This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

ingestion labels for cloudflare & zscaler internet access logs

Posted 3 weeks ago
kaushalpatel
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

what is the correct log type OR ingestion label to use in the chronicle forwarder configuration for the following logs ?

Cloudflare Network Analytics Logs
Zscaler internet access Web Logs

Solved Solved
2 5 113
Topic Labels
Jump to Solution
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
Rene_Figueroa
Staff
In response to kaushalpatel
Reply posted on --/--/---- --:-- AM

You need to open a support case with us. 

https://cloud.google.com/chronicle/docs/getting-support

Please provide the public documentation for the log source as well. Thank you!

View solution in original post

Jump to Solution
5 REPLIES 5

Posted on --/--/---- --:-- AM
Rene_Figueroa
Staff
Reply posted on --/--/---- --:-- AM

Hi, 

You can find our current labels (with and without default parsers) on our public documentation:

https://cloud.google.com/chronicle/docs/ingestion/parser-list/supported-default-parsers

You can simply search for it. 

For "Zscaler internet access Web Logs", we have ZSCALER_INTERNET_ACCESS . For "Cloudflare Network Analytics Logs", we have 3 existing log types:

  1. CLOUDFLARE_WAF
  2. CLOUDFLARE
  3. CLOUDFLARE_AUDIT

I think the closest one might be CLOUDFLARE; you can try that and review the parser in case the logs are not parsed. CLOUDFLARE parser use these references for the development:

 

Jump to Solution

Posted on --/--/---- --:-- AM
kaushalpatel
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

I see only available parser for Zscaler is for Zscaler internet access Audit logs
Do i have to create the manual parser for non audit log types ?

Jump to Solution

Posted on --/--/---- --:-- AM
Rene_Figueroa
Staff
In response to kaushalpatel
Reply posted on --/--/---- --:-- AM

You can check if our other Zscaler log types (parsers) cover the non-audit logs. If you determine none of our existing log types cover your logs, you can request a new log type. 

Jump to Solution

Posted on --/--/---- --:-- AM
kaushalpatel
Bronze 1
Bronze 1
In response to Rene_Figueroa
Reply posted on --/--/---- --:-- AM

what is the process to request a new log type ?

Jump to Solution

Posted on --/--/---- --:-- AM
Rene_Figueroa
Staff
In response to kaushalpatel
Reply posted on --/--/---- --:-- AM

You need to open a support case with us. 

https://cloud.google.com/chronicle/docs/getting-support

Please provide the public documentation for the log source as well. Thank you!

Jump to Solution
Top Solution Authors
View all