Log File Name Formats
Logs are uploaded in 10-minute intervals from the Secure Access log queue to the AWS S3 bucket. Within the first two hours after a completed configuration, you should receive your first log upload to your AWS S3 bucket.
|
To check if everything is working, the Last Sync time in Secure Access should update and logs should begin to appear in your AWS S3 bucket. The logs appear in a GZIP format with the following file name format. The files will also be sorted into date-stamped folders.
|
-
Admin Audit logs -
auditlogs/<year>-<month>-<day>/<year>-<month>-<day>-<hour>-<minute>.csv.gz
-
Cloud Firewall traffic -
firewalllogs/<year>-<month>-<day>/<year>-<month>-<day>-<hour>-<minute>.csv.gz
-
DLP traffic -
dlplogs/<year>-<month>-<day>/<year>-<month>-<day>-<hour>-<minute>.csv.gz
-
DNS traffic -
dnslogs/<year>-<month>-<day>/<year>-<month>-<day>-<hour>-<minute>.csv.gz
-
File Events traffic -
fileeventlogs/<year>-<month>-<day>/<year>-<month>-<day>-<hour>-<minute>.csv.gz
-
IPS traffic -
intrusionlogs/<year>-<month>-<day>/<year>-<month>-<day>-<hour>-<minute>.csv.gz
-
Remote Access VPN traffic -
ravpnlogs/<year>-<month>-<day>/<year>-<month>-<day>-<hour>-<minute>.csv.gz
-
Web traffic -
proxylogs/<year>-<month>-<day>/<year>-<month>-<day>-<hour>-<minute>.csv.gz
-
Zero Trust Network Access traffic -
ztnalogs/<year>-<month>-<day>/<year>-<month>-<day>-<hour>-<minute>.csv.gz
-
Zero Trust Access flow traffic -
ztnaflowlogs/<year>-<month>-<day>/<year>-<month>-<day>-<hour>-<minute>.csv.gz