Skip to main content
Skip table of contents

Initialize the GSuite Beat


Before you initialize the Beat, you must have the Open Collector installed. If you do not already have it installed, follow the instructions in the Open Collector Installation and User Guide, and then return to this topic.

The auth code generated in step 8 of this procedure has a lifetime of approximately 5 minutes. You should complete this step after you have configured everything in G Suite and confirmed that the Open Collector is running.

  1. Confirm the Open Collector is running:

    CODE 
    ./lrctl status

    You should see the open_collector and metrics as shown in the following graphic:

    If the Open Collector is not running correctly, see the Troubleshoot the Open Collector topic in the Open Collector Installation and User Guide.

  2. Start the beat:

    CODE 
    ./lrctl gsbeat start


    A prompt opens to input the contents of the .JSON credentials file you downloaded from the project. 
    The .JSON file will look similar to the following:                                                                                                                                                                                                                                                                                                                                                          

  3. Copy and paste the contents of the .JSON credentials into your terminal. This is stored in encrypted format in configuration file.                                                                                                                    
  4. Press Enter twice to generates a URL, highlighted in red below.
  5. Copy and paste the URL into your browser, and then press Enter.
  6. Sign in to the same account you used to configure G Suite.

  7. To allow the application to view audit reports, click Allow.

  8. Copy the auth code from the URL of the page that may fail to load.
    The auth code is the string of text that appears after "token&code=" but before "&scope".

    For example, in the sample URL below, the Auth Code is abc123xyz345qrstuv989.

    localhost/?state=state-token&code=abc123xyz345qrstuv989&scope=https://www.googleapis.com/auth

  9. Paste the auth code into the Open Collector, and then press Enter. The auth code is stored in encrypted format in the configuration file.

    The default applications that the Open Collector will collect logs for are visible beside the red arrow below:
                                                                                                                                                                                                                                                                                                                                                                                                                                                   
  10. Press Enter.
    The GSuite Beat config file has been successfully created.

Default Config Values for GSBeat:

S. No.

Field Name

Default Value

1.projectUser Provided
2.HeartbeatInterval1m0s 
3.HeartbeatDisabledfalse
4.ClientSecretPath/beats/gsbeat/config/client_secret.json 

5.

Splitogsitems
6.AuthCodeUser Generated
7.ApplicationNameadmin,calendar,drive,groups,gplus,login,mobile,rules,token,user_accounts 
8.MaxResults1000
9.NumofBackDays0
10.UserKeyall


JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close