- Products
- Learn
- Local User Groups
- Partners
-
More
Celebrate the New Year
With CheckMates!
Value of Security
Vendor Self-Awareness
Join Us for CPX 360
23-24 February 2021
Important certificate update to CloudGuard Controller, CME,
and Azure HA Security Gateways
How to Remediate Endpoint & VPN
Issues (in versions E81.10 or earlier)
Mobile Security
Buyer's Guide Out Now
Important! R80 and R80.10
End Of Support around the corner (May 2021)
Hello,
Looking for some documentation regarding if and how CloudGuard IaaS devices can log to the GCP Stackdriver module in Google Cloud. Is there any related documentation around the topic?
Thanks.
If necessary, you can take the alternative way via syslog-ng premium edition.
Cloud Guard laaS Management LogExporter -----(via syslog)----> syslog-ng Premium Edition --- (via HTTP REST API) ----> Google Stackdriver
The stackdriver destination of syslog-ng PE can send log messages to the Google Stackdriver cloud. Google Stackdriver is a widely used metrics, event, and log aggregator and analyzer system. The stackdriver destination is available in syslog-ng PE version 7.0.14 and later.
The stackdriver destination uses the HTTP REST API to perform OAuth2 authentication to Google Stackdriver and obtains an access token from Stackdriver using the key specified in a JSON file. This access token is required to send logs to Stackdriver using the Stackdriver Logging API.
Regards
Heiko
@PhoneBoy, you are correct LogExporter can be leveraged to send logs via syslog or whichever context Stackdriver looks for, I am not sure.
That being said there are also GCP project native Stackdriver logs which should be available when checking the enable Stackdriver checkbox when provisioning the instance in question.
I have uncovered that the default service account is used to communicate with the GCP APIs, not the gateway. As a result we identified that the default service account was not active for the project.
Thanks.
If necessary, you can take the alternative way via syslog-ng premium edition.
Cloud Guard laaS Management LogExporter -----(via syslog)----> syslog-ng Premium Edition --- (via HTTP REST API) ----> Google Stackdriver
The stackdriver destination of syslog-ng PE can send log messages to the Google Stackdriver cloud. Google Stackdriver is a widely used metrics, event, and log aggregator and analyzer system. The stackdriver destination is available in syslog-ng PE version 7.0.14 and later.
The stackdriver destination uses the HTTP REST API to perform OAuth2 authentication to Google Stackdriver and obtains an access token from Stackdriver using the key specified in a JSON file. This access token is required to send logs to Stackdriver using the Stackdriver Logging API.
Regards
Heiko
This is exactly what we have been doing in our environment. We just do not use a gateway in the cloud. But I think this should also work on a cloud gateway with the log exporter.
About CheckMates
Learn Check Point
Advanced Learning
WELCOME TO THE FUTURE OF CYBER SECURITY