Help Log Management Log forwarding from Google Cloud Platform

Log forwarding from Google Cloud Platform

Google Cloud Platform (GCP) logs provide a comprehensive view of your cloud environment. Forward logs from GCP to Site24x7 AppLogs to analyze and monitor log data from your GCP resources.

Log forwarding from GCP involves the following steps:

  1. Google Cloud services, such as Google Compute Engine, Google Kubernetes Engine (GKE), Google App Engine, Google Cloud Functions, Google Cloud Pub/Sub, and other services write logs to Google Cloud Logging.
  2. Configuring a log routing sink publishes log entries to a Google Cloud Pub/Sub topic.
  3. Deploying our Dataflow flex template to the Google Cloud Platform creates a dataflow job that will read logs from the topic created and export processed log data to Site24x7.

gcp-diagram

Prerequisites

The logged-in user should have owner-level permissions for the project.

Steps to forward GCP logs

Follow the below steps to forward GCP logs to AppLogs:

  1. Creating resources (a Pub/Sub Topic and a Log Routing Sink)
  2. Running a Dataflow Flex Template in GCP

Creating resources 

Follow the steps below to:

  1. Create a Pub/Sub topic
  2. Create a subscription for it
  3. Create a log routing sink to forward logs
  4. Enable dataflow project

Create a Pub/Sub topic:

Run the below command and replace TOPIC_NAME with the desired name for your Pub/Sub topic.

gcloud pubsub topics create TOPIC_NAME

Create a subscription:

Run the below command and replace SUBSCRIPTION_NAME with the desired name for your subscription and TOPIC_NAME with the name of the topic you created.

gcloud pubsub subscriptions create SUBSCRIPTION_NAME --topic=TOPIC_NAME

Create a log routing Sink:

Run the below command and replace SINK_NAME with the desired name, PROJECT_ID with your Google Cloud project ID, and TOPIC_NAME with the name of the topic you created.

gcloud logging sinks create SINK_NAME pubsub.googleapis.com/projects/PROJECT_ID/topics/TOPIC_NAME
Configure log filters (--log-filter="LOG_FILTER") if you only want to forward specific types of logs, log levels, or logs from specific resources. 
For example, for VPC Flow logs, you can configure log-filter as mentioned below:
gcloud logging sinks create SINK_NAME pubsub.googleapis.com/projects/PROJECT_ID/topics/TOPIC_NAME --log-filter='resource.type="gce_subnetwork"'

Enable dataflow project:

Run the below command and replace PROJECT_ID with the project name.

gcloud services enable dataflow --project PROJECT_ID

Running a Dataflow Flex Template in GCP

Execute the following command to run a dataflow flex template in GCP.

gcloud dataflow flex-template run "TEMPLATE_NAME" --project=PROJECT_ID --template-file-gcs-location=gs://site24x7_applog/dataflow/v1/flex/Cloud_PubSub_to_Site24x7 --region=REGION --parameters "inputSubscription=projects/PROJECT_ID/subscriptions/INPUT_SUBSCRIPTION_NAME,apiKey=API_KEY,site24x7Domain=site24x7.com"
You can get the API_KEY by logging into Site24x7 > Admin > Developer > Device Key

Disable log forwarding

  1. Disable the Log Sink.
  2. Then stop the dataflow job.

Related log types

Was this document helpful?
Thanks for taking the time to share your feedback. We’ll use your feedback to improve our online help resources.

Help Log Management Log forwarding from Google Cloud Platform