Closed nov3mb3r closed 8 months ago
@nov3mb3r Thanks for your feedback! We will investigate and update as appropriate.
@yaelrbergman Here's a continuation of what you were investigating.
@nov3mb3r - I just ran into this error message and it happened when my service account was in a different GCP project than the pub/sub subscription. After moving the service account into the same project as the pub/sub subscription, the connector works.
@yaelrbergman - can you confirm that using a central project in the org for all service accounts and granting x-project permissions to the subscription is not supported? This would require you to impersonate the service account in one project, and then use the token to access the subscription in a different project? I'm not sure if there is an assumption they are both using the same project id / number?
@nov3mb3r I'm going to assign this to the document author so they can take a look at it accordingly.
@ejohn20 The service account and subscription must be in the same project.
To collect logs for resources throughout the entire organization:
Select your organization in the project selector.
Follow the instructions in the Google Cloud documentation to set up a sink for collecting logs.
Choose a Name that reflects the purpose of log collection for export to Microsoft Sentinel. Select "Cloud Pub/Sub topic" as the destination type, and choose the default "Use a Cloud Pub/Sub topic in a project". Enter the destination in the following format: pubsub.googleapis.com/projects/{PROJECT_ID}/topics/{TOPIC_ID}
And if you are using terraform: terraform apply -var="organization-id= {organizationId} "
@yaelrbergman - I think same project limitation should be documented if it's not already (it's very possible I missed it somewhere). Can we add that detail to the Set up GCP environment section?
Also, I realize that this is the docs repo. It is a pretty common architecture in GCP to centralize all service accounts in the org into a single project, and then grant permissions for those service accounts to resources housed in other projects. In this example, I would want the service account to live in our "identity" project. Then, I can grant the sentinel service account the consume and get permissions on the sentinel subscription that lives in the "logging" project. Is there a place to request this feature to be added to the data connector?
@ejohn20 Yes it is :) A more general question to everybody. Should the names(Service account/provider) on the GCP have a specific name? I tried replicating using exactly the documentation's names and one attempt with different ones. However the issues still persists
@nov3mb3r The naming we suggest for GCP is not mandatory. I don't think that's the issue's source
@yaelrbergman - I think same project limitation should be documented if it's not already (it's very possible I missed it somewhere). Can we add that detail to the Set up GCP environment section?
@ejohn20 @nov3mb3r @yaelrbergman This requirement has been added to the documentation. Publishing of these changes is pending.
A more general question to everybody. Should the names(Service account/provider) on the GCP have a specific name? I tried replicating using exactly the documentation's names and one attempt with different ones. However the issues still persists
@nov3mb3r Do you have a support ticket open for your persisting issue?
I'm closing this issue for now. Feel free to comment further on this issue (don't open another one for the same problem). When support resolves this issue I will update the documentation further as necessary.
Following all the steps in the documentation provided in https://learn.microsoft.com/en-us/azure/sentinel/connect-google-cloud-platform?tabs=manual i am trying to set up a connector. However once I provide my subscription's details in the collector (just like in the picture an error appears)
I have tried uninstalling and reinstalling the connector as stated in this previous issue but no luck https://github.com/MicrosoftDocs/azure-docs/issues/119415
The new following error appears that either has to do with inefficient permissions.
Document Details
⚠ Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.