Skip to main content
Skip table of contents

LSO: Syslog Zscaler Nano - Network Traffic

Vendor Documentation

https://help.zscaler.com/zia/documentation-knowledgebase/analytics/nss/nss-feeds/formatting-nss-feeds

Log Fields and Parsing

This section details the log fields available in this log message type and values parsed for both LogRhythm Default and LogRhythm Default v2.0 policies. A value of "N/A" (not applicable) means that there is no value parsed for a specified log field.

Log Field

LogRhythm Default

LogRhythm Default v2.0

login

<login>

<login>

<domainorigin>

dname

<domainimpacted>

<dname>

dip

<dip>

<dip>

sip

<sip>

<sip>

natPublicIp

<snatip>

<dnatip>

url

<dport>

N/A

url

<url>

<url>

ua

<useragent>

<object>

<useragent>

module

<subject>

N/A

proto

<protname>

<protname>

action

<action>

<tag1>

<action>

<tag1>

reason

<reason>

<reason>

appName

<parentprocessname>

<objectname>

appClass

N/A

<object>

fileType

<objecttype>

N/A

reqSize

<bytesin>

N/A

responseSize

<bytesout>

N/A

totalSize

<size>

<size>

malwareCat

<status>

<status>

threatName

<threatname>

<threatname>

filename

<objectname>

N/A

bamd5

<hash>

N/A

riskScore

<severity>

<severity>

location

<sinterface>

N/A

dept

N/A

<vendorinfo>

reqMethod

<command>

<command>

respCode

<responsecode>

<responsecode>

respversion

N/A

<version>

urlClass

<policy>

N/A

urlSuperCat

<session>

N/A

urlCat

<group>

<tag2>

<group>

<tag2>

referer

<vendorinfo>

N/A

contenttype

N/A

<objecttype>

devicehostname

<sname>

<sname>

deviceowner

N/A

<login>

devicemodel

<serialnumber>

N/A

deviceosversion

<version>

N/A

Log Processing Settings

This section details log processing changes made from the LogRhythm Default policy to LogRhythm Default v2.0. In some cases, base rules are broken down into sub-rules to appropriately parse log message types by their event types.

LogRhythm Default

Regex ID

Rule Name

Rule Type

Common Event

Classification

1008299

Network Traffic

Base Rule

General Network Traffic Log Message

Network Traffic

Blocked Network Traffic

Sub Rule

Traffic Denied by Network Firewall

Network Deny

Allowed Network Traffic

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

Anonymizer: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

Anonymizer: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

Blacklist: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

Blacklist: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

Blogs: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

Blogs: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

Business and Economy: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

Continuing Education/Colleges: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

Continuing Education/Colleges: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

Business and Economy: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

Corporate Marketing: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

Corporate Marketing: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

Discussion Forums: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

Discussion Forums: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

Education: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

Education: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

Entertainment: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

Entertainment: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

File Host: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

Finance: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

Finance: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

File Host: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

Flowserve-BlackList: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

Flowserve-BlackList: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

Gambling: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

Gambling: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

Games: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

Games: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

Hobbies/Leisure: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

Hobbies/Leisure: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

Image Host: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

Image Host: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

Information Technology: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

Information Technology: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

Internet Services: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

Internet Services: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

K-12: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

K-12: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

Miscellaneous or Unknown: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

Miscellaneous or Unknown: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

Music: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

Music: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

News and Media: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

News and Media: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

Office_365: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

Office_365: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

Online Chat: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

Online Chat: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

Online Shopping: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

Online Shopping: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

Portals: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

Portals: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

Professional Services: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

Professional Services: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

Radio Stations: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

Radio Stations: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

Real Estate: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

Real Estate: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

Reference Sites: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

Reference Sites: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

Science/Tech: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

Science/Tech: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

Shareware Download: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

Shareware Download: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

Shopping and Auctions: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

Shopping and Auctions: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

Social Networking: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

Social Networking: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

Special Interests/Social Organizations: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

Special Interests/Social Organizations: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

Sports: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

Sports: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

Spyware/Adware: Allowed

Sub Rule

Detected Spyware Activity

Malware

Spyware/Adware: Blocked

Sub Rule

Failed Spyware Activity

Failed Malware

Streaming Media: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

Streaming Media: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

Television/Movies: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

Television/Movies: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

Travel: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

Travel: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

User_Defined-Bypass_Authentication: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

User_Defined-Bypass_Authentication: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

User_Defined-Bypass_SSL: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

User_Defined-Bypass_SSL: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

User_Defined-O365-SSL_Bypass: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

User_Defined-O365-SSL_Bypass: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

User-defined: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

User-defined: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

Vehicles: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

Vehicles: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

Web Banners: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

Web Banners: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

Web Host: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

Web Host: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

Web Search: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

Web Search: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

Webmail: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

Webmail: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

LogRhythm Default v2.0

Regex ID

Rule Name

Rule Type

Common Event

Classification

1013219

V 2.0 Web Log Events

Base Rule

General WEB Information

Information

V 2.0: Blocked Network Traffic

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: Allowed Network Traffic

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: Anonymizer: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: Anonymizer: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: Blacklist: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: Blacklist: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: Blogs: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: Blogs: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: Business And Economy: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: Continuing Education/Colleges: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: Continuing Education/Colleges: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: Business And Economy: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: Corporate Marketing: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: Corporate Marketing: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: Discussion Forums: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: Discussion Forums: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: Education: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: Education: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: Entertainment: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: Entertainment: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: File Host: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: Finance: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: Finance: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: File Host: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: Flowserve-BlackList: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: Flowserve-BlackList: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: Gambling: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: Gambling: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: Games: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: Games: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: Hobbies/Leisure: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: Hobbies/Leisure: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: Image Host: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: Image Host: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: Information Technology: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: Information Technology: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: Internet Services: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: Internet Services: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: K-12: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: K-12: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: Miscellaneous Or Unknown: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: Miscellaneous Or Unknown: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: Music: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: Music: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: News And Media: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: News And Media: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: Office_365: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: Office_365: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: Online Chat: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: Online Chat: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: Online Shopping: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: Online Shopping: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: Portals: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: Portals: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: Professional Services: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: Professional Services: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: Radio Stations: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: Radio Stations: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: Real Estate: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: Real Estate: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: Reference Sites: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: Reference Sites: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: Science/Tech: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: Science/Tech: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: Shareware Download: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: Shareware Download: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: Shopping And Auctions: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: Shopping And Auctions: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: Social Networking: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: Social Networking: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: Special Interests/Social Org.: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: Special Interests/Social Org.: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: Sports: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: Sports: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: Spyware/Adware: Allowed

Sub Rule

Detected Spyware Activity

Malware

V 2.0: Spyware/Adware: Blocked

Sub Rule

Failed Spyware Activity

Failed Malware

V 2.0: Streaming Media: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: Streaming Media: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: Television/Movies: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: Television/Movies: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: Travel: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: Travel: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: User_Defined-Bypass_Auth.: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: User_Defined-Bypass_Auth.: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: User_Defined-Bypass_SSL: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: User_Defined-Bypass_SSL: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: User_Defined-O365-SSL_Bypass: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: User_Defined-O365-SSL_Bypass: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: User-defined: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: User-defined: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: Vehicles: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: Vehicles: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: Web Banners: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: Web Banners: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: Web Host: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: Web Host: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: Web Search: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: Web Search: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: Webmail: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: Webmail: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close