Anyone have any tips for this? From ZPA specifically.
We have an overview of the Log Streaming Service here: https://help.zscaler.com/zpa/about-log-streaming
And detailed step-by-step config instructions here: https://help.zscaler.com/zpa/configuring-log-receiver
In production, you will need separate dedicated Connectors for log forwarding (independent of the Connectors carrying user traffic to apps). This is because log forwarding is best-effort and does not cache or buffer; if the connector got overwhelmed by user traffic, potentially not all logs would reach the log receiver. We recommend putting the log forwarding connectors as close as possible to the log receivers.
You can send different types of logs to different log receivers; for example, user activity logs to a SIEM and connector status logs to a CMDB or network management tool.
Personally, I recommend starting with a default log format, establishing log flow, and then tuning the logs to your specific desire. You can select what types of log entries to forward, customize the log content, etc. Details of the log format are here: https://help.zscaler.com/zpa/understanding-log-stream-content-format
I hope this is helpful - please let us know if you have any questions beyond what’s covered here!
Right but any insight into how to specifically send connector status logs to SyslogD I do not see a guide for this.