Vendor Documentation
Classification
|
Rule Name |
Rule Type |
Common Event |
Classification |
|---|---|---|---|
|
V 2.0 Tunnel Log Events |
Base Rule |
General TUNNEL Message |
Information |
Mapping with LogRhythm Schema
|
Device Key in Log Message |
LogRhythm Schema |
Data Type |
Schema Description |
|
datetimeA41:A53B10A41:A52A4A41:A50 |
N/A |
N/A |
Time and date of the transaction. This excludes the time zone. |
|
tunnelactionname |
<action> |
Text/String |
Equals WL_TUNNEL_EVENT for this record type. |
|
tunneltype |
<object> |
Text/String |
Tunnel type. |
|
vpncredentialname |
N/A |
N/A |
VPN credential name for IPSec tunnel. |
|
locationname |
N/A |
N/A |
Location name. |
|
sourceip |
<sip> |
IP Address |
Source IP. |
|
destvip |
<dip> |
IP Address |
Operations : Information : A41:A50 |
|
srcport |
<sport> |
Number |
Source port. |
|
txbytes |
<bytesout> |
Number |
Bytes transmitted in 60-second sample window (from Zscaler to customer). |
|
rxbytes |
<bytesin> |
Number |
Bytes received in 60-second sample window (by Zscaler from customer). |
|
dpdrec |
<packets> |
Number |
Number of DPD packets received in 60-second sample window. |
|
recordid |
N/A |
IP Address |
Unique record identifier for each log. |