Guides
System StatusRaise a TicketZluri Website

Connect

Use this guide to configure Zscaler to send web logs to Zluri using Cloud NSS and an S3 bucket.

Prerequisites

  • Admin access to Zscaler and Zluri
  • Zscaler API key

Step 1: Connect Zscaler in Zluri

1. Go to Source → Integrations → Browse Catalog, search for Zscaler, and click Connect Integration.

2. In the scope selection screen, add the optional scope: Read NSS Logstream Logs.

🚧

This scope is not selected by default and must be added manually to enable log ingestion.

Click Continue.

3. Log in using Zscaler credentials:

  • API Key: Go to Administration → Cloud Service API Key Security in Zscaler
  • Username and Password: Use the same credentials used to log into Zscaler
  • Subdomain: Use the organization's Zscaler cloud name (e.g., zscaler.net, zscalerthree.net)

4. Enter the Bucket Name (shared by Zluri Support).

🚧

The "Bucket Name" becomes mandatory when the Read NSS Logstream Logs scope is selected.

If the scope is enabled but the bucket name is missing, the integration will fail.

5. Click Connect.

Integration Logic

ConditionResult
“Read NSS Logstream Logs” not selectedIntegration succeeds, but logs aren’t ingested
“Read NSS Logstream Logs” selected + bucket added + feed configuredIntegration and log ingestion succeed
“Read NSS Logstream Logs” selected + bucket missing or NSS feed not configuredIntegration fails

Step 2: Configure NSS Feed in Zscaler

1. In Zscaler, go to Administration → Nanolog Streaming Service (NSS) and click Add NSS Feed.

2. Fill in General:

  • Feed Name (e.g., LogsZluri)
  • NSS Type: NSS for Web
  • Status: Enabled
  • SIEM Rate: Unlimited

3. Under SIEM Connectivity, select S3 and enter:

  • AWS Access Key (ID) and AWS Secret Access Key (shared by Zluri)
  • S3 Folder URL in the following format:
    https://{bucket-name}/{orgId}/{integrationId}/{orgIntegrationId}/YYYY/MM/DD/
    Use the exact path shared by Zluri after integration.

Step 3: Format the Feed

Configure the formatting section:

  • Log Type:  Web Logs
  • Feed Output Type: JSON
  • Enable JSON Array Notation
  • Keep the Feed Output Format line

Step 4: Finalise the Setup

1. Click Test Connectivity. A 200 OK message confirms success.

2. Set the preferred log push frequency (e.g., hourly or daily).

3. Click Save to complete the feed setup.

Final Notes

  • Please reach out to Zluri Support to get:
    • S3 credentials (access key & secret)
    • Org-specific S3 folder path
  • Ensure exact formatting and scope alignment to avoid setup issues

Updated 6 days ago