Log Streaming to Google Cloud Storage
The Log Streaming service allows enriched logs from the USS platform to be streamed to external services such as SIEM solutions, analytics platforms and SoC services. To request access to the Log Streaming service, please contact your service provider.
- Log in to Google Cloud Platform and navigate to Cloud Storage
- Navigate to Cloud Storage and then click Create
- Enter a name for your bucket, e.g. clouduss-web-logs and make a note of this, then press Continue
- Select a region appropriate for your requirements and click Continue
- Select a storage class appropriate for your requirements and click Continue
- Ensure that Prevent Public Access is ticked and select an Access Control method appropriate for your requirements and then click Continue
- Select a data protection policy appropriate for your requirements and then click Create
- Navigate to IAM & Admin section and then click Service Accounts
- Click Create Service Account
- Enter a Service Account name and click Done
- Click the copy icon next to the newly created Service Account email and keep it somewhere safe for Step 16 below. It will be in the format
<service key name>@<project ID>.iam.gserviceaccount.com
- Select the newly created Service Account and then the Keys tab
- Click Add Key and then Create New Key
- Select JSON and then click Create. A JSON file will be downloaded by the browser
- Important: send the JSON file and the bucket name from Step 3 to your Service Provider
- Navigate back to Cloud Storage and select your bucket and then click Permissions and then Grant Access
- Enter the email address copied from Step 11 above into the New Principal field
- Assign the role Storage Object Creator to the principal and click Save. The principal requires the ability to create objects in the bucket
- Wait for confirmation from your service provider that the log stream has been configured
- View the contents of your bucket and you should see objects being created by the Log Streaming service
- The log stream is now set up and you can consume the data in any service that supports Google Cloud Storage integration, such as Google Chronicle, Google BigQuery or any other third party application.