File based integration with Google SecOps via Forw...

sudeep_singh · 01-23-2025 10:40 PM

Hi All,

We are trying to integrate file based logs into secops (FilePath: /opt/logs/audit.log).

When we verify the forwarder logs, we are getting no such file found as the error.

Kindly suggest the solution for this issue.

bsalvatore

Hi,

Could you post the docker command that you are used to exec the forwarder?

sudeep_singh

     docker run 

       --detach 

       --name cfps 

       --log-opt max-size=100m 

       --log-opt max-file=10 

       --net=host 

       -v /opt/chronicle/config:/opt/chronicle/external 

       -v /var/log/crowdstrike/falconhostclient:/opt/chronicle/edr 

       gcr.io/chronicle-container/cf_production_stable

Aravind3

Can you check if the command below works?

     docker run 

       --detach 

       --name cfps 

       --log-opt max-size=100m 

       --log-opt max-file=10 

       --net=host 

       -v /opt/chronicle/config:/opt/chronicle/external 

       -v /opt/logs:/opt/chronicle/edr 

       gcr.io/chronicle-container/cf_production_stable

cmorris

Can you share the full error? Is the "No such file or directory error" referencing the forwarder conf file or the audit.log file?

sudeep_singh

Hi @cmorris ,

Please find the snip of error which i got.

bsalvatore

Sorry but I don’t understand very well the problem, could you post the config file (obviously without the auth section)?

Webinar May 29th: Log Ingestion: Bindplane + Google SecOps

File based integration with Google SecOps via Forwarder