Document toolboxDocument toolbox

vpn.zscaler

Owned by Juan Tomás Alonso Nieto (Deactivated)
Last updated: Aug 18, 2023 by Sarah Bigault (Deactivated)
1 min read
[ 1 Introduction ] [ 2 Valid tags and data tables ] [ 3 Table structure ]

Introduction

The tags beginning with vpn.zscaler identify events generated by Zscaler Client Connector.

Valid tags and data tables

The full tag must have three levels. The first two are fixed as vpn.zscaler. The third level identifies the type of events sent.

Product/Service

Tags

Data table

Product/Service

Tags

Data table

Zscaler

vpn.zscaler.access

vpn.zscaler.access

vpn.zscaler.activity

vpn.zscaler.activity

vpn.zscaler.status_connector

vpn.zscaler.status_connector

vpn.zscaler.status_user

vpn.zscaler.status_user

For more information, read more About Devo tags.

Table structure

vpn.zscaler.access

Field

Type

Extra fields

Field transformation

Source field name

Field

Type

Extra fields

Field transformation

Source field name

eventdate

timestamp

 

 

 

hostname

str

 

 

 

LogTimestamp

timestamp

 

parsedate(replace(LogTimestamp_tmp, " ", " "), dateformat("ddd MMM DD HH:mm:ss YYYY", "UTC"))

 

LogTimestamp_tmp

ConnectionID

str

 

 

 

Exporter

str

 

 

 

TimestampRequestReceiveStart

timestamp

 

 

 

TimestampRequestReceiveHeaderFinish

timestamp

 

 

 

TimestampRequestReceiveFinish

timestamp

 

 

 

TimestampRequestTransmitStart

timestamp

 

 

 

TimestampRequestTransmitFinish

timestamp

 

 

 

TimestampResponseReceiveStart

timestamp

 

 

 

TimestampResponseReceiveFinish

timestamp

 

 

 

TimestampResponseTransmitStart

timestamp

 

 

 

TimestampResponseTransmitFinish

timestamp

 

 

 

TotalTimeRequestReceive

int4

 

 

 

TotalTimeRequestTransmit

int4

 

 

 

TotalTimeResponseReceive

int4

 

 

 

TotalTimeResponseTransmit

int4

 

 

 

TotalTimeConnectionSetup

int4

 

 

 

TotalTimeServerResponse

int4

 

 

 

Method

str

 

 

 

Protocol

str

 

 

 

Host

str

 

 

 

URL

str

 

 

 

UserAgent

str

 

 

 

XFF

str

 

 

 

NameID

str

 

 

 

StatusCode

int4

 

 

 

RequestSize

int4

 

 

 

ResponseSize

int4

 

 

 

ApplicationPort

int4

 

 

 

ClientPublicIp

ip4

 

 

 

ClientPublicPort

int4

 

 

 

ClientPrivateIp

str

 

 

 

Customer

str

 

 

 

ConnectionStatus

str

 

 

 

ConnectionReason

str

 

 

 

hostchain

str

✓

 

 

tag

str

✓

 

 

rawMessage

str

✓

 

 

vpn.zscaler.activity

Field

Type

Extra fields

Field transformation

Source field name

Field

Type

Extra fields

Field transformation

Source field name

eventdate

timestamp

 

 

 

hostname

str

 

 

 

LogTimestamp

timestamp

 

parsedate(replace(LogTimestamp_tmp, " ", " "), dateformat("ddd MMM DD HH:mm:ss YYYY", "UTC"))

 

LogTimestamp_tmp

Customer

str

 

 

 

SessionID

str

 

 

 

ConnectionID

str

 

 

 

InternalReason

str

 

 

 

ConnectionStatus

str

 

 

 

IPProtocol

int4

 

 

 

DoubleEncryption

int4

 

 

 

Username

str

 

 

 

ServicePort

int4

 

 

 

ClientPublicIP

ip4

 

 

 

ClientPrivateIP

str

 

 

 

ClientLatitude

float8

 

 

 

ClientLongitude

float8

 

 

 

ClientCountryCode

str

 

 

 

ClientZEN

str

 

 

 

Policy

str

 

 

 

Connector

str

 

 

 

ConnectorZEN

str

 

 

 

ConnectorIP

ip4

 

 

 

ConnectorPort

int4

 

 

 

Host_str

str

 

 

 

Host

ip4

 

ifthenelse(Host_str -> '.', ip4(Host_str), null)

 

Host_str

Application

str

 

 

 

AppGroup

str

 

 

 

Server

str

 

 

 

ServerIP

ip4

 

 

 

ServerPort

int4

 

 

 

PolicyProcessingTime

int4

 

 

 

CAProcessingTime

int4

 

 

 

ConnectorZENSetupTime

int4

 

 

 

ConnectionSetupTime

int4

 

 

 

ServerSetupTime

int4

 

 

 

AppLearnTime

int4

 

