LSO : Syslog - Zscaler Nano Streaming Service (Mapping Doc)
This document explains the changes required to apply new Message Processing Engine (MPE) rules developed during the Log Source Optimization (LSO) project for the Syslog - Fortinet FortiAnalyzer log source type.
Vendor Documentation
Prerequisites
Download and apply the Knowledge Base. For more information, see KB Synchronization Settings for LSO.
Enable the new MPE rules in the LogRhythm System Monitor.
Select log source type Syslog - Zscaler Nano Streaming Service.
Enable log processing policy LogRhythm Default v2.0.
For details on how to enable LogRhythm Default v2.0, see Apply LogRhythm Default v2.0 on a Log Source.
Support for Fortinet FortiGate Events
For more information, see Log Source Virtualization .
Supported Log Messages
The following table lists the log message types supported in the current MPE rules. Each page contains detailed information on parsing changes and new log processing settings.
Log Message Type | Event Type |
|---|---|
Action Query Logs | Query Information |
Catch All : Level 1 | General Information |
Catch All : Level 4 | Web Access Message |
DNS Message | General DNS Information |
General Firewall Messages | General Firewall Log |
IPSec Phase1 | General IPSec Information |
IPSec Phase2 | General IPSec Information |
Last Message Repeated | Last Message Repeated |
Network Traffic | General Network Traffic Log Message |
Tunnel Event | General TUNNEL Message |
Tunnel Messages | General TUNNEL Message |
Tunnel Samples | General TUNNEL Message |
Zscaler General Network Traffic Messages | General Network Traffic |
Zscaler Network Details | General Network Traffic Log Message |
Zscaler NSS Message | General Information |
Log Processing Policy Updates
This section details log processing policy updates made to AIE Rules, system reports, system investigations, system report templates, and system tails as part of LSO.
Updates to AIE Rules
No changes
Updates to System Reports
No changes
Updates to System Investigations
No changes
Updates to System Report Templates
No changes
Updates to System Tails
No changes