Breadcrumbs

Initialize the PubSub Beat

Prerequisites

  • The Open Collector is installed. If you have not already installed it, follow the instructions in the Open Collector Installation and User Guide, and then return to this topic.

  • To collect log from any GCP service, the services must be enabled on the GCP portal, and you should have one topic and subscription.

  • The following port is open:

    Direction

    Port

    Protocol

    Source

    Outbound

    443

    HTTPS

    pubsubbeat

Initialize the Beat via the Web Console (Recommended)

  1. Ensure that the Open Collector Connection to the SIEM (WebUI) setup has been completed.

  2. Ensure that the System Monitor Agent to which you intend to send these logs has been Configured for JSON Parsing.

Use either the Enable JSON Parsing on System Monitor Agents or the Enable JSON Parsing for an Existing System Monitor Agent sections at the above link to configure the System Monitor Agent for JSON Parsing.

  1. Follow the steps outlined in Add a Beat in the Web Console to create the Beat via the Web UI.

Initialize the Beat via Command Line (Legacy)

  1. To confirm the Open Collector is running, run the following command:

    ./lrctl status

    You should see the open_collector and metrics versions.

    If the Open Collector is not running correctly, see

    Troubleshoot the Open Collector

    in the Open Collector Installation and User Guide.

  2.  In the Open Collector, run the following command:

    ./lrctl pubsubbeat start

  3. Enter the following details:

    The contents of this user credential file are saved in encrypted format.

    1. The Project ID of your project from GCP.

    2. The Topic name from GCP. Enter only the portion that appears after topics\.
      For example, if your GCP console listed the Topic name as projects/datacollector-0000/topics/sample-topic, you would enter sample-topic.

    3. The Subscription name from GCP. Enter only the portion that appears after subscriptions\.
      For example, if your GCP console listed the Subscription name as projects/datacollector-0000/topics/sample-subscription, you would enter sample-subscription.

  4. The configuration saves and the service starts successfully.

  5. To check the status of the service, run the following command:

    ./lrctl pubsubbeat status

Default Config Values for Pub Sub Beat:

S. No.

Field Name

Default Value

1.

project

User Provided

2.

HeartbeatInterval

5m0s 

3.

HeartbeatDisabled

false

4.

CredentialsFile

User Provided

5.

Topic

User Provided

6.

Subscription.name

User Provided

7.

json.enabled

true

8.

json.add_error_key

true

9.

subscription.Create

true