Skip to main content
Skip table of contents

LSO: Syslog Zscaler Nano - Zscaler Network Details

Vendor Documentation

Log Fields and Parsing

This section details the log fields available in this log message type and values parsed for both LogRhythm Default and LogRhythm Default v2.0 policies. A value of "N/A" (not applicable) means that there is no value parsed for a specified log field.

Log Field

LogRhythm Default

LogRhythm Default v2.0

Header: Severity

<severity>

<tag1>

N/A

login

<login>

<domainorigin>

<login>

<domainorigin>

dname

<dname>

<dname>

dip

<dip>

<dip>

sip

<sip>

<sip>

natPublicIp

<snatip>

<dnatip>

url

N/A

<url>

ua

<object>

<useragent>

proto

<protname>

<protname>

action

N/A

<action>

<tag1>

reason

N/A

<reason>

appName

N/A

<objectname>

appClass

N/A

<object>

fileType

<objecttype>

N/A

totalSize

<size>

<size>

malwareCat

N/A

<status>

threatName

<threatname>

<threatname>

riskScore

N/A

<severity>

dept

N/A

<vendorinfo>

reqMethod

N/A

<command>

respCode

N/A

<responsecode>

respversion

N/A

<version>

urlCat

N/A

<group>

<tag2>

contenttype

N/A

<objecttype>

devicehostname

N/A

<sname>

deviceowner

N/A

<login>

Log Processing Settings

This section details log processing changes made from the LogRhythm Default policy to LogRhythm Default v2.0. In some cases, base rules are broken down into sub-rules to appropriately parse log message types by their event types.

LogRhythm Default

Regex ID

Rule Name

Rule Type

Common Event

Classification

1011877

Zscaler Network Details

Base Rule

General Network Traffic Log Message

Network Traffic

LogRhythm Default v2.0

Regex ID

Rule Name

Rule Type

Common Event

Classification

1013219

V 2.0 Web Log Events

Base Rule

General WEB Information

Information

V 2.0: Blocked Network Traffic

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: Allowed Network Traffic

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: Anonymizer: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: Anonymizer: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: Blacklist: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: Blacklist: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: Blogs: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: Blogs: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: Business And Economy: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: Continuing Education/Colleges: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: Continuing Education/Colleges: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: Business And Economy: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: Corporate Marketing: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: Corporate Marketing: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: Discussion Forums: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: Discussion Forums: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: Education: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: Education: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: Entertainment: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: Entertainment: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: File Host: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: Finance: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: Finance: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: File Host: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: Flowserve-BlackList: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: Flowserve-BlackList: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: Gambling: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: Gambling: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: Games: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: Games: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: Hobbies/Leisure: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: Hobbies/Leisure: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: Image Host: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: Image Host: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: Information Technology: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: Information Technology: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: Internet Services: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: Internet Services: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: K-12: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: K-12: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: Miscellaneous Or Unknown: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: Miscellaneous Or Unknown: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: Music: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: Music: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: News And Media: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: News And Media: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: Office_365: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: Office_365: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: Online Chat: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: Online Chat: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: Online Shopping: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: Online Shopping: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: Portals: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: Portals: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: Professional Services: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: Professional Services: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: Radio Stations: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: Radio Stations: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: Real Estate: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: Real Estate: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: Reference Sites: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: Reference Sites: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: Science/Tech: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: Science/Tech: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: Shareware Download: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: Shareware Download: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: Shopping And Auctions: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: Shopping And Auctions: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: Social Networking: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: Social Networking: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: Special Interests/Social Org.: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: Special Interests/Social Org.: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: Sports: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: Sports: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: Spyware/Adware: Allowed

Sub Rule

Detected Spyware Activity

Malware

V 2.0: Spyware/Adware: Blocked

Sub Rule

Failed Spyware Activity

Failed Malware

V 2.0: Streaming Media: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: Streaming Media: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: Television/Movies: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: Television/Movies: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: Travel: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: Travel: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: User_Defined-Bypass_Auth.: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: User_Defined-Bypass_Auth.: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: User_Defined-Bypass_SSL: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: User_Defined-Bypass_SSL: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: User_Defined-O365-SSL_Bypass: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: User_Defined-O365-SSL_Bypass: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: User-defined: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: User-defined: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: Vehicles: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: Vehicles: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: Web Banners: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: Web Banners: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: Web Host: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: Web Host: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: Web Search: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: Web Search: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: Webmail: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: Webmail: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.