Initialize the Gmail Message Tracking Beat

Prerequisites

• The Open Collector is installed. If you have not already installed it, follow the instructions in the Open Collector Installation and User Guide, and then return to this topic.

• You have the required keys: GCP Credential file contents, GCP Project ID, and the GCP BigQuery Dataset name.

• The following port is open:

  Direction	Port	Protocol	Source
  Outbound	443	HTTPS	gmtbeat

Initialize the Beat via the Web Console (Recommended)

1. Ensure that the Open Collector Connection to the SIEM (WebUI) setup has been completed.

2. Ensure that the System Monitor Agent to which you intend to send these logs has been Configured for JSON Parsing.

3. Follow the steps outlined in Add a Beat in the Web Console to create the Beat via the Web UI.

Initialize the Beat via Command Line (Legacy)

1. Confirm the Open Collector is running:

   ./lrctl status
   

   You should see the open_collector and metrics versions.

   If the Open Collector is not running correctly, see the

   Troubleshoot the Open Collector

   topic in the Open Collector Installation and User Guide.

2. Start the beat:

   ./lrctl gmtbeat start
   

3. Enter the following details:

   Starting with GMT Beat version 0.1.2, the contents of this user credential file are saved in encrypted format.

   1. GCP credential file contents.

   2. GCP Project ID.

   3. GCP BigQuery Dataset name.

      To change the dataset name in the beat after changing the configuration, use the following to delete the previous position file and re-enable log collection:

      Bash

      rm /var/lib/docker/volumes/gmtbeat_logs/_data/pos.json
      

      
      

   The configuration has been saved and the service has been started successfully.

4. Check the status of the service:

   ./lrctl gmtbeat status
   

Default Config Values for GMTBeat: