Export logs to splunk

Hello Good morning,

I need your help, I have to export the logs that I have in the zscaler with the ZIA module to an on premise collector that I have mounted, how do I do this configuration?

Thanks in advance

Best regards

Have a look at the NSS which allows you to stream the Zscaler Logs to an on-premise log collector.

About Nanolog Streaming Service | Zscaler

1 Like

@Grktsystems first you have to feed logs in NSS server and then from NSS server you can feed those logs to your SIEM solution.

Pls use these links for you reference.

1 Like

Hi Gordon and Rawat

Nice to meet you, and thanks for the support.

I am reading the documentation on how to integrate Zscaler with the zia module into an on premise collector which in turn dumps the events into a splunk.

I have had to deploy an on premise server, because the module coming back directly through SAAS technology was too expensive.

I will keep you informed

Have a nice day

Thanks in advance

Gorka

1 Like

Love the follow-up. Looking forward to hearing about the solution.

1 Like

As many have said you need to use the Zscaler nanolog streaming service to do this for ZIA logs (Web, Firewall, DNS etc). This comes either as an on premise VM (Zscaler Cloud → On Prem VM → Syslog/Siem/collector or as a Cloud to Cloud Streaming service. (Zscaler Cloud direct to your Cloud Service).

I can tell you now that Cloud to Cloud streaming is way easier as Zscaler send the logs directly to Splunk so no need to backhaul logs, Manage/Monitor VMs or anything like that. in my current environment we have done both on premise and cloud to cloud. We needed assistance from our TAM to get it up and running but so far it has worked well (we opted for it as soon as it was available and there were a few teething issues which is why we needed our TAM).

However as you posted in the Client Connector section, are you after the logs of the actual Client Connector? or just the web activity?

1 Like

Hello Good morning to all,

Sorry for the delay, but I also need a reebot for this christmas… there is a lot of work, I am lucky, I work in something that I am passionate about.

So, how to export navigation data from users to an on premise server, which dumps the data in a splunk.

The first thing I have done, is to go to the part of:

1: Administration, left side screen

2: Inside Nanolog Streaming Service

3: Section NSS Feeds

4: I have added two feeds, one web log and the other alert, I have put the IP that points to the SPLUNK, which my client has given me.

5: I have activated the configuration,

6: Now I am waiting for feedback

Let me know if I need any additional step or if I have made any mistake, in the next post I will put more screenshots if I find the final solution.

Thanks to all of you for your time and collaboration

Best regards Gorka