This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Direct Ingestion with Cloud Logging Prices

Posted on 01-06-2025 12:09 AM
Former Community Member
Not applicable
Reply posted on --/--/---- --:-- AM

Hi,

I’m concerned about finding a cost-effective solution to ingest these logs into Google SecOps. While I want to send this type of log data to Google SecOps, I’ve noticed there is a charge for Cloud Logging. If I agree to pay for the storage and retention costs associated with a Cloud Logging bucket, would there still be any egress charges for transferring these logs to Google SecOps?

Thank you!

Option 1: Direct ingestion
A special Cloud Logging filter can be configured in Google Cloud to send specific log types to Google Security Operations in real-time. These logs are generated by Google Cloud services.

Google Security Operations only ingests supported log types. Available log types include:

Cloud Audit Logs
Cloud NAT
Cloud DNS
Cloud Next Generation Firewall
Cloud Intrusion Detection System
Cloud Load Balancing
Cloud SQL
Windows Event logs
Linux syslog
Linux Sysmon
Zeek
Google Kubernetes Engine
Audit Daemon (auditd)
Apigee
reCAPTCHA Enterprise
Cloud Run logs (GCP_RUN)

0 3 938
Topic Labels
0 Likes
3 REPLIES 3

Posted on --/--/---- --:-- AM
cmmartin_google
Staff
Reply posted on --/--/---- --:-- AM

I only see one option in your original post, but GCP Cloud Operations can be customized on how long you retain logs there, but you will need to balance that out with other teams who may use and require these logs, but you have control over how long you keep the logs there (which is a cost outside of SecOps).

Using the native ingestion to SecOps doesn't add extra costs beyond the above generating and retaining the logs in Operations.

If you export via a custom sink to a GCS Bucket from GCP Operations you will pay for the logs in that bucket, but SecOps won't incur a charge for reading the logs.

Posted on --/--/---- --:-- AM
Former Community Member
Not applicable
In response to cmmartin_google
Reply posted on --/--/---- --:-- AM

So, Direct Ingestion does not incur any additional costs for sending logs from the Cloud Logging bucket to SecOps. 

Posted on --/--/---- --:-- AM
Shilpa_M
Staff
In response to cmmartin_google
Reply posted on --/--/---- --:-- AM

Hi Martin, 

do you know where we can find details to generation cost? I can only find this for :VPC Flow Logs,Firewall Rules Logging,Cloud NAT logging but what if i am only sending logs from

Cloud DNS
Cloud SQL
Cloud Load Balancer
Cloud NextGen Firewall

I cant find the cost associated with exporting these logs into secops. Would you know?

0 Likes
Top Solution Authors
View all