# Google SecOps (Chronicle) Forwarder

### Supported Types

| Metrics | Logs | Traces |
| ------- | ---- | ------ |
|         | ✓    |        |

### Prerequisites

Ensure you have a Google SecOps forwarder set up and running. More details on setting this up can be found in the Security Operations documentation [here](https://cloud.google.com/chronicle/docs/install).

### Configuration Fields

<table><thead><tr><th width="197.359375">Field</th><th>Description</th></tr></thead><tbody><tr><td>Export Type</td><td>The method of export to use, either <code>syslog</code> or <code>file</code>.</td></tr><tr><td>Raw Log Field</td><td>The field name containing raw log data.</td></tr><tr><td>Syslog Endpoint</td><td>The SecOps forwarder endpoint for Syslog (if Syslog is chosen as the export type).</td></tr><tr><td>Syslog Transport</td><td>The transport protocol to use (e.g., TCP, UDP) for Syslog.</td></tr><tr><td>Timeout</td><td>The timeout for the Syslog dial connection. Used by collector v1.70.0+</td></tr><tr><td>Enable TLS</td><td>Whether or not to use TLS for secure transmission (relevant for Syslog).</td></tr><tr><td>Skip TLS Verification</td><td>Option to skip TLS certificate verification (if TLS is enabled).</td></tr><tr><td>TLS Certificate File</td><td>Path to the x509 PEM certificate (if TLS is enabled).</td></tr><tr><td>TLS Private Key File</td><td>Path to the x509 PEM private key (if TLS is enabled).</td></tr><tr><td>TLS CA File</td><td>Path to the x509 PEM certificate authority file (if TLS is enabled).</td></tr><tr><td>File Path</td><td>The path to the file for storing logs (if File is chosen as the export type).</td></tr></tbody></table>

### Supported Retry and Queuing Settings

This destination supports the [retry settings](https://docs.bindplane.com/configuration/bindplane-otel-collector/retry-on-failure), the [sending queue settings](https://docs.bindplane.com/configuration/bindplane-otel-collector/sending-queue), and the [persistent queue settings.](https://docs.bindplane.com/configuration/bindplane-otel-collector/persistent-queue)

| Sending Queue | Persistent Queue | Retry on Failure |
| ------------- | ---------------- | ---------------- |
| ✓             | ✓                | ✓                |

### Example Configurations

#### Syslog Configuration

<figure><img src="https://1405008107-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FgmiOMzBfoNFwmKJFHMcJ%2Fuploads%2Fgit-blob-eb8e4ed60fd869e16a7286242826033de05ddf4f%2Fintegrations-destinations-google-secops-chronicle-forwarder-image-1.png?alt=media" alt="Bindplane docs - Google SecOps Chronicle Forwarder - image 1"><figcaption></figcaption></figure>

**Standalone Destination for Syslog Configuration**

```yaml
apiVersion: bindplane.observiq.com/v1
kind: Destination
metadata:
  id: chronicleforwarder
  name: chronicleforwarder
spec:
  type: chronicleforwarder
  parameters:
    - name: export_type
      value: 'syslog'
    - name: raw_log_field
      value: 'attributes["raw"]'
    - name: syslog_endpoint
      value: '127.0.0.1:10514'
    - name: syslog_transport
      value: 'tcp'
    - name: enable_tls
      value: 'false'
```

#### File Configuration

<figure><img src="https://1405008107-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FgmiOMzBfoNFwmKJFHMcJ%2Fuploads%2Fgit-blob-38012ff79b3b3d27d0f9b848a08fb5aab9d5f183%2Fintegrations-destinations-google-secops-chronicle-forwarder-image-2.png?alt=media" alt="Bindplane docs - Google SecOps Chronicle Forwarder - image 2"><figcaption></figcaption></figure>

**Standalone Destination for File Configuration**

```yaml
apiVersion: bindplane.observiq.com/v1
kind: Destination
metadata:
  id: chronicleforwarder
  name: chronicleforwarder
spec:
  type: chronicleforwarder
  parameters:
    - name: export_type
      value: 'file'
    - name: raw_log_field
      value: 'body'
    - name: file_path
      value: '/path/to/logfile'
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.bindplane.com/integrations/destinations/google-secops-chronicle-forwarder.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.