Configure Zscaler Secure Private Access (ZPA) to seamlessly send logs to Coralogix.
Configure Zscaler Secure Private Access (ZPA) to send logs in JSON format to a local server hosted on-premises or on-cloud on a custom port (for example, 5514).
STEP 1. Edit the Log Receiver. Click Next.
STEP 2. Configure the Log Stream. Select JSON Log Template. Click Next.
STEP 3. Install Fluentd on a local server.
STEP 4. Use the configuration below to listen to Zscaler on the configured port, parse it to JSON format, and send it to Coralogix.
<source> @type tcp #tcp input filter, in case you are sending it via UDP use udp input plugin and corresponding configuration @log_level debug tag zscaler-tcp # required <parse> @type json </parse> port 5514 #port on which you are sending zscaler logs bind 0.0.0.0 delimiter "\n" </source> <filter **> @type record_transformer <record> tag ${tag_parts[0]} </record> </filter> <filter **> @type record_transformer @log_level warn enable_ruby true auto_typecast true renew_record true <record> applicationName ${record['tag']} #this sets the application name same as tag specified, you can also set a static value subsystemName ${record['tag']} #this sets the application name same as tag specified, you can also set a static value computerName ${hostname} text ${record.to_json} </record> </filter> <match **> @type http @id out_http_coralogix endpoint "https://api.app.coralogix.in/logs/rest/singles" #for india region, update this as per your Coralogix region headers {"private_key":"<Coralogix send your data api-key>"} error_response_as_unrecoverable false <buffer tag> @type memory compress gzip flush_thread_count 4 chunk_limit_size 6MB flush_interval 1s overflow_action throw_exception retry_max_times 10 retry_type periodic retry_wait 8 total_limi_size 512MB </buffer> </match> <label @FLUENT_LOG> <match fluent.*> @type stdout </match> </label>
Input the API endpoint associated with your Coralogix domain in the configuration above.
Domain | API Endpoint |
.coralogix.com | https://api.coralogix.com/logs/rest/singles |
.app.coralogix.us | https://api.coralogix.us/logs/rest/singles |
.app.coralogix.in | https://api.app.coralogix.in/logs/rest/singles |
.app.eu2.coralogix.com | https://api.eu2.coralogix.com/logs/rest/singles |
.app.coralogixsg.com | https://api.coralogixsg.com/logs/rest/singles |
Secure Private Access (ZPA) Help: Configuring a Log Receiver
Need help?
Our world-class customer success team is available 24/7 to walk you through your setup and answer any questions that may come up.
Feel free to reach out to us via our in-app chat or by sending us an email at [email protected].