icon-fair-use-customer-data.svg
Logs & Fair Use

ZPA Logs

In order to access the Zscaler Private Access (ZPA) service, Zscaler has the right to process, use, reproduce, store, modify, and display the information from logs. For ZPA, logs are defined as follows:

  • User Logs: Activity logs of authorized users who access your internal applications through ZPA. These logs capture end-user requests to Applications or information related to an end user's availability and connection to ZPA. To learn more, see User Activity Log Fields and User Status Log Fields.
  • App Connector Logs: Activity logs of the App Connector, which allow authorized users access to your internal applications through ZPA. These logs capture information on an App Connector's availability and connection to ZPA. To learn more, see App Connector Status Log Fields.
  • Inspection Logs: Activity logs relating to the inspection of traffic destined to or from internal applications through ZPA.
  • Audit Logs: Activity logs of configuration changes you made via the ZPA Admin Portal. To learn more, see About Audit Logs and Audit Log Fields.
  • Privileged Session Recordings: Screen recordings of RDP, SSH, VNC systems by users accessed in Privileged Remote Access (PRA) configured with the Record Session Privileged Capability. To learn more, see About Privileged Capabilities Policy and Viewing Recordings in Accessing Privileged Sessions.
  • Zscaler Microsegmentation Agent Logs: Agent logs that include information such as hostname, operating system name, operating system version, network addresses, cloud environment details (i.e., Cloud Name, Cloud Account ID, Cloud Region, VPC/VNET details, Cloud Subnet details, user defined tags in cloud), traffic connection information and host resource telemetry (i.e., CPU, memory, file descriptor utilization).

Logs do not include your internal system logs.

Zscaler retains User Activity, User Status, Inspection, and App Connector log information for a rolling period of at least 14 days during the subscription term. Zscaler retains audit log information for a rolling period of six months during the subscription term. When the subscription term ends or expires, the logs are deleted by Zscaler according to the applicable retention cycles. You can also view your logs or stream logs in real-time using the Log Streaming Service (LSS).

During the deployment process, you can choose to have the logs stored in either the United States or the European Union.

If you order the VPN Connectivity service, logs also include:

  • VPN Connector Logs: Activity logs of the VPN Connector, which allow authorized users access to your internal applications through ZPA VPN Connectivity. These logs capture information on a VPN Connector’s availability and connection to ZPA.
  • VPN Service Edge Logs: Activity logs of the VPN Service Edge which enables secure VPN tunnels from the user and from the VPN Connector and routes data from authorized users to internal destination applications.

If you configure the Session Recording for Privileged Remote Access (PRA), session recordings will be retained by Zscaler for a period of one year during the term of subscription. When the subscription term ends or expires, these logs are deleted by Zscaler. For the PRA Session Recording service, the session recordings will be encrypted and stored in the geographical region in which the customer tenant is located.

Related Articles
DSPM LogsZCSPM LogsZDX LogsZIA LogsZPA LogsZPC LogsZIdentity LogsZscaler 3rd-Party App Governance LogsZscaler Asset Exposure Management (AEM) LogsZscaler Breach Predictor LogsZscaler Business Insights LogsZscaler Cellular (SIM and Cellular Edge) LogsZscaler Client Connector LogsZscaler Cloud & Branch Connector LogsZscaler Deception and Zscaler ITDR LogsZscaler External Attack Surface Management (EASM) LogsZscaler Risk360 LogsZscaler Threat Hunting LogsZscaler Traffic Capture LogsZscaler Unified Vulnerability Management (UVM) LogsZscaler Zero Trust Device Segmentation Logs