Recommended log fields and value/threshold to monitor the App Connector & Performance

Dear Experts,

I understand that we could monitor the App Connector & Performance through LSS.

May I request your assistance to suggest the recommended log field and value for triggering alerts through SIEM for below events?

  1. How can we proactively know that a ZPA connector had gone down?
  2. How can we proactively know that ZPA connector has reached its max throughput?
  3. What will happen, if a particular ZPA connector reached its max throughput.
  4. How do we know that the ZPA connector is running healthy and not dropping any client connections?
  5. Under the diagnostic logs, we could only see the time taken by the ZPA Connector to reach the Application server, how can we check the total RTT (User-machine-> ZEN Node/Broker-> ZPA Cloud → ZPA Connector → Application- > User-machine)


Please help to map the correct LSS fields and baseline value to trigger alerts for the above events.

Hi @kshah

Could you please assist here?


I’m not sure I would use the logs for some of that monitoring.
Simple SNMP is a great way to get a lot of that data.
We actually use the Telegraf agent installed on the connectors to provide us with all the data we need. We then set thresholds that alert us when they are breached. For example I know that if a Connector throughput drops below 1Mb/s that there is a problem.
We also use Telegraf to get data to monitor things like Source Port Consumption.
We then feed it all into a nice Grafana dashboard.