GCP VPC Flow Logs

Note: This integration is currently in beta and requires manual intervention from AlphaSOC. If you wish to integrate your GCP environment with Analytics Engine, please contact support@alphasoc.com beforehand.

Enable VPC flow logs

Open the VPC networks dashboard and select the subnet for which you want to enable flow logs.

VPC networks dashboard

Click Edit

Subnet details

Select On under Flow logs

Enable flow logs

Click Configure logs and set aggregation interval to 5 sec and sample rate to 100:

Additional configuration

Finally, click Save.

Export logs to Google Cloud Storage

Go to Logs Router dashboard and click Create sink.

Create logs sink

Enter sink details:

Sink name and description
Select Cloud Storage bucket as a sink destination
Use the Cloud Storage bucket name provided by AlphaSOC.
Logs filter:
logName="projects/PROJECT_ID/logs/compute.googleapis.com%2Fvpc_flows" AND jsonPayload.reporter="SRC"

Click Create sink.

Logs sink service account

To allow logs to be written to the GCS bucket provided by AlphaSOC, you will need to create a service account and provide its details to us so that we can grant necessary permissions to it.

Go to Logs Router dashboard, open the context menu on the right side of the sink and select View sink details.

Open sink details view

Copy Writer identity field from the window that opened and provide it to AlphaSOC.

Log sink details window

Enable VPC flow logs​

Export logs to Google Cloud Storage​

Logs sink service account​

Enable VPC flow logs

Export logs to Google Cloud Storage

Logs sink service account