GCP Logs Collection using Pub/Sub

Kloudfuse integrates with the GCP cloud service to collect logs through the Pub/Sub console.

Complete these tasks to successfully collect logs:

Create a GCP Subscription

  1. Use an existing project, or create a new project in Cloud Pub-Sub console

    Create new project
    Create New Project

  2. In the Cloud Pub-Sub console, create a new topic.

    Create new topic
    Create Topic
    Name topic and click Create
    Specify Topic

  3. In the Pub/Sub Topics overview page, select Subscriptions in the left-hand navigation.

  4. Click Create Subscription.

    Create new subscription
    Create Subscription

  5. Create a subscription with ID kloudfuse-gcp-subscription and select the topic you previously created, MyLogsCollector.

    Click Create.

    Name subscription and click Create
    Specify Subscription

  6. Confirm that the new subscription exists.

    Confirm subscription
    New Subscription created successfully

  7. In the Logs Explorer page of the console, under More actions, choose Create sink from the drop-down.

    Create sink
    Create Sink

  8. In Sink details, specify the Name and optional Description of the sink.

    Click Next.

    Sink details
    Sink details

  9. In Sink destination, in Select sink service, choose Cloud Pub/Sub. In Select a Cloud Pub/Sub Topic, select the topic that you created in a previous step.

    Click Next.

    Sync destination
    Sink destination

  10. In the Choose logs to include in sink, create optional inclusion filters for the logs.

    Click Preview logs to see the available logs.

    Click Next.

    Preview logs
    Preview Logs

  11. In the Choose logs to filter out of sink, create optional exclusion filters for the logs.

    Click Next.

  12. Click Create sink.

    Create sink
    Create sink

  13. The confirmation message appears.

    Confirmation
    Confirmation

Configure Service Account for Pub/Sub Access

To allow Kloudfuse to consume logs from the GCP Pub/Sub subscription, you must configure a service account with the appropriate permissions and generate credentials.

Assign Pub/Sub Subscriber Role

  1. In the Google Cloud console, navigate to Menu > IAM & Admin > Service Accounts.

  2. Select your service account, or create a new one.

  3. Navigate to Menu > IAM & Admin > IAM.

  4. Click Grant Access to add a new principal, or edit an existing principal.

  5. In the New principals field, enter the service account email.

  6. In the Assign roles section, select Pub/Sub Subscriber (roles/pubsub.subscriber).

    This role allows the service account to consume messages from the Pub/Sub subscription.

  7. Click Save.

Create and Encode the Service Account Key

  1. In the Google Cloud console, navigate to Menu > IAM & Admin > Service Accounts.

  2. Select the service account you configured with the Pub/Sub Subscriber role.

  3. Select Keys > Add key > Create new key.

  4. Select JSON, then click Create.

    The JSON key file downloads to your local machine.

  5. Click Close.

  6. Base64-encode the JSON key file:

    cat <your-service-account-key>.json | base64

  7. Copy the base64-encoded output. You will use this value for the pubsubKey field in the Kloudfuse configuration.

Configure Kloudfuse to Consume Logs from the GCP Subscription

Add the following configuration to the custom-values.yaml file when installing Kloudfuse using Helm, and add the GCP pub/sub access key in the pubsubKey field.

global:
  ...
  enrichmentEnabled:
    - gcp
  gcpConfig:
    enabled: true
    subscriptionId: "kloudfuse-gcp-subscription" (1)
    pubsubKey: "<BASE64_ENCODED_SERVICE_ACCOUNT_KEY>" (2)
  ...
yaml
1 Add the subscription information.
2 Paste the base64-encoded service account JSON key from the previous section.