LSO: Syslog Zscaler Nano - Zscaler Network Details
Vendor Documentation
Log Fields and Parsing
This section details the log fields available in this log message type and values parsed for both LogRhythm Default and LogRhythm Default v2.0 policies. A value of "N/A" (not applicable) means that there is no value parsed for a specified log field.
Log Field | LogRhythm Default | LogRhythm Default v2.0 |
Header: Severity | <severity> <tag1> | N/A |
login | <login> <domainorigin> | <login> <domainorigin> |
dname | <dname> | <dname> |
dip | <dip> | <dip> |
sip | <sip> | <sip> |
natPublicIp | <snatip> | <dnatip> |
url | N/A | <url> |
ua | <object> | <useragent> |
proto | <protname> | <protname> |
action | N/A | <action> <tag1> |
reason | N/A | <reason> |
appName | N/A | <objectname> |
appClass | N/A | <object> |
fileType | <objecttype> | N/A |
totalSize | <size> | <size> |
malwareCat | N/A | <status> |
threatName | <threatname> | <threatname> |
riskScore | N/A | <severity> |
dept | N/A | <vendorinfo> |
reqMethod | N/A | <command> |
respCode | N/A | <responsecode> |
respversion | N/A | <version> |
urlCat | N/A | <group> <tag2> |
contenttype | N/A | <objecttype> |
devicehostname | N/A | <sname> |
deviceowner | N/A | <login> |
Log Processing Settings
This section details log processing changes made from the LogRhythm Default policy to LogRhythm Default v2.0. In some cases, base rules are broken down into sub-rules to appropriately parse log message types by their event types.
LogRhythm Default
Regex ID | Rule Name | Rule Type | Common Event | Classification |
1011877 | Zscaler Network Details | Base Rule | General Network Traffic Log Message | Network Traffic |
LogRhythm Default v2.0
Regex ID | Rule Name | Rule Type | Common Event | Classification |
1013219 | V 2.0 Web Log Events | Base Rule | General WEB Information | Information |
V 2.0: Blocked Network Traffic | Sub Rule | Traffic Denied by Network Firewall | Network Deny | |
V 2.0: Allowed Network Traffic | Sub Rule | Traffic Allowed by Network Firewall | Network Allow | |
V 2.0: Anonymizer: Blocked | Sub Rule | Traffic Denied by Network Firewall | Network Deny | |
V 2.0: Anonymizer: Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow | |
V 2.0: Blacklist: Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow | |
V 2.0: Blacklist: Blocked | Sub Rule | Traffic Denied by Network Firewall | Network Deny | |
V 2.0: Blogs: Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow | |
V 2.0: Blogs: Blocked | Sub Rule | Traffic Denied by Network Firewall | Network Deny | |
V 2.0: Business And Economy: Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow | |
V 2.0: Continuing Education/Colleges: Blocked | Sub Rule | Traffic Denied by Network Firewall | Network Deny | |
V 2.0: Continuing Education/Colleges: Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow | |
V 2.0: Business And Economy: Blocked | Sub Rule | Traffic Denied by Network Firewall | Network Deny | |
V 2.0: Corporate Marketing: Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow | |
V 2.0: Corporate Marketing: Blocked | Sub Rule | Traffic Denied by Network Firewall | Network Deny | |
V 2.0: Discussion Forums: Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow | |
V 2.0: Discussion Forums: Blocked | Sub Rule | Traffic Denied by Network Firewall | Network Deny | |
V 2.0: Education: Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow | |
V 2.0: Education: Blocked | Sub Rule | Traffic Denied by Network Firewall | Network Deny | |
V 2.0: Entertainment: Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow | |
V 2.0: Entertainment: Blocked | Sub Rule | Traffic Denied by Network Firewall | Network Deny | |
V 2.0: File Host: Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow | |
V 2.0: Finance: Blocked | Sub Rule | Traffic Denied by Network Firewall | Network Deny | |
V 2.0: Finance: Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow | |
V 2.0: File Host: Blocked | Sub Rule | Traffic Denied by Network Firewall | Network Deny | |
V 2.0: Flowserve-BlackList: Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow | |
V 2.0: Flowserve-BlackList: Blocked | Sub Rule | Traffic Denied by Network Firewall | Network Deny | |
V 2.0: Gambling: Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow | |
V 2.0: Gambling: Blocked | Sub Rule | Traffic Denied by Network Firewall | Network Deny | |
V 2.0: Games: Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow | |
V 2.0: Games: Blocked | Sub Rule | Traffic Denied by Network Firewall | Network Deny | |
V 2.0: Hobbies/Leisure: Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow | |
V 2.0: Hobbies/Leisure: Blocked | Sub Rule | Traffic Denied by Network Firewall | Network Deny | |
V 2.0: Image Host: Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow | |
V 2.0: Image Host: Blocked | Sub Rule | Traffic Denied by Network Firewall | Network Deny | |
V 2.0: Information Technology: Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow | |
V 2.0: Information Technology: Blocked | Sub Rule | Traffic Denied by Network Firewall | Network Deny | |
V 2.0: Internet Services: Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow | |
V 2.0: Internet Services: Blocked | Sub Rule | Traffic Denied by Network Firewall | Network Deny | |
V 2.0: K-12: Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow | |
V 2.0: K-12: Blocked | Sub Rule | Traffic Denied by Network Firewall | Network Deny | |
