-
Notifications
You must be signed in to change notification settings - Fork 4.9k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add module for GCP VPC flow logs (#12747)
This module ingests Google Cloud VPC flow logs that have been exported by Stackdriver to a Google Cloud Pub/Sub topic sink. The published LogEntry objects have this format: https://cloud.google.com/logging/docs/reference/v2/rest/v2/LogEntry The structured data in the flow logs have this format: https://cloud.google.com/vpc/docs/using-flow-logs#record_format
- Loading branch information
1 parent
b07b331
commit 983564f
Showing
21 changed files
with
6,366 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -150,4 +150,3 @@ | |
type: keyword | ||
description: > | ||
Name of organization associated with the autonomous system. | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,75 @@ | ||
//// | ||
This file is generated! See scripts/docs_collector.py | ||
//// | ||
|
||
[[filebeat-module-googlecloud]] | ||
[role="xpack"] | ||
|
||
:modulename: googlecloud | ||
:has-dashboards: false | ||
|
||
== Google Cloud module | ||
|
||
beta[] | ||
|
||
This is a module for Google Cloud logs. It supports reading VPC flow logs that | ||
have been exported from Stackdriver to a Google Pub/Sub topic sink. | ||
|
||
include::../include/what-happens.asciidoc[] | ||
|
||
include::../include/running-modules.asciidoc[] | ||
|
||
include::../include/configuring-intro.asciidoc[] | ||
|
||
:fileset_ex: vpcflow | ||
|
||
include::../include/config-option-intro.asciidoc[] | ||
|
||
[float] | ||
==== `vpcflow` fileset settings | ||
|
||
Example config: | ||
|
||
[source,yaml] | ||
---- | ||
- module: googleclcoud | ||
vpcflow: | ||
enabled: true | ||
var.project_id: my-gcp-project-id | ||
var.topic: googlecloud-vpc-flowlogs | ||
var.subscription_name: filebeat-googlecloud-vpc-flowlogs-sub | ||
var.credentials_file: ${path.config}/gcp-service-account-xyz.json | ||
---- | ||
|
||
include::../include/var-paths.asciidoc[] | ||
|
||
*`var.project_id`*:: | ||
|
||
Google Cloud project ID. | ||
|
||
*`var.topic`*:: | ||
|
||
Google Cloud Pub/Sub topic name. | ||
|
||
*`var.subscription_name`*:: | ||
|
||
Google Cloud Pub/Sub topic subscription name. If the subscription does not | ||
exist it will be created. | ||
|
||
*`var.credentials_file`*:: | ||
|
||
Path to a JSON file containing the credentials and key used to subscribe. | ||
|
||
:has-dashboards!: | ||
|
||
:fileset_ex!: | ||
|
||
:modulename!: | ||
|
||
|
||
[float] | ||
=== Fields | ||
|
||
For a description of each field in the module, see the | ||
<<exported-fields-googlecloud,exported fields>> section. | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Large diffs are not rendered by default.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
- module: googlecloud | ||
vpcflow: | ||
enabled: true | ||
|
||
# Google Cloud project ID. | ||
var.project_id: my-gcp-project-id | ||
|
||
# Google Pub/Sub topic containing VPC flow logs. Stackdriver must be | ||
# configured to use this topic as a sink for VPC flow logs. | ||
var.topic: googlecloud-vpc-flowlogs | ||
|
||
# Google Pub/Sub subscription for the topic. Filebeat will create this | ||
# subscription if it does not exist. | ||
var.subscription_name: filebeat-googlecloud-vpc-flowlogs-sub | ||
|
||
# Credentials file for the service account with authorization to read from | ||
# the subscription. | ||
var.credentials_file: ${path.config}/gcp-service-account-xyz.json |
Oops, something went wrong.