Skip to content

Set Up Peakhour Log Streaming with Google Cloud Observability#

This guide explains how to set up log streaming from Peakhour to Google Cloud Observability. By following these steps, you'll enable real-time security event monitoring and analysis in your Google Cloud environment.

Prerequisites#

Before you begin, ensure you have:

  1. A Peakhour account with administrator access
  2. A Google Cloud project with billing enabled
  3. Permissions to create service accounts, manage IAM roles, and configure logging in your Google Cloud project

Set Up Google Cloud#

Create a Log Storage Bucket#

  1. Go to the Google Cloud Console
  2. Navigate to "Logging" > "Logs Storage"
  3. Click "Create Log Bucket"
  4. Enter a name for your bucket (e.g., "peakhour-logs")
  5. Choose a location for your bucket
  6. Set the retention period as needed
  7. Click "Create Bucket"

Configure the Log Router#

  1. In the Google Cloud Console, go to "Logging" > "Log Router"
  2. Click "Create Sink"
  3. Name your sink (e.g., "peakhour-sink")
  4. For the sink destination, choose "Cloud Logging Bucket"
  5. Select the log bucket you created earlier
  6. In the "Build inclusion filter" section, enter a filter to capture Peakhour logs (e.g., logName="projects/[PROJECT_ID]/logs/peakhour-logs")
  7. Click "Create Sink"

Create a Service Account#

  1. Navigate to "IAM & Admin" > "Service Accounts"
  2. Click "Create Service Account"
  3. Name the account "peakhour-log-writer"
  4. Grant it the "Logs Writer" role
  5. Click "Done"

Secure the Service Account#

  1. Go to "IAM & Admin" > "IAM"
  2. Find the "peakhour-log-writer" service account
  3. Click the pencil icon to edit its permissions
  4. Ensure it only has the "Logs Writer" role
  5. Remove any other roles or permissions
  6. Set conditions to restrict the service account:
  7. Click "Add Condition"
  8. Set a condition to limit access to specific IP ranges (e.g., Peakhour's IP addresses)
  9. Set a time-based condition to limit the validity period of the credentials
  10. Click "Save"

Generate a Key for the Service Account#

  1. Select the "peakhour-log-writer" service account
  2. Go to the "Keys" tab
  3. Click "Add Key" > "Create new key"
  4. Choose JSON format
  5. Download the key file

Note Your Google Cloud Project Details#

  • Project ID
  • Log ID (this will be the name of the log you specified in the log router sink)
  • Organisation ID (if applicable)

Configure Peakhour#

  1. Log in to your Peakhour dashboard
  2. Navigate to "Log Forwarding" > "Google Cloud Observability"
  3. Enter the following information:
  4. API Key: Upload the service account key file
  5. Project ID: Your Google Cloud project ID
  6. Log ID: The ID of the log you specified in the log router sink

  7. Organisation ID or Project ID: Enter your organisation ID if applicable, otherwise use your project ID

  8. Click "Save Configuration"

Verify the Setup#

  1. Generate some test events in Peakhour
  2. Go to the Google Cloud Console
  3. Navigate to "Logging" > "Logs Explorer"
  4. Select your project and the log bucket you created
  5. You should see Peakhour events appearing in the log

Troubleshooting#

If you don't see logs: - Check the Peakhour configuration for typos - Ensure the service account has the correct permissions - Verify the log ID matches the one specified in your log router sink - Check the log router sink configuration for correct filters - Verify the service account conditions aren't blocking legitimate access

Next Steps#

Now that you've set up log streaming, you can: - Create custom queries in the Logs Explorer - Set up alerts for specific security events - Use Log Analytics to gain insights from your Peakhour data

For more information on working with logs in Google Cloud, refer to the official Google Cloud documentation.