You need to export Google Cloud logs to an on-premises SIEM in near real-time using a push-based method. The solution must be fault-tolerant, secure, and auto-scaling, guaranteeing that failed log deliveries are retried. What is the recommended approach?

Exam-Like

Create a Pub/Sub topic for log aggregation. Write a custom Python script on a Cloud Function Leverage the Cloud Logging API to periodically pull logs from Google Cloud and forward the logs to the SIEM. Schedule the Cloud Function to run twice per day.

Collect all logs into an organization-level aggregated log sink and send the logs to a Pub/Sub topic. Implement a primary Dataflow pipeline that consumes logs from this Pub/Sub topic and delivers the logs to the SIEM. Implement a secondary Dataflow pipeline that replays failed messages.

Deploy a Cloud Logging sink with a filter that routes all logs directly to a syslog endpoint. The endpoint is based on a single Compute Engine hosted on Google Cloud that routes all logs to the on-premises SIEM. Implement a Cloud Function that triggers a retry action in case of failure.

Utilize custom firewall rules to allow your SIEM to directly query Google Cloud logs. Implement a Cloud Function that notifies the SIEM of a failed delivery and triggers a retry action.

Google Professional Cloud Security Engineer

Get started today

Comments

You need to export Google Cloud logs to an on-premises SIEM in near real-time using a push-based method. The solution must be fault-tolerant, secure, and auto-scaling, guaranteeing that failed log deliveries are retried. What is the recommended approach?