseReceiveFinish	`timestamp`
TimestampResponseTransmitStart	`timestamp`
TimestampResponseTransmitFinish	`timestamp`
TotalTimeRequestReceive	`int4`
TotalTimeRequestTransmit	`int4`
TotalTimeResponseReceive	`int4`
TotalTimeResponseTransmit	`int4`
TotalTimeConnectionSetup	`int4`
TotalTimeServerResponse	`int4`
Method	`str`
Protocol	`str`
Host	`str`
URL	`str`
UserAgent	`str`
XFF	`str`
NameID	`str`
StatusCode	`int4`
RequestSize	`int4`
ResponseSize	`int4`
ApplicationPort	`int4`
ClientPublicIp	`ip4`
ClientPublicPort	`int4`
ClientPrivateIp	`str`
Customer	`str`
ConnectionStatus	`str`
ConnectionReason	`str`
hostchain	`str`	✓
tag	`str`	✓
rawMessage	`str`	✓

vpn.zscaler.activity

Field	Type	Extra fields	Field transformation	Source field name

Field	Type	Extra fields	Field transformation	Source field name
eventdate	`timestamp`
hostname	`str`
LogTimestamp	`timestamp`		`parsedate(replace(LogTimestamp_tmp, " ", " "), dateformat("ddd MMM DD HH:mm:ss YYYY", "UTC"))`	LogTimestamp_tmp
Customer	`str`
SessionID	`str`
ConnectionID	`str`
InternalReason	`str`
ConnectionStatus	`str`
IPProtocol	`int4`
DoubleEncryption	`int4`
Username	`str`
ServicePort	`int4`
ClientPublicIP	`ip4`
ClientPrivateIP	`str`
ClientLatitude	`float8`
ClientLongitude	`float8`
ClientCountryCode	`str`
ClientZEN	`str`
Policy	`str`
Connector	`str`
ConnectorZEN	`str`
ConnectorIP	`ip4`
ConnectorPort	`int4`
Host_str	`str`
Host	`ip4`		`ifthenelse(Host_str -> '.', ip4(Host_str), null)`	Host_str
Application	`str`
AppGroup	`str`
Server	`str`
ServerIP	`ip4`
ServerPort	`int4`
PolicyProcessingTime	`int4`
CAProcessingTime	`int4`
ConnectorZENSetupTime	`int4`
ConnectionSetupTime	`int4`
ServerSetupTime	`int4`
AppLearnTime	`int4`
TimestampConnectionStart	`timestamp`
TimestampConnectionEnd	`str`
TimestampCATx	`timestamp`
TimestampCARx	`timestamp`
TimestampAppLearnStart	`str`
TimestampZENFirstRxClient	`timestamp`
TimestampZENFirstTxClient	`str`
TimestampZENLastRxClient	`timestamp`
TimestampZENLastTxClient	`str`
TimestampConnectorZENSetupComplete	`timestamp`
TimestampZENFirstRxConnector	`str`
TimestampZENFirstTxConnector	`timestamp`
TimestampZENLastRxConnector	`str`
TimestampZENLastTxConnector	`timestamp`
ZENTotalBytesRxClient	`int8`
ZENBytesRxClient	`int4`
ZENTotalBytesTxClient	`int4`
ZENBytesTxClient	`int4`
ZENTotalBytesRxConnector	`int4`
ZENBytesRxConnector	`int4`
ZENTotalBytesTxConnector	`int8`
ZENBytesTxConnector	`int4`
Idp	`str`
NAplication	`str`
NApGroup	`str`
TimestampNApLearnStart	`str`
ClientToClient	`str`
hostchain	`str`	✓
tag	`str`	✓
rawMessage	`str`	✓

vpn.zscaler.status_connector

Field	Type	Extra fields	Field transformation	Source field name

Field	Type	Extra fields	Source field name
eventdate	`timestamp`
hostname	`str`
LogTimestamp	`timestamp`		LogTimestamp_tmp
Customer	`str`
SessionID	`str`
SessionType	`str`
SessionStatus	`str`
Version	`str`
Platform	`str`
ZEN	`str`
Connector	`str`
ConnectorGroup	`str`
PrivateIP	`ip4`
PublicIP	`ip4`
Latitude	`float8`
Longitude	`float8`
CountryCode	`str`
TimestampAuthentication	`timestamp`
TimestampUnAuthentication	`str`
CPUUtilization	`int4`
MemUtilization	`int4`
ServiceCount	`int4`
InterfaceDefRoute	`str`
DefRouteGW	`ip4`
PrimaryDNSResolver	`ip4`
HostUpTime	`str`
ConnectorUpTime	`str`
NumOfInterfaces	`int4`
BytesRxInterface	`int8`
PacketsRxInterface	`timestamp`
ErrorsRxInterface	`int4`
DiscardsRxInterface	`int4`
BytesTxInterface	`int8`
PacketsTxInterface	`timestamp`
ErrorsTxInterface	`int4`
DiscardsTxInterface	`int4`
TotalBytesRx	`int8`
TotalBytesTx	`int8`
hostchain	`str`	✓
tag	`str`	✓
rawMessage	`str`	✓

vpn.zscaler.status_user

Field	Type	Extra fields	Field transformation	Source field name

Field	Type	Extra fields	Source field name
eventdate	`timestamp`
hostname	`str`
LogTimestamp	`timestamp`		LogTimestamp_tmp
Customer	`str`
Username	`str`
SessionID	`str`
SessionStatus	`str`
Version	`str`
ZEN	`str`
CertificateCN	`str`
PrivateIP	`str`
PublicIP	`ip4`
Latitude	`float8`
Longitude	`float8`
CountryCode	`str`
TimestampAuthentication	`timestamp`
TimestampUnAuthentication	`str`
TotalBytesRx	`int8`
TotalBytesTx	`int8`
Idp	`str`
Hostname	`str`
Platform	`str`
ClientType	`str`
TrustedNetworks	`str`
TrustedNetworksNames	`str`
SAMLAttributes	`str`
PosturesHit	`str`
PosturesMisses	`str`
ZENLatitude	`float8`
ZENLongitude	`float8`
ZENCountryCode	`str`
hostchain	`str`	✓
tag	`str`	✓
rawMessage	`str`	✓