what is the correct log type OR ingestion label to use in the chronicle forwarder configuration for the following logs ?
Cloudflare Network Analytics Logs
Zscaler internet access Web Logs
Solved
ingestion labels for cloudflare & zscaler internet access logs
+5Best answer by Rene_Figueroa
what is the process to request a new log type ?
You need to open a support case with us.
https://cloud.google.com/chronicle/docs/getting-support
Please provide the public documentation for the log source as well. Thank you!
+10Hi,
You can find our current labels (with and without default parsers) on our public documentation:
https://cloud.google.com/chronicle/docs/ingestion/parser-list/supported-default-parsers
You can simply search for it.
For "Zscaler internet access Web Logs", we have ZSCALER_
- CLOUDFLARE_
WAF - CLOUDFLARE
- CLOUDFLARE_
AUDIT
I think the closest one might be CLOUDFLARE; you can try that and review the parser in case the logs are not parsed. CLOUDFLARE parser use these references for the development:
# Cloudflare Audit - https://developers.cloudflare.com/logs/reference/log-fields/account/audit_logs,
# Cloudflare Gateway DNS - https://developers.cloudflare.com/logs/reference/log-fields/account/gateway_dns,
# Cloudflare Gateway HTTP - https://developers.cloudflare.com/logs/reference/log-fields/account/gateway_http
# Cloudflare Zero Trust Network Session - https://developers.cloudflare.com/logs/reference/log-fields/account/zero_trust_network_sessions/
# Cloudflare Access Requests - https://developers.cloudflare.com/logs/reference/log-fields/account/access_requests/
# Cloudflare CASB Findings - https://developers.cloudflare.com/logs/reference/log-fields/account/casb_findings/
# Cloudflare Gateway Network - https://developers.cloudflare.com/logs/reference/log-fields/account/gateway_network/
+5I see only available parser for Zscaler is for Zscaler internet access Audit logs
Do i have to create the manual parser for non audit log types ?
+10I see only available parser for Zscaler is for Zscaler internet access Audit logs
Do i have to create the manual parser for non audit log types ?
You can check if our other Zscaler log types (parsers) cover the non-audit logs. If you determine none of our existing log types cover your logs, you can request a new log type.
+5You can check if our other Zscaler log types (parsers) cover the non-audit logs. If you determine none of our existing log types cover your logs, you can request a new log type.
what is the process to request a new log type ?
+10what is the process to request a new log type ?
You need to open a support case with us.
https://cloud.google.com/chronicle/docs/getting-support
Please provide the public documentation for the log source as well. Thank you!
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.