Skip to content

GCP Logging Integration

Once configured, all existing and new Valtix Gateways using the defined GCP logging Profile will send Flow and Threat logs to your GCP logging instance, directly from your Valtix GCP Gateway.

Requirements

GCP valtix-firewall service account should be assigned Logs Writer role

Create a GCP logging Profile

  1. Navigate to Manage -> Profiles -> Log Forwarding
  2. Click Create
  3. Profile Name - Enter unique name for the integration. Example valtix-gcp-logging Note: Spaces are not permitted.
  4. Description (optional) - Enter a description for the integration.
  5. SIEM Vendor - Using the pulldown, choose GCP Logging (From Gateway)
  6. Log Name - Enter the GCP log name. Example valtix-gateway-logs
  7. Click Save

When logs are forwarded directly from the Gateway, the Controller is not involved. The Controller introduces mappings of event integer values to strings (friendly names). In lieu of the Controller, mappings will need to be introduced to provide a similar view offered by the Controller.

The fields, sub-fields and their string to integer mappings are shown as follows:

Field String Integer
type WAF 1
DPI 2
HTTP_REQUEST 3
L4_FW 4
FLOW_LOG 5
MALICIOUS_SRC 6
TLS_ERROR 7
TLS_LOG 8
L7DOS 9
SNI 10
APPID 11
URLFILTER 12
SESSION_SUMMARY 13
DLP 14
FQDNFILTER 15
AV 16
Field String Integer
gatewaySecurityType INGRESS_FIREWALL 1
EAST_WEST_AND_EGRESS_FIREWALL 2
Field String Integer
level DEBUG 1
INFO 2
NOTICE 3
WARNING 4
ERROR 5
CRITICAL 6
ALERT 7
EMERGENCY 8
Field String Integer
action ALLOW 1
DENY 2
DROP 3
REDIRECT 4
PROXY 5
LOG 6
OTHER 7
DELAY 8
Field String Integer
statusText SYN_SENT 1
SYN_RECV 2
ESTABLISHED 3
FIN_WAIT 4
CLOSE_WAIT 5
LAST_ACK 6
TIME_WAIT 7
CLOSE 8