Zscaler Secure Private Access (ZPA)
Configure Zscaler Secure Private Access (ZPA) to seamlessly send logs to Coralogix.
Configuration
Configure Zscaler Secure Private Access (ZPA) to send logs in JSON format to a local server hosted on-premises or on-cloud on a custom port (for example, 5514).
STEP 1. Edit the Log Receiver. Click Next.
STEP 2. Configure the Log Stream. Select JSON Log Template. Click Next.
STEP 3. Install Fluentd on a local server.
STEP 4. Use the configuration below to listen to Zscaler on the configured port, parse it to JSON format, and send it to Coralogix.
<source>
@type tcp #tcp input filter, in case you are sending it via UDP use udp input plugin and corresponding configuration
@log_level debug
tag zscaler-tcp # required
<parse>
@type json
</parse>
port 5514 #port on which you are sending zscaler logs
bind 0.0.0.0
delimiter "\n"
</source>
<filter **>
@type record_transformer
<record>
tag ${tag_parts[0]}
</record>
</filter>
<filter **>
@type record_transformer
@log_level warn
enable_ruby true
auto_typecast true
renew_record true
<record>
applicationName ${record['tag']} #this sets the application name same as tag specified, you can also set a static value
subsystemName ${record['tag']} #this sets the application name same as tag specified, you can also set a static value
computerName ${hostname}
text ${record.to_json}
</record>
</filter>
<match **>
@type http
@id out_http_coralogix
endpoint "https://api.app.coralogix.in/logs/rest/singles" #for india region, update this as per your Coralogix region
headers {"private_key":"<Coralogix send your data api-key>"}
error_response_as_unrecoverable false
<buffer tag>
@type memory
compress gzip
flush_thread_count 4
chunk_limit_size 6MB
flush_interval 1s
overflow_action throw_exception
retry_max_times 10
retry_type periodic
retry_wait 8
total_limi_size 512MB
</buffer>
</match>
<label @FLUENT_LOG>
<match fluent.*>
@type stdout
</match>
</label>
Parameters & Descriptions
Input the API endpoint associated with your Coralogix domain in the configuration above.
| Domain | API Endpoint |
| .coralogix.com | https://api.coralogix.com/logs/rest/singles |
| .app.coralogix.us | https://api.coralogix.us/logs/rest/singles |
| .app.coralogix.in | https://api.app.coralogix.in/logs/rest/singles |
| .app.eu2.coralogix.com | https://api.eu2.coralogix.com/logs/rest/singles |
| .app.coralogixsg.com | https://api.coralogixsg.com/logs/rest/singles |
Additional Resources
Secure Private Access (ZPA) Help: Configuring a Log Receiver
Support
Need help?
Our world-class customer success team is available 24/7 to walk you through your setup and answer any questions that may come up.
Feel free to reach out to us via our in-app chat or by sending us an email at [email protected].
Zscaler Internet Access (ZIA) 
Light
light
dark
User Guides
Integrations
OpenTelemetry
Developer Portal