Overview of Google Security Operations SIEM forwarders
Google Security Operations SIEM forwarder is a software component that runs on a machine or device on your network, such as a server. Google Security Operations SIEM forwarder can collect log data and network interface packets and forward that data to your Google Security Operations SIEM instance.
Each deployed Google Security Operations SIEM forwarder requires a forwarder configuration file. A forwarder configuration file specifies various settings that define how to transfer data to your Google Security Operations SIEM instance, such as data compression. A forwarder configuration file also specifies one or more collector configurations. Each collector configuration specifies the collector's ingestion mechanism (for example, File, Kafka, PCAP, Splunk, Syslog, or WebProxy), log type, and other settings.
You can use many collectors on the same forwarder to ingest data from a variety
of mechanisms and log types. For example, you can configure a forwarder with two
syslog collectors listening for PAN_FIREWALL
and CISCO_ASA_FIREWALL
data on
separate ports, respectively.
To create, manage, and download forwarder configuration using the Google Security Operations user interface, see Manage forwarder configurations through the Google Security Operations UI.
To create, manage, and download forwarder configuration programmatically, see Forwarder Management API.
To install and configure a forwarder on each platform, see:
Google Security Operations SIEM forwarder for Windows on Docker
Google Security Operations SIEM forwarder executable for Windows
To learn how a particular dataset is ingested using forwarders, see the following:
- Install Carbon Black Event Forwarder
- Collect Cisco ASA firewall logs
- Collect Corelight Sensor logs
- Collect Fluentd logs
- Collect Linux auditd and Unix system logs
- Collect Microsoft Windows AD data
- Collect Microsoft Windows DHCP data
- Collect Microsoft Windows DNS data
- Collect Microsoft Windows Event data
- Collect Microsoft Windows Sysmon data
- Collect osquery logs
- Collect OSSEC logs
- Collect Palo Alto Networks firewall logs
- Collect Splunk CIM logs
- Collect Zeek logs