What is best way to pull Gsuite logs into Cribl? I have a service account set up with req authentication credentials to access G Suite audit logs.
One way to do this is to enable sending workflow logs to GCP, and then use GCP pub/sub to ingest into Cribl. See:
» <https://support.google.com/a/answer/9320190|Share data with Google Cloud services>.
» <https://cloud.google.com/logging/docs/export/aggregated_sinks|Google Doc: Create an Aggregated Sink>
Note that I am not a GCP admin - so you will need to work with your GCP admin to make sure you are following appropriate secure data flow procedures.
You can create a pub/sub topic, then add the sink writer identity to the pubsub. Once that is done, you can use the Cribl GCP pub/sub source to pull the data