Setting up GCP Logs Ingestion

The following describes how to send logs from Google Cloud Platform (GCP) to LM Logs for analysis.

Prerequisites

LogicMonitor API tokens to authenticate all requests to the log ingestion API.

Supported GCP Logs and Resources

LM Logs supports the following resources and log types:

GCP audit logs
GCP Cloud Composer logs
GCP Cloud Function logs
GCP Cloud Run logs
GCP CloudSQL logs
Virtual Machine (VM) instance logs

Installation Instructions

1. At the top right of your Google Cloud account, click Activate Cloud Shell.

This opens the Cloud Shell Terminal below the workspace.

2. In the Terminal, run the following commands to select the project.

gcloud config set project [PROJECT_ID]

3. Run the following command to install the integration:

source <(curl -s https://raw.githubusercontent.com/logicmonitor/lm-logs-gcp/master/script/gcp.sh) && deploy_lm-logs

Installing the integration creates these resources:

A PubSub topic named export-logs-to-lm and a pull subscription.
A Virtual Machine (VM) named lm-logs-forwarder.

Note: You will be prompted to confirm the region where the VM is deployed. This should already be configured within your project.

Configuring the Log Forwarder

1. After the installation script completes, go the Compute Engine > VM Instances and select lm-logs-forwarder.

2. Under Remote access, select SSH.

3. SSH into the VM (lm-logs-forwarder) and run the following command, filling in the values:

export GCP_PROJECT_ID="${GCP_PROJECT_ID}"
export LM_COMPANY_NAME="${LM_COMPANY_NAME}"
export LM_ACCESS_ID="${LM_ACCESS_ID}"
export LM_ACCESS_KEY="${LM_ACCESS_KEY}"

source <(curl -s https://raw.githubusercontent.com/logicmonitor/lm-logs-gcp/master/script/vm.sh)

Exporting Logs from Logging to PubSub

You need to create a sink from Logging to the PubSub topic export-logs-to-lm (this was created at installation).

1. In the Logging page, filter the logs that you want to export.

Note: We recommend that you also use the filters to remove logs that contain sensitive information so that they are not sent to LogicMonitor

2. Click Actions > Create sink and under Sink details, provide a name.

3. Under Sink destination, choose Cloud Pub/Sub as the destination and select export-logs-to-lm.

Note: the pub/sub can be located in a different project.

4. Click Create sink.

If there are no issue, you should see the logs stream into the Logs page in LogicMonitor.

Removing the Integration

Run the following command to delete the integration and all its resources:

source <(curl -s https://raw.githubusercontent.com/logicmonitor/lm-logs-gcp/master/script/gcp.sh) && delete_lm-logs

Product Documentation