Skip to main content

On_Prem Log Collection and Shipping to SecOps

  • February 15, 2025
  • 1 reply
  • 152 views
Jez_K
Forum|alt.badge.img+2

Hi All,

We're soon to be moving to SecOps and have a significant On-Prem footprint with a number of log sources.

I'm curious to learn what sort of logging infrastructure others in similar situations are using in your environment. I'm investigating options like fluentd, logstash, cribl etc. One of the requirements is that I don't have budget for big expensive solutions.

1 reply

mikewilusz
Staff
Forum|alt.badge.img+10
  • mikewilusz
  • Staff
  • February 15, 2025

SecOps includes a couple different log collection options natively, which I'd recommend reviewing before investing/installing any additional tools for log collection/management.

  • Forwarder - The SecOps Forwarder is used to relay syslog-style logs to SecOps. You the docker container on-prem and it opens "listeners" for your log types. So if you have PAN Firewalls, Cisco ASAs, etc that output via syslog, you'll point them to the forwarder(s) and the logs will be ingested to SecOps.
  • Collection Agent - The OTEL-style agent allows for host-based collection. Want to collect Windows Event or Linux AuditD logs? Install the Collection Agent on the host and logs will be shipped to SecOps. There's even an optional management console to manage these at-scale and "construct" logging pipelines. A screenshot of this is below. You can read more details on this capability on this excellent blog post.

-mike

Terms & ConditionsCookie settingsAccessibility statement
Privacy Policy Terms of Service Gen AI Policy Community Guidelines Cookie Settings

© 2025 Google. All rights reserved.