Console
    Start free

    Collect Illumio Core logs

    Supported in:

    This document describes how you can collect the Illumio Core logs by using a Google Security Operations forwarder.

    For more information, see Data ingestion to Google SecOps .

    An ingestion label identifies the parser which normalizes raw log data to structured UDM format. The information in this document applies to the parser with the ILLUMIO_CORE ingestion label.

    Create a log group

    1. In the Policy Console Engine (PCE)web console menu, go to Settings > Event settings.
    2. Click Add. The Event settings – add event forwardingwindow appears.
    3. Click Add repository.

    4. In the Add repositorydialog that appears, do the following:

      1. In the Descriptionfield, enter a name for the syslog server.
      2. In the Addressfield, enter the IP address of the syslog server.
      3. In the Protocollist, select UDPor TCPas a protocol.
      4. In the Portfield, enter the port number for the syslog server.
      5. In the TLSlist, select Disabled.
      6. Click Ok

    5. In the Eventsdialog that appears, choose the events you want to send to your syslog server.

    6. Configure the event forwarding repository to specify the required events for forwarding.

    7. Enable all options in Auditable eventsand Traffic events.

    8. Click Save.

    Configure the Google SecOps forwarder to ingest Illumio Core logs

    1. In the Google SecOps menu, select Settings > Forwarders > Add new forwarder.
    2. In the Forwarder namefield, enter a unique name for the forwarder.
    3. Click Submit. The forwarder is added and the Add collector configurationwindow appears.
    4. In the Collector namefield, enter a unique name for the collector.
    5. In the Log typefield, specify Illumio Core .
    6. Select Syslogas the Collector type.
    7. Configure the following input parameters:
      • Protocol: specify the connection protocol that the collector uses to listen to syslog data.
      • Address: specify the target IP address or hostname where the collector resides and listens to syslog data.
      • Port: specify the target port where the collector resides and listens to syslog data.
    8. Click Submit.

    For more information about the Google SecOps forwarders, see Manage forwarder configurations through the Google SecOps UI .

    If you encounter issues when you create forwarders, contact Google SecOps support .
    Design a Mobile Site
    View Site in Mobile | Classic
    Share by: