Skip to content

Send Audits in Self Managed deployment to GCS in GCP

Privacera Audit Server uses Fluentd to collect audit logs from the Privacera Manager and sends them to the configured destination. In a self-managed deployment, you can configure the Audit Server to send audit logs to FluentD, which in turn can be configured to the audits to external storage like Google Cloud Storage (GCS) in Google Cloud Platform (GCP).

This is applicable only for self-managed deployments. For PrivaceraCloud, please consult your contact at Privacera.

Prerequisites

Prerequisite Description
GCS Account You must have an existing GCS account and login credentials with sufficient privileges to manage your GCS bucket.
GCS Project You must have a GCS project in GCP. E.g. privacera_audits
Bucket in GCS You must have a bucket in GCS where you want to store the audit logs. E.g privacera_audits
GCS Credentials JSON file You must have a GCS credential JSON file to authenticate with GCS.
Privacera Core Services Privacera core services should be set up using Privacera Manager.
AuditServer AuditServer must be enabled. This is enabled by default in Self Managed Deployment

Setup

To setup sending audit logs to GCS, follow these steps:

  1. SSH into the instance where Privacera Manager is installed.
  2. Navigate to the config directory with the following command:
    Bash
    1
    cd ~/privacera/privacera-manager/config
  3. Copy the GCS credential json file to the ~/privacera/privacera-manager/config/custom-properties folder.
    Bash
    1
2
    mkdir -p ~/privacera/privacera-manager/config/custom-properties
cp <path-to-your-gcs-credential-json-file> ~/privacera/privacera-manager/config/custom-properties/gcs_credential.json
  4. Run the following command to copy the sample vars. The -n flag ensures that the file is not overwritten if it already exists.
    Bash
    1
    cp -n sample-vars/vars.audit-fluentd.yml custom-vars/
  5. Run the following command to open the .yml file for editing.
    Bash
    1
    vi custom-vars/vars.audit-fluentd.yml

  6. Modify the following properties:

    Variable Definition
    AUDIT_FLUENTD_AUDIT_DESTINATION Destination to store the audit logs. Set this to gcs
    AUDIT_FLUENTD_GCS_PROJECT Set the GCS project name, where you want to store audits inside the bucket. Example: privacera_audits.
    AUDIT_FLUENTD_GCS_KEY_FILE The GCS credential json for authentication and this file should be copied into the ~/privacera/privacera-manager/config/custom-properties folder. Example: gcs_credential.json.
    AUDIT_FLUENTD_GCS_BUCKET Set the GCS bucket name where you want to store the audits. Example: privacera_audits.
    AUDIT_FLUENTD_GCS_PATH_PREFIX If you want to store audits in specific path than default. This path prefix should not start with / and should not end with /. Example: privacera/dev/audits.

  7. Once the properties are configured, update your Privacera Manager platform instance by following the Quick Start guide.

Validation

To confirm that the setup is successful, after running the above steps and making access operation, navigate to the GCS bucket and verify that the audit logs are stored in the specified path.

Tip

Note that the audits are not sent immediately to GCS. The Fluentd buffer is flushed at the configured time interval. If you want to update the time interval, refer to the Advanced Configuration section.

Here is a sample GCS bucket Admin audit logs:

GCS bucket Admin audit

Advanced Configuration

Here are some of the advanced configurations that you can do to customize the audit logs sent to GCS

Configure GCS Encryption

Configure GCS Encryption

Prerequisites

Prerequisite Description
GCS Bucket Encryption Your GCS bucket must be encrypted.
Encryption Key You must have an AES-256 key for server-side encryption.

Configuration

If your GCS bucket is encrypted, you can configure the encryption key in the vars.audit-fluentd.yml file

  1. SSH into the instance where Privacera Manager is installed.
  2. Run the following command to open the .yml file for editing:
    Bash
    1
    vi config/custom-vars/vars.audit-fluentd.yml
  3. To enable encryption for GCS, include the following property in the vars.audit-fluentd.yml file:
    YAML
    1
2
    # Set this with your AES-256 key for server-side encryption.
AUDIT_FLUENTD_GCS_ENCRYPTION_KEY: "<PLEASE_CHANGE>"
  4. For more information, refer Data encryption options.
  5. Once the properties are configured, update your Privacera Manager platform instance by following the Quick Start guide.
Configure Time Interval for Sending Audits to GCS

Configure Time Interval for Sending Audits to GCS

If you want to change default time intervals for sending audits to GCS, you can configure the following properties in the vars.audit-fluentd.yml file

  1. SSH into the instance where Privacera Manager is installed.
  2. Run the following command to open the .yml file for editing:
    Bash
    1
    vi config/custom-vars/vars.audit-fluentd.yml

  3. Modify the following properties:

    Variable Definition
    AUDIT_FLUENTD_GCS_FILE_TIME_INTERVAL The time interval after which the audits will be pushed to the GCS destination. Example: 30s.
    AUDIT_FLUENTD_GCS_FILE_TIME_WAIT To configure the delay before pushing audits to GCS destination. By default, this delay is set to 600 seconds, or 10 minutes. Example: 600s.
    AUDIT_FLUENTD_GCS_FLUSH_INTERVAL Specifies how frequently Fluentd should push the audits to the GCS destination. Example: 30s.

  4. Once the properties are configured, update your Privacera Manager platform instance by following the Quick Start guide.

Comments