如何将 GCS 审计日志发送到 logstash?
How to send GCS audit logs to logstash?
我是 GCS 的新手。请帮助我提取完整的审计日志并将其发送到 logstash,以便我可以解析它并将其发送到 elasticsearch。
查看文档 Cloud Audit Logs section Exporting audit logs:
To export audit log entries outside of Logging, create a logs
sink. Give the sink a query that specifies the audit log types you
want to export; for query examples, go to Security logging
queries.
If you want to export audit log entries for a Google Cloud
organization, folder, or billing account, review Aggregated
sinks.
然后转到 Overview of logs exports 部分:
All logs, including audit logs, platform logs, and user logs, are sent
to the Cloud Logging API where they pass through the Logs Router. The
Logs Router checks each log entry against existing rules to determine
which log entries to ingest (store), which log entries to include in
exports, and which log entries to discard. For more details, see Logs
Router overview.
Exporting involves writing a query that selects the log entries you
want to export, and choosing a destination in Cloud Storage, BigQuery,
or Pub/Sub. The query and destination are held in an object called a
sink. Sinks can be created in Google Cloud projects, organizations,
folders, and billing accounts.
和
Every time a log entry arrives in a project, folder, billing account,
or organization resource, Logging compares the log entry to the sinks
in that resource. Each sink whose query matches the log entry writes a
copy of the log entry to the sink's export destination.
之后,按照 Scenarios for exporting Cloud Logging: Elasticsearch 中的说明进行操作:
This scenario shows how to export selected logs from Logging to an
Elasticsearch cluster.
(Elasticsearch 集群可以从 Marketplace 安装)
作为替代方案,您可以遵循社区教程 Exporting Stackdriver logs to Elastic Cloud:
This tutorial explains how to export Stackdriver logs to the Elastic
Cloud Elasticsearch SaaS platform to perform log analytics. Elastic
Cloud is a SaaS offering, which saves time by not needing to build and
manage the Elasticsearch infrastructure.
我是 GCS 的新手。请帮助我提取完整的审计日志并将其发送到 logstash,以便我可以解析它并将其发送到 elasticsearch。
查看文档 Cloud Audit Logs section Exporting audit logs:
To export audit log entries outside of Logging, create a logs sink. Give the sink a query that specifies the audit log types you want to export; for query examples, go to Security logging queries.
If you want to export audit log entries for a Google Cloud organization, folder, or billing account, review Aggregated sinks.
然后转到 Overview of logs exports 部分:
All logs, including audit logs, platform logs, and user logs, are sent to the Cloud Logging API where they pass through the Logs Router. The Logs Router checks each log entry against existing rules to determine which log entries to ingest (store), which log entries to include in exports, and which log entries to discard. For more details, see Logs Router overview.
Exporting involves writing a query that selects the log entries you want to export, and choosing a destination in Cloud Storage, BigQuery, or Pub/Sub. The query and destination are held in an object called a sink. Sinks can be created in Google Cloud projects, organizations, folders, and billing accounts.
和
Every time a log entry arrives in a project, folder, billing account, or organization resource, Logging compares the log entry to the sinks in that resource. Each sink whose query matches the log entry writes a copy of the log entry to the sink's export destination.
之后,按照 Scenarios for exporting Cloud Logging: Elasticsearch 中的说明进行操作:
This scenario shows how to export selected logs from Logging to an Elasticsearch cluster.
(Elasticsearch 集群可以从 Marketplace 安装)
作为替代方案,您可以遵循社区教程 Exporting Stackdriver logs to Elastic Cloud:
This tutorial explains how to export Stackdriver logs to the Elastic Cloud Elasticsearch SaaS platform to perform log analytics. Elastic Cloud is a SaaS offering, which saves time by not needing to build and manage the Elasticsearch infrastructure.