Hi Team,
Please help
How can I send k8s_container logs to projects//logs/syslog through Stackdriver.
Scenario:
I have applications running in GKE container which logs the activities (Audit Logs) through Stackdriver into GCP. These logs can be seen under resource.type=k8s_container or projects//logs/stdout
I want to forward these logs to SIEM through sink, but the SIEM does not support resource.type=k8s_container as filter.
How can I send these logs to “projects//logs/syslog” so that SIEM may read the logs (Pull through Pub/Sub)
Supported Filters:
- cloudaudit.googleapis.com/activity
- compute.googleapis.com/vpc_flows
- syslog
- apache
- nginx
Regards
Naveen