This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Announcements
New SecOps Webinar May 14th! Learn about Gemini's generative AI within Google SecOps
Log in to ask a question

BindPlane OpenTelemetry collector

Posted on 05-30-2024 02:07 AM
Aravind3
Bronze 4
Bronze 4
Reply posted on --/--/---- --:-- AM

Dear All,
Could anyone please give a documentation for how to use "BindPlane OpenTelemetry collector" for syslog collection and how to collect metric logs with the collector?
Thanks,

Solved Solved
0 7 1,513
Jump to Solution
0 Likes
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
mikewilusz
Staff
Reply posted on --/--/---- --:-- AM

Syslog can mean a couple different things. If you want to open a TCP listener (similar to the SecOps forwarder) you can find details here: https://observiq.com/docs/resources/sources/tcp

If you're interested in "tail"ing a syslog file, you can use a file reader. I have an example on my github here: https://github.com/pilot006/observiq-chronicle-example-config/blob/main/config_nix.yaml

For metrics are you interested in collecting metrics from the host, or rather collecting metrics from Bindplane related to the agent?

-mike

View solution in original post

Jump to Solution
7 REPLIES 7

Posted on --/--/---- --:-- AM
mikewilusz
Staff
Reply posted on --/--/---- --:-- AM

Syslog can mean a couple different things. If you want to open a TCP listener (similar to the SecOps forwarder) you can find details here: https://observiq.com/docs/resources/sources/tcp

If you're interested in "tail"ing a syslog file, you can use a file reader. I have an example on my github here: https://github.com/pilot006/observiq-chronicle-example-config/blob/main/config_nix.yaml

For metrics are you interested in collecting metrics from the host, or rather collecting metrics from Bindplane related to the agent?

-mike

Jump to Solution

Posted on --/--/---- --:-- AM
Aravind3
Bronze 4
Bronze 4
In response to mikewilusz
Reply posted on --/--/---- --:-- AM

Hi @mikewilusz ,
Thanks for providing these documents. This is helpful.
I want to collect metric logs from the host.

Thanks,
Aravind S

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
Aravind3
Bronze 4
Bronze 4
In response to Aravind3
Reply posted on --/--/---- --:-- AM

Dear All,
Could anyone give an update on this?

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
Former Community Member
Not applicable
In response to Aravind3
Reply posted on --/--/---- --:-- AM

Hi @mikewilusz ,

Any update on this?
Also could you provide the sample conf file for syslog collection?
Thanks,
Aravind

Jump to Solution

Posted on --/--/---- --:-- AM
RanjithHegdeK
Bronze 3
Bronze 3
Reply posted on --/--/---- --:-- AM

Hi All,

Please find the below sample configuration file and  useful link;

receivers:
windowseventlog/source0__application:
attributes:
log_type: windows_event.application
channel: application
max_reads: 100
poll_interval: 1s
raw: true
start_at: end
windowseventlog/source0__security:
attributes:
log_type: windows_event.security
channel: security
max_reads: 100
poll_interval: 1s
raw: true
start_at: end
windowseventlog/source0__system:
attributes:
log_type: windows_event.system
channel: system
max_reads: 100
poll_interval: 1s
raw: true
start_at: end
exporters:
chronicleforwarder/forwarder:
export_type: syslog
raw_log_field: body
syslog:
endpoint: ForwarderIP:port
transport: udp or tcp
service:
pipelines:
logs/source0__forwarder-0:
receivers:
- windowseventlog/source0__system
- windowseventlog/source0__application
- windowseventlog/source0__security
exporters:
- chronicleforwarder/forwarder

Solved: BindPlane OpenTelemetry collector - Google Cloud Community

 

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
Aravind3
Bronze 4
Bronze 4
In response to RanjithHegdeK
Reply posted on --/--/---- --:-- AM

Thanks @RanjithHegdeK 

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
matthewnichols
Staff
Reply posted on --/--/---- --:-- AM

Hi @Aravind3, we just embedded our Bindplane and Data Pipeline Management webinar. Check it out here. Hopefully it helps with some of your other uses cases or as you leverage these features. 

Jump to Solution
0 Likes
Top Solution Authors
View all