Products
Solutions
Resources
Support
Partners
Company
321-953-5351
 
Cyfin - Zscaler Support

Cyfin - Zscaler Support

Cyfin - Zscaler Configuration

Zscaler

Cyfin is installed on a server, not on the Zscaler appliance.

Log File Setup

Log File Type:  Zscaler

Zscaler Configuration Steps

Zscaler uses a virtual machine, Nanolog Streaming Service (NSS), to stream logs from the Zscaler service and deliver them to Cyfin Syslog.

To collect logs for Zscaler Web Security, perform these steps detailed in the following sections:

  1. Configure Zscaler NSS.
  2. Connect the Zscaler NSS feed to Cyfin Syslog.

Configure Zscaler NSS

NSS is maintained and distributed by Zscaler as an Open Virtual Application (OVA). To stream logs to Cyfin Syslog, follow the steps outlined in the NSS Configuration Guide at https://support.zscaler.com/hc/en-us...guration-Guide.

Connect the Zscaler NSS Feed to Cyfin Syslog

Once you have configured the Zscaler NSS, now add a feed to send logs to Cyfin Syslog using the following steps.

  1. Log into your Zscaler NSS system.
  2. Go to Administration - Settings - Nanolog Streaming Service.
  3. From the NSS Feeds tab, click Add.
  4. In the Add NSS Feed dialog:
    • Feed Name. Enter a name for your NSS feed.
    • NSS Server. Select None.
    • SIEM IP Address. Enter the Cyfin IP address.
    • Log Type. Select Web Log.
    • Feed Output Type. QRadar LEEF is the default.
    • NSS Type. NSS for Web is the default.
    • Status. Select Enabled.
    • SIEM TCP Port. Enter the Cyfin Syslog TCP port number.
    • Feed Escape Character. Leave this field blank.
    • Feed Output Format. The LEEF format is displayed.
    • User Obfuscation. Select Disabled.
    • Duplicate Logs. Disabled by default.
    • Timezone. Set to GMT by default.
  5. Click Save.

Cyfin Configuration Steps

Cyfin Syslog Server listens for syslog messages from your Zscaler device. Both UDP-based and TCP-based messages are supported.

  1. Select the Zscaler log file configuration in Cyfin for your Zscaler device.
  2. Specify the Directory in which the log files will be created. The default directory is [InstallPath]\wc\cf\log.
  3. Select Enable Syslog Server.
  4. For Port Type, select UDP or TCP for the Internet protocol you want to use.
  5. In the Listening Port field, the default port number is 1455. The listening port will be used by your Zscaler device to transfer the data. You may change this number if necessary.
  6. At your Zscaler device, specify the IP address of the Cyfin server and the listening port, and submit the syslog messages.
  7. Your log files will be created and displayed in the Log File Viewer in Cyfin.
  8. If you have many of the same Zscaler devices, use one log file configuration with one listening port, and point each Zscaler device to the same listening port.
© Copyright 1996-2024 Wavecrest Computing. All Rights Reserved.
Trial
Price Quote
Cyfin Datasheet
Best Practices
The Human Factor White Paper Series
Cyfin Tech Brief
Cyfin Syslog Server
Reporting Guide
"We discovered that Cyfin was flexible, providing us with the details needed to make adjustments to our Policies and Bandwidth, as well as increasing employee’s productivity."

-Allen Lochamy, Atlanta Bonded Warehouse
Wavecrest Celebrating 25 years
Wavecrest Cyfin CyBlock Facebook Wavecrest Cyfin CyBlock Twitter Wavecrest Cyfin CyBlock Linkedin Wavecrest Cyfin CyBlock YouTube Wavecrest Cyfin CyBlock Knowledge Base
LEGAL PRIVACY | © Copyright 1996-2024 Wavecrest Computing. All Rights Reserved. | 321-953-5351
Cyfin for:Cyfin Deployments:CyBlock Deployments:
By IndustryBy Use Case
PartnersCompany