we have a requirement to store connection details logs in our database.
Is there any way to send logs to our API endpoint or even directly to MySQL database?
I located this, but doesn’t appear there is anything around what you are requesting - About the Cloud Service and Cloud Sandbox Submission APIs | Zscaler
Yes, that’s not what I looking for. I made my own investigation and I see there are 2 options:
- create application as a TCP server and add it as log receiver(About the Log Streaming Service | Zscaler), modify data in my program and send it to DB.
- use NSS with fluentd(Sending logs to S3 directly - #3 by ramesh) - but in our organization it’s not allowed.
I’m wondering if there is any other option?
Tom, which platform are you running? NSS would be for ZIA, and LSS is for ZPA. For ZIA, NSS is an additional license, but sounds like that’s not an option. Can you tell me why? If you have a SIEM and NSS license you should be able to locate what it is you are looking for.
I personally can’t think of another way myself. Hoping someone else jumps on your question.
We are using ZPA, so NSS won’t be a case for us. Sorry for misleading.
No sweat Tom
Are you using a SIEM? If so, you can either set up an App Connector to be a dedicated LSS Log Receiver or you can elect an App Connector that’s in service to send logs. I personally like to elect a dedicated App Connector to send logs.
Take a quick look at this doc. It should get you started - About the Log Streaming Service | Zscaler
This sub-section may get you what you are looking for - About User Activity Log Fields | Zscaler
Hopefully we are getting closer
Yes, we use Graylog, but additionally we need to save some of the logs into our DB. So my idea is:
- Write .NET application, which will be TCP server. The application will receive logs in JSON format, select/filter/parse them to required data format and finally insert into MySQL DB.
- Add this application as Log Receiver in Zscaler.
Yeah, that’s a good idea Tom. Any updates?