Hi All,
I'm currently in the process of integrating the forwarder with the SIEM system.
I've successfully installed the forwarder on my Ubuntu machine, and I also have administrative access to the SIEM platform. Could someone please provide guidance on how to forward logs from the source to the forwarder and then from the forwarder to the SIEM? If there's any documentation or a guide available, I would greatly appreciate it. Thank you in advance.
View files in slack
Page 1 / 1
You will need to use the Chronicle CLI to create a forwarder configuration.
https://cloud.google.com/chronicle/docs/administration/cli-user-guide
@Daniel_Love thank you for sharing the doc. Is there any doc we can refer for doing this is GUI?
Thank you. Yeah I found this and used to integrate few logs via Syslog.
Trying to do more like a "log file"
I havent used the forwarder file setting for log ingestion yet. We use NXlog to monitor log files and have it send the logs to the Chronicle forwarder.
Their documentation explains how to use NXlog.
https://cloud.google.com/chronicle/docs/ingestion/default-parsers/collect-windows-ad
Thank you @Daniel_Love for the update
It looks like you are trying to pull in Windows logs based on your screenshots, I would review the docs
https://cloud.google.com/chronicle/docs/ingestion/default-parsers/collect-windows-events
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.