Configure Zscaler Secure Private Access (ZPA) to send logs in JSON format to a local server hosted on-premises or on-cloud on a custom port (for example, 5514).
STEP 4. Use the configuration below to listen to Zscaler on the configured port, parse it to JSON format, and send it to Coralogix.
<source>
@type tcp #tcp input filter, in case you are sending it via UDP use udp input plugin and corresponding configuration
@log_level debug
tag zscaler-tcp # required
<parse>
@type json
</parse>
port 5514 #port on which you are sending zscaler logs
bind 0.0.0.0
delimiter "\n"
</source>
<filter **>
@type record_transformer
<record>
tag ${tag_parts[0]}
</record>
</filter>
<filter **>
@type record_transformer
@log_level warn
enable_ruby true
auto_typecast true
renew_record true
<record>
applicationName ${record['tag']} #this sets the application name same as tag specified, you can also set a static value
subsystemName ${record['tag']} #this sets the application name same as tag specified, you can also set a static value
computerName ${hostname}
text ${record.to_json}
</record>
</filter>
<match **>
@type http
@id out_http_coralogix
endpoint "https://api.app.coralogix.in/logs/rest/singles" #for india region, update this as per your Coralogix region
headers {"private_key":"<Coralogix send your data api-key>"}
error_response_as_unrecoverable false
<buffer tag>
@type memory
compress gzip
flush_thread_count 4
chunk_limit_size 6MB
flush_interval 1s
overflow_action throw_exception
retry_max_times 10
retry_type periodic
retry_wait 8
total_limi_size 512MB
</buffer>
</match>
<label @FLUENT_LOG>
<match fluent.*>
@type stdout
</match>
</label>
Parameters & Descriptions
Input the API endpoint associated with your Coralogix domain in the configuration above.
Oh no!We didn’t find anything for “”,
