Help Document

Log forwarding

The Log forwarding feature allows you to forward the logs collected from the configured sources to a designated cloud account.

  1. Configure forwarding policy
  2. Edit forwarding policy
  3. Enable and disable forwarding policy
  4. Delete forwarding policy

Configure forwarding policy:

  1. Go to Settings tab → Configuration → under Log Source Configuration → Log Forwarding.
  2. Log forwarding

  3. Click Configure Forwarding Policy.
  4. Enter a Policy Name and select the Cloud Account (or configure a Cloud Account by clicking on Configure Cloud Account), Bucket Name, Storage Class, and Encryption Type as required. Then click Configure.

    Log forwarding

  5. Once the Log Forwarding Policy is added successfully, the raw logs will be forwarded to the configured bucket in the path
    'Log360CloudLogs/<accountId>/RawLogs/year=<year>/month=<month>/day=<day>/hour=<hour>/min=<(mins in multiples of 5)>/<logZipName>'. (The folder path will be formed based on UTC timezone)

    Log forwarding

    Note:
    • The customer will be charged accordingly from the cloud source account side for performing the below option for this feature in Log360Cloud
      • For AWS, operations includes s3:PutObject, s3:GetObject, s3:CreateBucket, and s3:ListBucket.
    • Log360Cloud will not be responsible for the data stored in the Cloud Source Account.
    • The bucket's lifecycle configuration can be established with a prefix that matches the provided file path pattern. Based on the specified requirements, Lifecycle rule can dictate actions for objects, including deletion or setting expiration dates.
  6. The forwarding history can be viewed by clicking Details near Forwarded Data Size.

    Log forwarding

    Log forwarding

Edit forwarding policy:

  1. Click the Edit icon at the top-right of the policy details to edit the policy.

    Log forwarding

  2. Update the required values in the Edit page and click the Update button.

    Log forwarding

  3. The policy will be updated and the upcoming logs will be forwarding to the updated destination.

Enable and disable forwarding policy:

The toggle button near the Policy Name can be used to enable or disable the policy.

Note: Logs during this disabled period will not be forwarded again after enabling the policy.

Log forwarding

Enabled state

Log forwarding

Disabled state

Log forwarding

Delete forwarding policy:

Click the Delete icon at the top right of the policy details to delete the policy.

Note: Deleting the policy won't delete the forwarded data in the cloud account.

Log forwarding

Note: This feature will be available only for the Standard License Plan. Click here to know more on the licensing.