Syslog Zscaler Nano - V 2.0 Tunnel Log Events
Vendor Documentation
Classification
Rule Name | Rule Type | Common Event | Classification |
|---|---|---|---|
V 2.0 Tunnel Log Events | Base Rule | General TUNNEL Message | Information |
Mapping with LogRhythm Schema
Device Key in Log Message | LogRhythm Schema | Data Type | Schema Description |
datetimeA41:A53B10A41:A52A4A41:A50 | N/A | N/A | Time and date of the transaction. This excludes the time zone. |
tunnelactionname | <action> | Text/String | Equals WL_TUNNEL_EVENT for this record type. |
tunneltype | <object> | Text/String | Tunnel type. |
vpncredentialname | N/A | N/A | VPN credential name for IPSec tunnel. |
locationname | N/A | N/A | Location name. |
sourceip | <sip> | IP Address | Source IP. |
destvip | <dip> | IP Address | Operations : Information : A41:A50 |
srcport | <sport> | Number | Source port. |
txbytes | <bytesout> | Number | Bytes transmitted in 60-second sample window (from Zscaler to customer). |
rxbytes | <bytesin> | Number | Bytes received in 60-second sample window (by Zscaler from customer). |
dpdrec | <packets> | Number | Number of DPD packets received in 60-second sample window. |
recordid | N/A | IP Address | Unique record identifier for each log. |