 

 

TimestampConnectionStart

timestamp

 

 

 

TimestampConnectionEnd

str

 

 

 

TimestampCATx

timestamp

 

 

 

TimestampCARx

timestamp

 

 

 

TimestampAppLearnStart

str

 

 

 

TimestampZENFirstRxClient

timestamp

 

 

 

TimestampZENFirstTxClient

str

 

 

 

TimestampZENLastRxClient

timestamp

 

 

 

TimestampZENLastTxClient

str

 

 

 

TimestampConnectorZENSetupComplete

timestamp

 

 

 

TimestampZENFirstRxConnector

str

 

 

 

TimestampZENFirstTxConnector

timestamp

 

 

 

TimestampZENLastRxConnector

str

 

 

 

TimestampZENLastTxConnector

timestamp

 

 

 

ZENTotalBytesRxClient

int8

 

 

 

ZENBytesRxClient

int4

 

 

 

ZENTotalBytesTxClient

int4

 

 

 

ZENBytesTxClient

int4

 

 

 

ZENTotalBytesRxConnector

int4

 

 

 

ZENBytesRxConnector

int4

 

 

 

ZENTotalBytesTxConnector

int8

 

 

 

ZENBytesTxConnector

int4

 

 

 

Idp

str

 

 

 

NAplication

str

 

 

 

NApGroup

str

 

 

 

TimestampNApLearnStart

str

 

 

 

ClientToClient

str

 

 

 

hostchain

str

✓

 

 

tag

str

✓

 

 

rawMessage

str

✓

 

 

vpn.zscaler.status_connector

Field

Type

Extra fields

Field transformation

Source field name

Field

Type

Extra fields

Field transformation

Source field name

eventdate

timestamp

 

 

 

hostname

str

 

 

 

LogTimestamp

timestamp

 

 

LogTimestamp_tmp

Customer

str

 

 

 

SessionID

str

 

 

 

SessionType

str

 

 

 

SessionStatus

str

 

 

 

Version

str

 

 

 

Platform

str

 

 

 

ZEN

str

 

 

 

Connector

str

 

 

 

ConnectorGroup

str

 

 

 

PrivateIP

ip4

 

 

 

PublicIP

ip4

 

 

 

Latitude

float8

 

 

 

Longitude

float8

 

 

 

CountryCode

str

 

 

 

TimestampAuthentication

timestamp

 

 

 

TimestampUnAuthentication

str

 

 

 

CPUUtilization

int4

 

 

 

MemUtilization

int4

 

 

 

ServiceCount

int4

 

 

 

InterfaceDefRoute

str

 

 

 

DefRouteGW

ip4

 

 

 

PrimaryDNSResolver

ip4

 

 

 

HostUpTime

str

 

 

 

ConnectorUpTime

str

 

 

 

NumOfInterfaces

int4

 

 

 

BytesRxInterface

int8

 

 

 

PacketsRxInterface

timestamp

 

 

 

ErrorsRxInterface

int4

 

 

 

DiscardsRxInterface

int4

 

 

 

BytesTxInterface

int8

 

 

 

PacketsTxInterface

timestamp

 

 

 

ErrorsTxInterface

int4

 

 

 

DiscardsTxInterface

int4

 

 

 

TotalBytesRx

int8

 

 

 

TotalBytesTx

int8

 

 

 

hostchain

str

✓

 

 

tag

str

✓

 

 

rawMessage

str

✓

 

 

vpn.zscaler.status_user

Field

Type

Extra fields

Field transformation

Source field name

Field

Type

Extra fields

Field transformation

Source field name

eventdate

timestamp

 

 

 

hostname

str

 

 

 

LogTimestamp

timestamp

 

 

LogTimestamp_tmp

Customer

str

 

 

 

Username

str

 

 

 

SessionID

str

 

 

 

SessionStatus

str

 

 

 

Version

str

 

 

 

ZEN

str

 

 

 

CertificateCN

str

 

 

 

PrivateIP

str

 

 

 

PublicIP

ip4

 

 

 

Latitude

float8

 

 

 

Longitude

float8

 

 

 

CountryCode

str

 

 

 

TimestampAuthentication

timestamp

 

 

 

TimestampUnAuthentication

str

 

 

 

TotalBytesRx

int8

 

 

 

TotalBytesTx

int8

 

 

 

Idp

str

 

 

 

Hostname

str

 

 

 

Platform

str

 

 

 

ClientType

str

 

 

 

TrustedNetworks

str

 

 

 

TrustedNetworksNames

str

 

 

 

SAMLAttributes

str

 

 

 

PosturesHit

str

 

 

 

PosturesMisses

str

 

 

 

ZENLatitude

float8

 

 

 

ZENLongitude

float8

 

 

 

ZENCountryCode

str

 

 

 

hostchain

str

✓

 

 

tag

str

✓

 

 

rawMessage

str

✓

 

Â