Appending third party application logs to Activity...

Zorghost · 03-03-2025 06:01 PM

Hello,

I’m looking to send Fortanix DSM logs to Google SecOps. The application offers an integration that allows logs to be sent to Google Cloud Logging after specifying a log ID in the configuration.

Currently, I’m sending Cloud Audit Activity logs (e.g., cloudaudit.googleapis.com/activity) to Google SecOps using an export filter. If I configure the Fortanix DSM integration with the log ID cloudaudit.googleapis.com/activity, will these DSM logs be appended to the existing GCP Activity logs and automatically forwarded to Google SecOps via the export filter?

I’m unable to test this in a lower environment, as it could disrupt other configurations. That’s why I’d like to confirm whether this approach is feasible before proceeding.

Thank you in advance for your assistance!

ErikaB

Hi @Zorghost

cloudaudit.googleapis.com/activity - is just for Google Cloud's own audit logs. You'll need to create a separate export filter using the LogID that Fortanix uses.

Zorghost

Thank you very much for the reply @ErikaB

is it actually possible to use export filter for third party applications as well as long as their logs are visible in cloud logging ? I thought that the export filter is only dedicated for GCP native logs.

Webinar May 14th: Gemini's generative AI within Google SecOps
Webinar May 29th: Log Ingestion: Bindplane + Google SecOps

Appending third party application logs to Activity logs for direct ingestion

Webinar May 14th: Gemini's generative AI within Google SecOpsWebinar May 29th: Log Ingestion: Bindplane + Google SecOps

Appending third party application logs to Activity logs for direct ingestion

Webinar May 14th: Gemini's generative AI within Google SecOps
Webinar May 29th: Log Ingestion: Bindplane + Google SecOps