Complimentary Gartner® Report! 'A CTO's Guide to Open-Source Software: Answering the Top 10 FAQs.'Read more

Google SecOps (Chronicle) Forwarder

Supported Types

MetricsLogsTraces

Prerequisites

Ensure you have a Google SecOps forwarder set up and running. More details on setting this up can be found in the Security Operations documentation here.

Configuration Fields

FieldDescription
Export TypeThe method of export to use, either syslog or file.
Raw Log FieldThe field name containing raw log data.
Syslog EndpointThe SecOps forwarder endpoint for Syslog (if Syslog is chosen as the export type).
Syslog TransportThe transport protocol to use (e.g., TCP, UDP) for Syslog.
Enable TLSWhether or not to use TLS for secure transmission (relevant for Syslog).
Skip TLS VerificationOption to skip TLS certificate verification (if TLS is enabled).
TLS Certificate FilePath to the x509 PEM certificate (if TLS is enabled).
TLS Private Key FilePath to the x509 PEM private key (if TLS is enabled).
TLS CA FilePath to the x509 PEM certificate authority file (if TLS is enabled).
File PathThe path to the file for storing logs (if File is chosen as the export type).

Example Configurations

Syslog Configuration

observIQ docs - Chronicle Forwarder Destination - image 1

Standalone Destination for Syslog Configuration

yaml
1apiVersion: bindplane.observiq.com/v1
2kind: Destination
3metadata:
4  id: chronicleforwarder
5  name: chronicleforwarder
6spec:
7  type: chronicleforwarder
8  parameters:
9    - name: export_type
10      value: 'syslog'
11    - name: raw_log_field
12      value: 'attributes["raw"]'
13    - name: syslog_endpoint
14      value: '127.0.0.1:10514'
15    - name: syslog_transport
16      value: 'tcp'
17    - name: enable_tls
18      value: 'false'

File Configuration

observIQ docs - Chronicle Forwarder Destination - image 2

Standalone Destination for File Configuration

yaml
1apiVersion: bindplane.observiq.com/v1
2kind: Destination
3metadata:
4  id: chronicleforwarder
5  name: chronicleforwarder
6spec:
7  type: chronicleforwarder
8  parameters:
9    - name: export_type
10      value: 'file'
11    - name: raw_log_field
12      value: 'body'
13    - name: file_path
14      value: '/path/to/logfile'