All Apps and Add-ons

Google G Suite Audit logs collection

ali_alnajjar_ve
Explorer

Hello Splunkers,

We're going to collect Google G Suite Audit logs into our on-primes Splunk deployment.

I can see in the Splunk Add-on for Google Cloud Platform documentation (https://docs.splunk.com/Documentation/AddOns/released/GoogleCloud/Configureinputsv6topics) that it's doable through Splunk HEC, and in this case it requires a Splunk instance that faces the Internet with static public IP Address. but we don't recommend this approach because its complexity.

My question is, can we pull the G Suite Audit logs by other means, I mean can the Audit logs be forwarded to Google Pub/Sub subscription and we pull them from the TA input Cloud Pub/Sub 

Regards,

Labels (1)
Tags (2)
0 Karma