Monitoring GKE audit logs
101 views
Skip to first unread message
Juan Ferdinan
Oct 12, 2023, 3:22:50 AM10/12/23
to Wazuh | Mailing List
Hi Everyone,
Currently I have successfully monitored Kubernetes by following the tutorial at this link https://wazuh.com/blog/monitoring-gke-audit-logs/ and adding the following configuration to my wazuh manager
<gcp-pubsub>
<pull_on_start>yes</pull_on_start>
<interval>1m</interval>
<project_id>your_google_cloud_project_id</project_id>
<subscription_name>GKE_subscription</subscription_name>
<max_messages>1000</max_messages>
<credentials_file>path_to_your_credentials.json</credentials_file>
</gcp-pubsub>
and let's say that project A was successfully monitored
What
I want to ask is, how do I do it if I want to carry out monitoring on
project B, do I have to do it the same way as on project A?
Thanks & Regards
Juan
Harshal Paliwal
Oct 12, 2023, 5:39:30 AM10/12/23
to Wazuh | Mailing List
Hi Team,
Thanks for using the Wazuh.First, you need to set up the GCP modules in Wazuh. I suggest taking a look at our documentation.If you are planning on monitoring multiple GCP projects, keep in mind that you will need to the Wazuh GCP configurations on different machines, as Wazuh does not support multiple GCP entries in the same configuration file right now. You can use both managers and agents for this.
The Wazuh module for Google Cloud monitoring can be configured in both the Wazuh manager and agent, depending on where you want to fetch the information from.
It would be as simple as this:Project1 -> wazuh-manager1/Wazuh-agent
Thanks for using the Wazuh.First, you need to set up the GCP modules in Wazuh. I suggest taking a look at our documentation.If you are planning on monitoring multiple GCP projects, keep in mind that you will need to the Wazuh GCP configurations on different machines, as Wazuh does not support multiple GCP entries in the same configuration file right now. You can use both managers and agents for this.
The Wazuh module for Google Cloud monitoring can be configured in both the Wazuh manager and agent, depending on where you want to fetch the information from.
It would be as simple as this:Project1 -> wazuh-manager1/Wazuh-agent
Project2 -> wazuh-manager2/Wazuh-agent
Reference:
https://wazuh.com/blog/monitoring-gke-audit-logs/Hope this information helps you. Please feel free to reach out to us for any information/issues.
Regards,
https://wazuh.com/blog/monitoring-gke-audit-logs/Hope this information helps you. Please feel free to reach out to us for any information/issues.
Regards,
Juan Ferdinan
Oct 17, 2023, 9:59:06 PM10/17/23
to Wazuh | Mailing List
Hi Harshal
From the explanation you gave, does that mean I can't use 1 wazuh manager for 2 different GCP projects?
So the solution is that project 1 is in wazuh manager and project 2 is in wazuh agent, is it like that?
If that's true, will the wazuh agent store logs from the GCP services later and affect its storage capacity?
Thanks & Regards
Juan
Juan Ferdinan
Oct 22, 2023, 9:44:04 PM10/22/23
to Wazuh | Mailing List
Hi Harshal
Any update?
Reply all
Reply to author
Forward
0 new messages