Adding NSS Feeds for Alerts

You can configure a separate feed for alerts, so you can monitor the NSS. Note that you can add up to eight NSS feeds for the NSS. You can select the level at which alerts will be sent: Warning and/or Critical. You can select multiple alert levels. The service will send the alerts in RFC 3164-compliant syslog format to the specified IP address and port. The following table lists the alerts that are sent for each level.


NSS Alerts
Warning
Critical
The connection to the SIEM is down
Memory is low
The connection to the Zscaler admin portal is down
Disk space is low
The connection to the Nanolog is down
The connection between the NSS and the SIEM is poor. The NSS could drop some logs if connectivity does not improve.

The CPU utilization is high

Memory swap is high


  1. Go to Administration > Settings > Nanolog Streaming Service.
  2. From the NSS Feeds tab, click Add and complete the following:
    • Feed Name: Enter or edit the name of the feed. Each feed is a connection between NSS and your SIEM.
    • NSS Type: Select which type of feed you are configuring. NSS for Web is selected by default.
    • NSS Server: Choose an NSS from the list.
    • Status: The NSS feed is Enabled by default. Click Disabled if you want to activate it at a later time.
    • SIEM IP Address and SIEM TCP Port: Enter the IP address and port of the SIEM to which the logs are streamed. Ensure that the SIEM is configured to accept the feed from NSS.
    • Log Type: Choose Alerts.
  3. Select at which levels alerts will be sent: Critical and/or Warn. You can select multiple alert levels.
  4. Click Save and activate the change.
    The service will send the alerts in RFC 3164-compliant syslog format to the specified IP address and port.