Skip to main content

Hi All,

We're soon to be moving to SecOps and have a significant On-Prem footprint with a number of log sources.

I'm curious to learn what sort of logging infrastructure others in similar situations are using in your environment. I'm investigating options like fluentd, logstash, cribl etc. One of the requirements is that I don't have budget for big expensive solutions.

SecOps includes a couple different log collection options natively, which I'd recommend reviewing before investing/installing any additional tools for log collection/management.



  • Forwarder - The SecOps Forwarder is used to relay syslog-style logs to SecOps. You the docker container on-prem and it opens "listeners" for your log types. So if you have PAN Firewalls, Cisco ASAs, etc that output via syslog, you'll point them to the forwarder(s) and the logs will be ingested to SecOps.

  • Collection Agent - The OTEL-style agent allows for host-based collection. Want to collect Windows Event or Linux AuditD logs? Install the Collection Agent on the host and logs will be shipped to SecOps. There's even an optional management console to manage these at-scale and "construct" logging pipelines. A screenshot of this is below. You can read more details on this capability on this excellent blog post.



-mike

Reply


Terms & ConditionsCookie settings
Privacy Policy Terms of Service Gen AI Policy Community Guidelines Cookie Settings

© 2025 Google. All rights reserved.