Google SecOps (Chronicle) Forwarder
Supported Types
✓
Prerequisites
Ensure you have a Google SecOps forwarder set up and running. More details on setting this up can be found in the Security Operations documentation here.
Configuration Fields
Export Type
The method of export to use, either syslog or file.
Raw Log Field
The field name containing raw log data.
Syslog Endpoint
The SecOps forwarder endpoint for Syslog (if Syslog is chosen as the export type).
Syslog Transport
The transport protocol to use (e.g., TCP, UDP) for Syslog.
Timeout
The timeout for the Syslog dial connection. Used by collector v1.70.0+
Enable TLS
Whether or not to use TLS for secure transmission (relevant for Syslog).
Skip TLS Verification
Option to skip TLS certificate verification (if TLS is enabled).
TLS Certificate File
Path to the x509 PEM certificate (if TLS is enabled).
TLS Private Key File
Path to the x509 PEM private key (if TLS is enabled).
TLS CA File
Path to the x509 PEM certificate authority file (if TLS is enabled).
File Path
The path to the file for storing logs (if File is chosen as the export type).
Example Configurations
Syslog Configuration
Standalone Destination for Syslog Configuration
apiVersion: bindplane.observiq.com/v1
kind: Destination
metadata:
id: chronicleforwarder
name: chronicleforwarder
spec:
type: chronicleforwarder
parameters:
- name: export_type
value: 'syslog'
- name: raw_log_field
value: 'attributes["raw"]'
- name: syslog_endpoint
value: '127.0.0.1:10514'
- name: syslog_transport
value: 'tcp'
- name: enable_tls
value: 'false'File Configuration
Standalone Destination for File Configuration
apiVersion: bindplane.observiq.com/v1
kind: Destination
metadata:
id: chronicleforwarder
name: chronicleforwarder
spec:
type: chronicleforwarder
parameters:
- name: export_type
value: 'file'
- name: raw_log_field
value: 'body'
- name: file_path
value: '/path/to/logfile'Last updated
Was this helpful?