- Getting Started
- Sensors 1 5
- Adapters 1 1
- Adapter Examples
- Adapter Types 1 1
- Google Workspace
- Azure Logs
- 1Password
- Atlassian
- AWS CloudTrail
- AWS GuardDuty
- Azure Event Hub
- Canarytokens
- Cato
- Duo
- File
- Google Cloud Pubsub
- Google Cloud Storage
- HubSpot New
- IIS Logs
- IMAP
- IT Glue
- JSON
- Kubernetes Pods Logs
- Mac Unified Logging
- Microsoft Defender
- Microsoft Entra ID
- Microsoft 365
- Okta
- S3
- Slack Audit Logs
- Sophos
- SQS
- Stdin
- Syslog Updated
- Sublime Security
- Tailscale
- VMWare Carbon Black
- Windows Event Log
- EVTX
- Adapter Deployment
- Adapters as a Service
- Adapter Tutorials
- Adapter Usage
- Template Strings and Transforms
- Artifacts
- Endpoint Agent 4
- Hostname Resolution
- Endpoint Agent Commands
- Endpoint Agent Installation Updated 3
- Endpoint Agent Uninstallation
- Endpoint Agent Versioning and Upgrades
- Payloads
- Sleeper Deployment
- Tutorials
- Installation Keys
- Sensor Tags
- Sensor Connectivity
- Reference
- Adapters 1 1
- Query Console
- Detection and Response Updated
- Events
- Platform Management 1 4
- Outputs
- Add-Ons 3
- FAQ 1
- Release Notes Updated
GCP Logs via Pubsub
GCP Logs via Pubsub
This example receives {{glossary.GCP}} logs from a pubsub subscription. This assumes you've already configured a log Sink in GCP to a Pubsub Topic (see this) and a Service Account with the Pubsub Subcriber permission.
This example assumes that the Adapter is running from a host that has default credentials (via the GOOGLE_APPLICATION_CREDENTIALS
environment variable) setup. If it's not the case you will need to use service_account_creds
to provide the contents of the JSON credentials of the GCP Service Account to use.
./lc_adapter pubsub client_options.identity.installation_key=f5eaaaad-575a-498e-bfc2-5f83e249a646 client_options.identity.oid=8cbe27f4-bfa1-4afb-ba19-138cd51389cd client_options.platform=gcp sub_name=usp project_name=monitored-proj client_options.sensor_seed_key=gcplogs
Here's the breakdown of the above example:
lc_adapter
: simply the CLI Adapter.pubsub
: the method the Adapter should use to collect data locally.client_options.identity.installation_key=....
: the Installation Key value from LimaCharlie.client_options.identity.oid=....
: the Organization ID from LimaCharlie the installation key above belongs to.client_options.platform=gcp
: this indicates that the data read is logs from Google Cloud Platform.client_options.sensor_seed_key=....
: this is the value that identifies this instance of the Adapter. Record it to re-use the Sensor ID generated for this Adapter later if you have to re-install the Adapter.sub_name=usp
: the Subscription name to consume the logs from.project_name=monitored-proj
: the GCP Project name this Subscription belongs to.
A visual guide for onboarding this is also available in the Tutorials.
Similar to agents, Sensors send telemetry to the LimaCharlie platform in the form of EDR telemetry or forwarded logs. Sensors are offered as a scalable, serverless solution for securely connecting endpoints of an organization to the cloud.