Skip to main content

what is the correct log type OR ingestion label to use in the chronicle forwarder configuration for the following logs ?

Cloudflare Network Analytics Logs
Zscaler internet access Web Logs

Hi, 


You can find our current labels (with and without default parsers) on our public documentation:


https://cloud.google.com/chronicle/docs/ingestion/parser-list/supported-default-parsers


You can simply search for it. 


For "Zscaler internet access Web Logs", we have ZSCALER_INTERNET_ACCESS . For "Cloudflare Network Analytics Logs", we have 3 existing log types:



  1. CLOUDFLARE_WAF

  2. CLOUDFLARE

  3. CLOUDFLARE_AUDIT


I think the closest one might be CLOUDFLARE; you can try that and review the parser in case the logs are not parsed. CLOUDFLARE parser use these references for the development:











 

I see only available parser for Zscaler is for Zscaler internet access Audit logs
Do i have to create the manual parser for non audit log types ?

I see only available parser for Zscaler is for Zscaler internet access Audit logs
Do i have to create the manual parser for non audit log types ?


You can check if our other Zscaler log types (parsers) cover the non-audit logs. If you determine none of our existing log types cover your logs, you can request a new log type. 

You can check if our other Zscaler log types (parsers) cover the non-audit logs. If you determine none of our existing log types cover your logs, you can request a new log type. 


what is the process to request a new log type ?

what is the process to request a new log type ?


You need to open a support case with us. 


https://cloud.google.com/chronicle/docs/getting-support


Please provide the public documentation for the log source as well. Thank you!

Reply


Terms & ConditionsCookie settings
Privacy Policy Terms of Service Gen AI Policy Community Guidelines Cookie Settings

© 2025 Google. All rights reserved.