Google Cloud Pub/Sub is a fully-managed real-time messaging service that allows you to send and receive messages between independent applications.
We use it to get security events from the Google Cloud instances without creating a special logic to avoid reprocessing events.
In this section we will see how to create a topic, a subscription and a sink to fully configure Google Cloud Pub/Sub to work with Wazuh.
Every publishing application sends messages to topics. Wazuh will retrieve the logs from this topic.
Use the button below the topic details (choose pull delivery). You can create as many subscriptions as you wish.
At this point, the Pub/Sub environment is ready to manage the message flow between the publishing and subscribing applications.
If you do not have credentials yet, follow the steps in the credentials section.
Log activities should appear under the Logs Router section. Cloud Audit logs can be published to a Cloud Pub/Sub topic through the sinks. Create a sink and use the topic as destination.
After you set everything up, you should see activity in the
Log Viewer section. Follow the link if you need help to setup Cloud Pub/Sub topic and subscription.