lss#
The following methods allow for interaction with the ZPA Log Streaming Service Controller API endpoints.
Methods are accessible via zpa.lss
- class LSSConfigControllerAPI#
Bases:
object- add_lss_config(lss_host, lss_port, name, source_log_type, app_connector_group_ids=None, enabled=True, source_log_format='csv', use_tls=False, **kwargs)#
Adds a new LSS Receiver Config to ZPA.
- Parameters:
app_connector_group_ids (list) – A list of unique IDs for the App Connector Groups associated with this LSS Config. Defaults to None.
enabled (bool) – Enable the LSS Receiver. Defaults to True.
lss_host (str) – The IP address of the LSS Receiver.
lss_port (str) – The port number for the LSS Receiver.
name (str) – The name of the LSS Config.
source_log_format (str) –
The format for the logs. Must be one of the following options:
csv- send logs in CSV formatjson- send logs in JSON formattsv- send logs in TSV format
Defaults to csv.
source_log_type (str) –
The type of logs that will be sent to the receiver as part of this config. Must be one of the following options:
app_connector_metricsapp_connector_statusaudit_logsbrowser_accessprivate_svc_edge_statususer_activityuser_status
use_tls (bool) – Enable to use TLS on the log traffic between LSS components. Defaults to False.
- Keyword Arguments:
description (str) – Additional information about the LSS Config.
filter_status_codes (list) – A list of Session Status Codes that will be excluded by LSS.
log_stream_content (str) – Formatter for the log stream content that will be sent to the LSS Host. Only pass this parameter if you intend on using custom log stream content.
policy_rules (list) –
A list of policy rule tuples. Tuples must follow the convention:
(object_type, [object_id]).
E.g.
('app_segment_ids', ['11111', '22222']), ('segment_group_ids', ['88888']), ('idp_ids', ['99999']), ('client_type', ['zia_service_edge']) ('saml', [('33333', 'value')])
- Returns:
The newly created LSS Config resource record.
- Return type:
Box
Examples
Add an LSS Receiver config that receives App Connector Metrics logs.
zpa.lss.add_config( app_connector_group_ids=["app_conn_group_id"], lss_host="192.0.2.100, lss_port="8080", name="app_con_metrics_to_siem", source_log_type="app_connector_metrics")
Add an LSS Receiver config that receives User Activity logs.
zpa.lss.add_config( app_connector_group_ids=["app_conn_group_id"], lss_host="192.0.2.100, lss_port="8080", name="user_activity_to_siem", policy_rules=[ ("idp", ["idp_id"]), ("app", ["app_seg_id"]), ("app_group", ["app_seg_group_id"]), ("saml", [("saml_attr_id", "saml_attr_value")]), ], source_log_type="user_activity")
Add an LSS Receiver config that receives User Status logs.
zpa.lss.add_config( app_connector_group_ids=["app_conn_group_id"], lss_host="192.0.2.100, lss_port="8080", name="user_activity_to_siem", policy_rules=[ ("idp", ["idp_id"]), ("client_type", ["web_browser", "client_connector"]), ("saml", [("attribute_id", "test3")]), ], source_log_type="user_status")
- delete_lss_config(lss_id)#
Delete the specified LSS Receiver Config.
- Parameters:
lss_id (str) – The unique identifier for the LSS Receiver Config to be deleted.
- Returns:
The response code for the operation.
- Return type:
Examples
Delete an LSS Receiver config.
>>> zpa.lss.delete_config('99999')
- get_client_types()#
Returns all available LSS Client Types.
Client Types are used when creating LSS Receiver configs. ZPA uses an internal code for Client Types, e.g.
zpn_client_type_ip_anchoringis the Client Type for a ZIA Service Edge. zscaler-sdk-python inverts the key/value so that you can perform a lookup using a human-readable name in your code (e.g.cloud_connector).- Returns:
Dictionary containing all LSS Client Types with human-readable name as the key.
- Return type:
Box
Examples
Print all LSS Client Types:
>>> print(zpa.lss.get_client_types())
- get_config(lss_id)#
Returns information on the specified LSS Receiver config.
- Parameters:
lss_id (str) – The unique identifier for the LSS Receiver config.
