Any issues with ingestion logs from Zscaler ZIA and ZPA?
Hey @avshch,
Assuming the ZIA and ZPA logs can be forwarded from the application then there should not be an issue, have you encountered something specifc?
@Wine_Merchant Nothing specific yet. With Zscaler ZIA there are a couple of options to forward logs
with on-prem NSS server https://help.zscaler.com/zia/about-nss-servers
or cloud-based NSS server https://help.zscaler.com/zia/integrating-cloud-nss-cloud-based-siems
Just wanted to see if anyone has implemented any method and if so any pros/cons associated with each.
On prem will forward logs in syslog format and I believe cloud is https, on-prem will require you to instal a physical host while cloud will not but having access to cloud nss appears to depend on your subscription.
I think if your deployment of Graylog is on-prem then hosting the NSS server and forwarding logs locally over a given port might be more appealing than encrypted across the web.