Configuring Google Cloud Pub/Sub

Google Cloud Pub/Sub is a fully-managed real-time messaging service that allows you to send and receive messages between independent applications.

We use it to get security events from the Google Cloud instances without creating a special logic to avoid reprocessing events.

In this section we will see how to create a topic, a subscription and a sink to fully configure Google Cloud Pub/Sub to work with Wazuh.

Create a topic

Every publishing application sends messages to topics. Wazuh will retrieve the logs from this topic.

Create a subscription

Use the button below the topic details (choose pull delivery). You can create as many subscriptions as you wish.

At this point, the Pub/Sub environment is ready to manage the message flow between the publishing and subscribing applications.

Get your credentials

If you do not have credentials yet, follow the steps in the credentials section.

Export logs via sink

Log activities should appear under the Logs Router section. Cloud Audit logs can be published to a Cloud Pub/Sub topic through the sinks. Create a sink and use the topic as destination.

After you set everything up, you should see activity in the Log Viewer section. Follow the link if you need help to setup Cloud Pub/Sub topic and subscription.