Syslog log source parameters for Zscaler NSS

If IBM QRadar does not automatically detect the log source, add a Zscaler NSS log source on the QRadar Console by using the Syslog protocol.

When you use the Syslog protocol, there are specific parameters that you must use.

The following table describes the parameters that require specific values to collect Syslog events from Zscaler NSS:
Table 1. Syslog log source parameters for the Zscaler NSS DSM

Parameter

Description

Log Source type Zscaler NSS
Protocol Configuration Syslog
Log Source Identifier

Type the IP address as an identifier for events from your Zscaler NSS installation.

The log source identifier must be a unique value.

Enabled

By default, the check box is selected.

Credibility

Select the credibility of the log source. The range is 0 - 10.

The credibility indicates the integrity of an event or offense as determined by the credibility rating from the source devices. Credibility increases if multiple sources report the same event. The default is 5.

Target Event Collector

Select the Target Event Collector to use as the target for the log source.

Coalescing Events

Select this option for the log source to coalesce (bundle) events.

By default, automatically discovered log sources inherit the value of the Coalescing Events list from the System Settings in QRadar. When you create a log source or edit an existing log source configuration, you can override the default value by configuring this option for each log source.

Incoming Event Payload

Select the Incoming Payload Encoder option for parsing and storing the logs from the list.

Store Event Payload

Select this option to enable the log source to store event payload information.

By default, automatically discovered log sources inherit the value of the Store Event Payload list from the System Settings in QRadar. When you create a log source or edit an existing configuration, you can override the default value by configuring this option for each log source.

Log Source Language

Select the language of the events that are generated by Zscaler NSS.