Skip to main content
Skip table of contents

Syslog Zscaler Nano - V 2.0 Web Log Events

Vendor Documentation

https://help.zscaler.com/zia/nss-feed-output-format-web-logs

Classification

Rule Name

Rule Type

Common Event

Classification

V 2.0 Web Log Events

Base Rule

General WEB Information

Information

V 2.0: Blocked Network Traffic

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: Allowed Network Traffic

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: Anonymizer: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: Anonymizer: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: Blacklist: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: Blacklist: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: Blogs: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: Blogs: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: Business And Economy: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: Continuing Education/Colleges: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: Continuing Education/Colleges: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: Business And Economy: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: Corporate Marketing: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: Corporate Marketing: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: Discussion Forums: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: Discussion Forums: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: Education: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: Education: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: Entertainment: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: Entertainment: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: File Host: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: Finance: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: Finance: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: File Host: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: Flowserve-BlackList: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: Flowserve-BlackList: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: Gambling: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: Gambling: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: Games: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: Games: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: Hobbies/Leisure: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: Hobbies/Leisure: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: Image Host: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: Image Host: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: Information Technology: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: Information Technology: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: Internet Services: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: Internet Services: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: K-12: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: K-12: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: Miscellaneous Or Unknown: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: Miscellaneous Or Unknown: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: Music: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: Music: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: News And Media: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: News And Media: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: Office_365: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: Office_365: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: Online Chat: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: Online Chat: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: Online Shopping: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: Online Shopping: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: Portals: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: Portals: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: Professional Services: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: Professional Services: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: Radio Stations: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: Radio Stations: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: Real Estate: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: Real Estate: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: Reference Sites: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: Reference Sites: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: Science/Tech: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: Science/Tech: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: Shareware Download: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: Shareware Download: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: Shopping And Auctions: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: Shopping And Auctions: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: Social Networking: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: Social Networking: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: Special Interests/Social Org.: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: Special Interests/Social Org.: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: Sports: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: Sports: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: Spyware/Adware: Allowed

Sub Rule

Detected Spyware Activity

Malware

V 2.0: Spyware/Adware: Blocked

Sub Rule

Failed Spyware Activity

Failed Malware

V 2.0: Streaming Media: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: Streaming Media: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: Television/Movies: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: Television/Movies: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: Travel: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: Travel: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: User_Defined-Bypass_Auth.: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: User_Defined-Bypass_Auth.: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: User_Defined-Bypass_SSL: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: User_Defined-Bypass_SSL: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: User_Defined-O365-SSL_Bypass: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: User_Defined-O365-SSL_Bypass: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: User-defined: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: User-defined: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: Vehicles: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: Vehicles: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: Web Banners: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: Web Banners: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: Web Host: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: Web Host: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: Web Search: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: Web Search: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: Webmail: Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: Webmail: Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

Mapping with LogRhythm Schema

Device Key in Log Message

LogRhythm Schema

Data Type

Schema Description

N/A

N/A 

N/A 

Time and date of the transaction. This excludes the time zone.    

recordid

N/A 

N/A 

Unique record identifier for each log.

login

<login>

Text/String

User's login name in email address format.

N/A

<domainorigin>

Text/String

N/A

dname

<dname>

Text/String

N/A 

dip

<dip>

IP Address

N/A 

sip

<sip>

IP Address

The destination server IP address. Displays 0.0.0.0 if the request was blocked.

natPublicIp

<dnatip>

IP Address

 N/A

url

<url>

Text/String

The destination URL. It excludes the protocol identifier, such as http:// or https://.

ua

<useragent>

Text/String

The full user agent string for both known and unknown agents. The user agent string contains browser and system information that the destination server can use to provide appropriate content.

module

N/A

N/A

N/A 

proto

<protname>

Text/String

Protocol type of the transaction.

action

<action>

<tag1>

Text/String

Action that the service took on the transaction.

reason

<reason>

Text/String

Action that the service took and the policy that was applied, if the transaction was blocked.

appname

<objectname>

Text/String

Cloud application name.

appclass

<object>

Text/String

The web application class of the application that was accessed. Equivalent to module.

filetype

N/A

N/A

Type of file associated with the transaction.

reqsize

N/A 

N/A

Request size in bytes.

responseSize

N/A 

N/A

 N/A

totalsize

<size>

Number

Total size, in bytes, of the HTTP transaction; sum of the total request size and total response size.

sTime

N/A 

N/A

 N/A

cTime

N/A 

N/A

N/A 

malwarecat

<status>

Text/String

The category of malware that was detected in the transaction, if any. Also indicates if a file was submitted to the Sandbox engine for analysis and the result of the analysis.

malwareclass

N/A

N/A

The class of malware that was detected in the transaction, if any.

threatname

<threatname>

Text/String

The name of the threat that was detected in the transaction, if any.

riskscore

<severity>

Number

The Page Risk Index score of the destination URL. The service computes risk for each page by weighing several factors, including page locations, reputation of destination, and content that may look suspicious. The range is 0 - 100, from the lowest to the highest risk.   

dlpeng

N/A 

N/A

The DLP engine that was matched, if any.

dlpdict

N/A 

N/A 

The DLP dictionaries that were matched, if any.

location

N/A

N/A 

Gateway location or sublocation of the source.

dept

<vendorinfo>

Text/String

Department of the user.

reqmethod

<command>

Text/String

HTTP request method.

respcode

<responsecode>

Number

The HTTP response code is sent to the client. The service generates a "403-Forbidden" response for blocked transactions. 

respversion

<version>

Number

HTTP response version.

urlclass

N/A 

N/A

Class of the destination URL.

urlsupercat

N/A

N/A

Super category of the destination URL.

urlcat

<group>

<tag2>

Text/String

Category of the destination URL.

referer

N/A

N/A

HTTP referer URL.

contenttype

<objecttype>

Text/String

The content type name. We display a reduced version of the string (e.g. We will display "Flash" instead of "application/x-shockwave-flash").

unscannabletype

N/A

N/A

N/A

devicehostname

<sname>

Text/String

Device hostname.

deviceowner

<login>

Text/String

Device owner.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close