Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Configuring a Zscaler NSS Log Source

 

JSA automatically discovers and creates a log source for syslog events that are forwarded from Zscaler NSS.

These configuration steps are optional.

  1. Log in to JSA.
  2. Click the Admin tab.
  3. Click the Log Sources icon.
  4. Click Add.
  5. In the Log Source Name field, type a name for your log source.
  6. Optional: In the Log Source Description field, type a description for your log source.
  7. From the Log Source Type list, select Zscaler NSS.
  8. From the Protocol Configuration list, select Syslog.
  9. Configure the following values:

    Table 1: Syslog Protocol Parameters

    Parameter

    Description

    Log Source Identifier

    Type the IP address as an identifier for events from your Zscaler NSS installation.

    The log source identifier must be unique value.

    Enabled

    Select this check box to enable the log source.

    By default, the check box is selected.

    Credibility

    Select the credibility of the log source. The range is 0 - 10.

    The credibility indicates the integrity of an event or offense as determined by the credibility rating from the source devices. Credibility increases if multiple sources report the same event. The default is 5.

    Target Event Collector

    Select the Target Event Collector to use as the target for the log source.

    Coalescing Events

    Select this check box to enable the log source to coalesce (bundle) events.

    By default, automatically discovered log sources inherit the value of the Coalescing Events list from the System Settings in JSA. When you create a log source or edit an existing configuration, you can override the default value by configuring this option for each log source.

    Incoming Event Payload

    From the list, select the Incoming Payload Encoder for parsing and storing the logs.

    Store Event Payload

    Select this check box to enable the log source to store event payload information.

    By default, automatically discovered log sources inherit the value of the Store Event Payload list from the System Settings in JSA. When you create a log source or edit an existing configuration, you can override the default value by configuring this option for each log source.

    Log Source Language

    Select the language of the events that are generated by zScaler NSS.

  10. Click Save.
  11. On the Admin tab, click Deploy Changes.