V 2.0: Miscellaneous Or Unknown: Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow | |
V 2.0: Miscellaneous Or Unknown: Blocked | Sub Rule | Traffic Denied by Network Firewall | Network Deny | |
V 2.0: Music: Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow | |
V 2.0: Music: Blocked | Sub Rule | Traffic Denied by Network Firewall | Network Deny | |
V 2.0: News And Media: Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow | |
V 2.0: News And Media: Blocked | Sub Rule | Traffic Denied by Network Firewall | Network Deny | |
V 2.0: Office_365: Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow | |
V 2.0: Office_365: Blocked | Sub Rule | Traffic Denied by Network Firewall | Network Deny | |
V 2.0: Online Chat: Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow | |
V 2.0: Online Chat: Blocked | Sub Rule | Traffic Denied by Network Firewall | Network Deny | |
V 2.0: Online Shopping: Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow | |
V 2.0: Online Shopping: Blocked | Sub Rule | Traffic Denied by Network Firewall | Network Deny | |
V 2.0: Portals: Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow | |
V 2.0: Portals: Blocked | Sub Rule | Traffic Denied by Network Firewall | Network Deny | |
V 2.0: Professional Services: Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow | |
V 2.0: Professional Services: Blocked | Sub Rule | Traffic Denied by Network Firewall | Network Deny | |
V 2.0: Radio Stations: Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow | |
V 2.0: Radio Stations: Blocked | Sub Rule | Traffic Denied by Network Firewall | Network Deny | |
V 2.0: Real Estate: Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow | |
V 2.0: Real Estate: Blocked | Sub Rule | Traffic Denied by Network Firewall | Network Deny | |
V 2.0: Reference Sites: Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow | |
V 2.0: Reference Sites: Blocked | Sub Rule | Traffic Denied by Network Firewall | Network Deny | |
V 2.0: Science/Tech: Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow | |
V 2.0: Science/Tech: Blocked | Sub Rule | Traffic Denied by Network Firewall | Network Deny | |
V 2.0: Shareware Download: Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow | |
V 2.0: Shareware Download: Blocked | Sub Rule | Traffic Denied by Network Firewall | Network Deny | |
V 2.0: Shopping And Auctions: Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow | |
V 2.0: Shopping And Auctions: Blocked | Sub Rule | Traffic Denied by Network Firewall | Network Deny | |
V 2.0: Social Networking: Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow | |
V 2.0: Social Networking: Blocked | Sub Rule | Traffic Denied by Network Firewall | Network Deny | |
V 2.0: Special Interests/Social Org.: Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow | |
V 2.0: Special Interests/Social Org.: Blocked | Sub Rule | Traffic Denied by Network Firewall | Network Deny | |
V 2.0: Sports: Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow | |
V 2.0: Sports: Blocked | Sub Rule | Traffic Denied by Network Firewall | Network Deny | |
V 2.0: Spyware/Adware: Allowed | Sub Rule | Detected Spyware Activity | Malware | |
V 2.0: Spyware/Adware: Blocked | Sub Rule | Failed Spyware Activity | Failed Malware | |
V 2.0: Streaming Media: Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow | |
V 2.0: Streaming Media: Blocked | Sub Rule | Traffic Denied by Network Firewall | Network Deny | |
V 2.0: Television/Movies: Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow | |
V 2.0: Television/Movies: Blocked | Sub Rule | Traffic Denied by Network Firewall | Network Deny | |
V 2.0: Travel: Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow | |
V 2.0: Travel: Blocked | Sub Rule | Traffic Denied by Network Firewall | Network Deny | |
V 2.0: User_Defined-Bypass_Auth.: Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow | |
V 2.0: User_Defined-Bypass_Auth.: Blocked | Sub Rule | Traffic Denied by Network Firewall | Network Deny | |
V 2.0: User_Defined-Bypass_SSL: Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow | |
V 2.0: User_Defined-Bypass_SSL: Blocked | Sub Rule | Traffic Denied by Network Firewall | Network Deny | |
V 2.0: User_Defined-O365-SSL_Bypass: Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow | |
V 2.0: User_Defined-O365-SSL_Bypass: Blocked | Sub Rule | Traffic Denied by Network Firewall | Network Deny | |
V 2.0: User-defined: Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow | |
V 2.0: User-defined: Blocked | Sub Rule | Traffic Denied by Network Firewall | Network Deny | |
V 2.0: Vehicles: Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow | |
V 2.0: Vehicles: Blocked | Sub Rule | Traffic Denied by Network Firewall | Network Deny | |
V 2.0: Web Banners: Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow | |
V 2.0: Web Banners: Blocked | Sub Rule | Traffic Denied by Network Firewall | Network Deny | |
V 2.0: Web Host: Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow | |
V 2.0: Web Host: Blocked | Sub Rule | Traffic Denied by Network Firewall | Network Deny | |
V 2.0: Web Search: Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow | |
V 2.0: Web Search: Blocked | Sub Rule | Traffic Denied by Network Firewall | Network Deny | |
V 2.0: Webmail: Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow | |
V 2.0: Webmail: Blocked | Sub Rule | Traffic Denied by Network Firewall | Network Deny |