- Returns:
The resource record for the LSS Receiver config.
- Return type:
Box
Examples
Print information on the specified LSS Receiver config.
>>> print(zpa.lss.get_config('99999'))
- get_log_formats()#
Returns all available pre-configured LSS Log Formats.
LSS Log Formats are provided as either CSV, JSON or TSV. LSS Log Format values can be used when creating or updating LSS Log Receiver configs.
- Returns:
Dictionary containing pre-configured LSS Log Formats.
- Return type:
Box
Examples
>>> for item in zpa.lss.get_log_formats(): ... print(item)
- get_status_codes(log_type='all')#
Returns a list of LSS Session Status Codes.
The LSS Session Status codes are used to filter the messages received by LSS. LSS Session Status Codes can be used when adding or updating the filters for an LSS Log Receiver.
- Parameters:
log_type (str) –
Filter the LSS Session Status Codes by Log Type, accepted values are:
allapp_connector_statusprivate_svc_edge_statususer_activityuser_status
Defaults to all.
- Returns:
Dictionary containing all LSS Session Status Codes.
- Return type:
Box
Examples
Print all LSS Session Status Codes.
>>> for item in zpa.lss.get_status_codes(): ... print(item)
Print LSS Session Status Codes for User Activity log types.
>>> for item in zpa.lss.get_status_codes(log_type="user_activity"): ... print(item)
- list_configs(**kwargs)#
Returns all configured LSS receivers.
- Keyword Arguments:
**max_items (int) – The maximum number of items to request before stopping iteration.
**max_pages (int) – The maximum number of pages to request before stopping iteration.
**pagesize (int) – Specifies the page size. The default size is 20, but the maximum size is 500.
**search (str, optional) – The search string used to match against features and fields.
- Returns:
List of all configured LSS receivers.
- Return type:
BoxList
Examples
Print all configured LSS Receivers.
>>> for lss_config in zpa.lss.list_configs(): ... print(config)
- source_log_map = {'app_connector_metrics': 'zpn_ast_comprehensive_stats', 'app_connector_status': 'zpn_ast_auth_log', 'audit_logs': 'zpn_audit_log', 'browser_access': 'zpn_http_trans_log', 'private_svc_edge_status': 'zpn_sys_auth_log', 'user_activity': 'zpn_trans_log', 'user_status': 'zpn_auth_log', 'web_inspection': 'zpn_waf_http_exchanges_log'}#
- update_lss_config(lss_config_id, **kwargs)#
Update the LSS Receiver Config.
- Parameters:
lss_config_id (str) – The unique id for the LSS Receiver config.
**kwargs – Optional keyword args.
- Keyword Arguments:
description (str) – Additional information about the LSS Config.
enabled (bool) – Enable the LSS host. Defaults to
True.filter_status_codes (list) – A list of Session Status Codes that will be excluded by LSS. If you would like to filter all error codes then pass the string “all”.
log_stream_content (str) – Formatter for the log stream content that will be sent to the LSS Host.
policy_rules (list) –
A list of policy rule tuples. Tuples must follow the convention:
(object_type, [object_id]).
E.g.
('app_segment_ids', ['11111', '22222']), ('segment_group_ids', ['88888']), ('idp_ids', ['99999']), ('client_type', ['zpn_client_type_exporter']) ('saml_attributes', [('33333', 'value')])
source_log_format (str) –
The format for the logs. Must be one of the following options:
csv- send logs in CSV formatjson- send logs in JSON formattsv- send logs in TSV format
source_log_type (str) –
The type of logs that will be sent to the receiver as part of this config. Must be one of the following options:
app_connector_metricsapp_connector_statusaudit_logsbrowser_accessprivate_svc_edge_statususer_activityuser_status
use_tls (bool) – Enable to use TLS on the log traffic between LSS components. Defaults to
False.
Examples
Update an LSS Log Receiver config to change from user activity to user status.
Note that the
policy_ruleswill need to be modified to be compatible with the chosensource_log_type.zpa.lss.update_config( name="user_status_to_siem", policy_rules=[ ("idp", ["idp_id"]), ("client_type", ["machine_tunnel"]), ("saml", [("attribute_id", "11111")]), ], source_log_type="user_status")