堆栈内存溢出
  简体   繁体   English

GCP 日志路由器接收器未将日志路由到主题?

[英]GCP Log Router Sink Not Routing Logs to Topic?

 原文  2021-08-13 21:01:07       logging/ google-cloud-platform/ google-cloud-pubsub/ producer-consumer/ audit-logging

问题描述

Context: I am trying to store GCP Audit logs in a Pub/Sub topic via a Log Sink so I can pull those messages in a subscription (and have a 3rd party subscribe to that subscription).上下文:我正在尝试通过日志接收器将 GCP 审核日志存储在 Pub/Sub 主题中,以便我可以将这些消息提取到订阅中(并让第 3 方订阅该订阅)。

Attempted solution :尝试的解决方案:
Log Sink with inclusion filter of: logName:"cloudaudit.googleapis.com" to route logs to -> Pub/Sub Topic to store those messages -> Subscription (Pull Based) to view those messages.包含过滤器的日志接收器: logName:"cloudaudit.googleapis.com"将日志路由到-> Pub/Sub 主题以存储这些消息->订阅(基于拉取)以查看这些消息。

Problem: Logs from the sink do not seem to be ending up in the topic.问题:接收器中的日志似乎没有出现在主题中。 When I try to view the messages in the topic (by clicking pull in the GCP GUI), I get back no messages, even though I know for sure that audit logs exist (I ran a query against the inclusion filter above) and continue to be generated pretty frequently.当我尝试查看主题中的消息时(通过单击 GCP GUI 中的 pull),我没有收到任何消息,即使我确定存在审核日志(我对上面的包含过滤器运行了查询)并继续非常频繁地生成。

Question: Why aren't the logs being routed to the topic OR why isn't the topic showing the logs when I pull from the topic?问题:为什么日志没有被路由到主题,或者当我从主题中拉取时,为什么主题不显示日志?

1 个解决方案

解决方案1
 6 已采纳  2021-08-14 12:05:03

It's a permission issue.这是一个权限问题。 When you create a sink, this sink as an identity, you can get it like that当你创建一个 sink 时,这个 sink 作为一个身份,你可以这样获取

gcloud logging sinks describe \
 --format='value(writerIdentity)' <SINK_NAME>

Then, grant this identity the permission to publish to pubsub, for example然后,授予此身份发布到 pubsub 的权限,例如

gcloud pubsub topics add-iam-policy-binding <TOPIC_ID> \
  --member=<WRITER_IDENTITY> --role=roles/pubsub.publisher

EDIT 1编辑 1

Though the console虽然控制台

  • Go to the log router section, click on the 3 dot at the end of the line and view sink detail转到日志路由器部分,单击行尾的 3 个点并查看接收器详细信息在此处输入图像描述

  • From there a new windows display the writer identity, copy it从那里一个新的窗口显示作者身份,复制它在此处输入图像描述

  • Eventually, go to PubSub topic, select the checkbox in front of your topic.最后,转到 PubSub 主题,选中主题前面的复选框。 Go to the right hand side panel, on permission, click on add member.转到右侧面板,获得许可,单击添加成员。 here add your writer identity and select the corresponding role这里添加你的作家身份并选择相应的角色在此处输入图像描述

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 GCP 日志记录路由器接收器更新的权限错误 - permission error for GCP logging router sink update 将日志作为 MQTT 主题发送 - Sending logs as MQTT topic 将控制台日志保存到 GCP - Saving console logs to GCP 身份验证日志监控 GCP - Authentication logs monitoring GCP Serilog 映射接收器日志文本 - Serilog Map sink log text 将日志从GCP导出到Splunk - Exporting logs from GCP to Splunk 在 GCP 中的 Kubernetes 中收集日志的选项 - Option for collecting logs in Kubernetes in GCP 在GCP日志记录中看不到日志? - Not able to see logs in GCP logging? aiohttp路由器-不写入日志 - aiohttp router - not writing to logs 用于 GCP 日志搜索的正则表达式“不在” - Regex for GCP log search “not in”
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM