Skip to main content
Skip table of contents

Work with the Google Workspace Beat

Start the Beat

When the beat configuration is saved, the beat is also started. To monitor the beat, run the following command:

./lrctl gsbeat logs

Modify the Google Workspace Beat Configuration File

If you need to change the credentials for the configuration file:

  1. Run the following command:

    ./lrctl gsbeat config edit

  2. Follow all steps in the Authorize the Application section again.

After you've re-added the credentials, restart the Beat with the following command:

./lrctl gsbeat restart

Upgrade the Beat

To upgrade the gsbeat to latest version , run below command.

./lrctl gsbeat restart

This will automatically apply migration to the gsbeat.

Troubleshoot the Beat

  • To help determine what the issue is, export gsbeat logs using following command:

./lrctl gsbeat troubleshoot export --outfile <output file name>

This outputs a .tar.gz file.

  • Token Logs - In gsbeat, if we configure Token application to collect logs from portal then we will get token generation/refresh
    token logs along with activity logs for each api call (Which depends on Period, by default it is set to 10 Sec) from our gsbeat to portal.

Below is the sample log for token generation/refresh token.

{"@timestamp":"2020-05-28T14:39:01.839Z","@metadata":{"beat":"gsbeat","type":"doc","version":"8.0.0"},"response":{"ipAddress":"65.127.112.131","kind":"admin#reports#activity","actor":{"email":"admin@logrhythmbeat.com","profileId":"111125665335280792825"},"etag":""JDMC8884sebSczDxOtZ17CIssbQ/wCX8cKFWIuk9zH9gk95pVKqhluw"","events":[{"parameters":[{"name":"clientid","value":"1092507212899-lg4f1rmdl2jgj6b4ddtkej1glea7s4lj.apps.googleusercontent.com"},{"name":"appname","value":"LogRhythm"},{"name":"clienttype","value":"NATIVEAPPLICATION"},{"name":"scopedata"},{"multiValue":["https://www.googleapis.com/auth/admin.reports.audit.readonly"],"name":"scope"}],"name":"authorize"}],"id":{"applicationName":"token","customerId":"C00hgmtek","time":"2020-05-28T14:38:32.254Z","uniqueQualifier":"2323310303217398317"}},"ecs":{"version":"1.0.0-beta2"},"agent":{"version":"8.0.0","type":"gsbeat","ephemeral_id":"419844bc-76ac-443d-acee-29390cf75628","hostname":"AU-GL-Win10","id":"8fb7163c-7821-4ab7-897e-ce2a4f43ddf9"},"host":{"name":"AU-GL-Win10"}}

If you do not want to listen to these logs in your gsbeat, do not include token in the application list within the .yaml file.


JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close