Enabling Log Ingestion at Folder Level

Enabling Log Ingestion at Folder Level

This section describes the steps to enable log ingestion at the folder level.

Step 1: Creating a Role

Note

You cannot create a custom role at the folder level. If you need to use a custom role within a folder, define the custom role at the organization level.

Follow the steps as described in Step 1: Creating a Role.

Step 2: Creating a Service Account

Note

Service account can only be created inside a project and cannot be created at the folder level.

Navigate to the project inside the folder where you intend to create the service account. Then, follow the steps as described in Step 2: Creating a Service Account.

Step 3: Adding a Service Account to the Principal

Follow the steps as described in Step 3: Adding a Service Account to the Principal.

Note

For step 3.3, click the project selection drop-down list and select the folder.

Step 4: Creating a Logs Router

Follow the steps as described in Step 4: Creating a Logs Router.

Note

For step 4.3, enter the <folder-id> instead of <organization-id>. To identify the folder-id,

  1. At the top of the page, click the project selection drop-down list and select the folder.
    folder-selection-drown-down-list.png
  2. In the search box, type IAM and click IAM & Admin.
    Search_IAM.png
  3. On the left navigation, click Settings.

    The UI displays the Folder ID.

Note

As soon as you create a logs router, Google starts pushing logs into the logs router. However, the logs router may not have the appropriate permissions to publish to the pub/sub topic hosted by Netskope. The administrator of the organization, folder, or project may receive an email notification with an error code topic_permission_denied. You can ignore the email notification. To resolve this issue, log in to your Netskope tenant, set up the GCP instance, and grant access.

Once you have enabled log ingestion, log in to your Netskope tenant and set up the GCP instance. For detailed documentation, see Configure Google Cloud Platform on Netskope UI.

Share this Doc

Enabling Log Ingestion at Folder Level

Or copy link

In this topic ...