Zyxel ATP700 to SIEM
Hello,
I'm trying to forward the VPN logs of a Zyxel ATP700 to my SIEM (InsightIDR), the forwarding works fine, but I can't format them as indicated in this documentation
https://docs.rapid7.com/insightidr/rapid7-universal-vpn/
Can someone help me?
Thank you
Hi,
Based on the page you linked you'd need to produce a specific JSON structure. I'd need to understand the collection setup to provide better input.
This can be quite easily done by defining fields as appropriate then using to_json() to create the output JSON.
I have not looked into what transport Rapid 7 might expect, but om_tcp or perhaps om_http
Please review the documentation about event fields and our JSON extension:
https://docs.nxlog.co/ce/current/index.html#xm_json
https://docs.nxlog.co/ce/current/index.html#lang_fields
