what is the correct log type OR ingestion label to use in the chronicle forwarder configuration for the following logs ?
Cloudflare Network Analytics Logs
Zscaler internet access Web Logs
Solved! Go to Solution.
You need to open a support case with us.
https://cloud.google.com/chronicle/docs/getting-support
Please provide the public documentation for the log source as well. Thank you!
Hi,
You can find our current labels (with and without default parsers) on our public documentation:
https://cloud.google.com/chronicle/docs/ingestion/parser-list/supported-default-parsers
You can simply search for it.
For "Zscaler internet access Web Logs", we have ZSCALER_
I think the closest one might be CLOUDFLARE; you can try that and review the parser in case the logs are not parsed. CLOUDFLARE parser use these references for the development:
I see only available parser for Zscaler is for Zscaler internet access Audit logs
Do i have to create the manual parser for non audit log types ?
You can check if our other Zscaler log types (parsers) cover the non-audit logs. If you determine none of our existing log types cover your logs, you can request a new log type.
what is the process to request a new log type ?
You need to open a support case with us.
https://cloud.google.com/chronicle/docs/getting-support
Please provide the public documentation for the log source as well. Thank you!