Cloud Storage is a service for storing objects, which are immutable pieces of data in the form of files, in Google Cloud. Objects are stored in containers called buckets that are associated with a project. Projects can be grouped under an organization and each project, bucket, and object in Google Cloud is considered a resource. After creating a project, you can create Cloud Storage buckets, upload and download objects, and grant permissions for access to specified principals or the public internet for certain use cases such as hosting a website
Log in to your Google Console at https://console.cloud.google.com/storage/browser and create a Bucket. You will need to decide on a globally unique "Bucket name".
-> Name your bucket - (sample_log) -> Choose where to store your data - multi-region -> Choose a default storage class for your data - Standard -> Choose how to control access to objects - Fine Grained. -> Advanced settings (optional) - Google Managed encryption key. (CREATE)
Create a custom role that has the permissions required to access the bucket and get objects.
Log into the Google Cloud Platform Console as a project editor.
From the home dashboard, choose IAM & admin » Roles.
Click Create Role.
Enter a name, and description for the custom role.
Click Add Permissions.
Filter the list of permissions, and add the following from the list:
Data loading only
storage.buckets.get
storage.objects.get
storage.objects.list
Click Create.
Assigning the Custom Role to the Cloud Storage Service Account
Log into the Google Cloud Platform Console as a project editor.
From the home dashboard, choose Cloud Storage » Browser:
Select a bucket to configure for access.
Click SHOW INFO PANEL in the upper-right corner. The information panel for the bucket slides out.
Click the ADD PRINCIPAL button.
In the New principals field, search for the service account name from the DESCRIBE INTEGRATION output in.
8. From the Select a role dropdown, select Custom » <role>, where <role> is the custom Cloud Storage role you created in Creating a Custom Role (in this topic).\
9 . Click the Save button. The service account name is added to the Storage Object Viewer role dropdown in the information panel.
Service account details - (sample_log) -> Grant this service account access to project - (Cloud Storage-Storage Admin) for the role -> Grant users access to this service account (optional) - Nothing to do with this. (DONE)
Sink details - (sample_log) -> Sink Destination - Select Sink Service(Cloud Storage Bucket) & After browsing bucket put you bucket for us it is (sample_log) then select.
Go to Provisioning -> Google Configuration -> Logs -> Add -> Put Bucket Name and CCE IP -> Browse JSON file from Google Cloud Platform then (SAVE).
Verification of configuration can be done in two ways:
From the Collector-Syslog Server (CCE): This can involve logging into the CCE and checking the configuration settings, testing connectivity and functionality of the various components, and comparing the actual results against the expected or desired outcomes.
From the UI: This can involve logging into the user interface and checking the configuration settings, monitoring the logs and flows, and comparing the actual results against the expected or desired outcomes.
Both methods can be used to ensure that the system is properly configured and working as intended.
STEP 1:Log in to UI >> SYSTEM
STEP 2: >> Logs and flows collection status
STEP 3: >>To verify the source device IP from the UI:
Log in to the user interface
Navigate to the "SYSTEM" section
Look for the "SOURCE DEVICE IP"
Check the IP address that is displayed
Compare the IP address displayed against the expected source device IP
This will allow you to ensure that the system is properly identifying the source device IP and that it matches the expected IP address..
