LOGIQ.AI
HomeLogFlowLogiqctlLogiqHub
Search…
Overview
Releases
EULA
End User License Agreement
Deploying LOGIQ
LOGIQ SaaS
LOGIQ Quickstart
LOGIQ PaaS deployment
Deploying LOGIQ PaaS on MicroK8s
Deploying LOGIQ PaaS on AWS
Deploying LOGIQ EKS on AWS using CloudFormation
Deploying LOGIQ EKS on AWS using custom AMI
Deploying Logiq EKS with AWS ALB
Deploying LOGIQ PaaS in Azure Kubernetes Service
INTEGRATIONS
Overview
Incident management
Generating a secure ingest token
AWS
Azure Databricks
Azure Event Hubs
Configuring Prometheus
Docker Syslog log driver
Docker Swarm logging
GCP Cloud Logging
IIS Logs on Windows
Filebeat
Fluent Bit
Fluentd
Logstash
MQTT
Open Telemetry
Rsyslogd
Palo Alto Firewall
Log Insights
Data extraction
Log Data Rewrite
Timestamp handling
LOGIQ Monitoring
Prometheus Data source
Elasticsearch Data source
JSON Data source
Vewing Logs
The LOGIQ UI
Terminology
Logs Page
Search Page
Metrics and Custom Indices
Reports
logiqctl
Role-Based Access Control (RBAC)
Configuring RBAC
ANOMALY DETECTION
Events
Event Rules
Alertable Events
Logs to time series event visualization
Example IIS Log Event Extraction Using Event Rules
COMPLIANCE
Audit Trail
LOGIQ STREAMING
Query API
LOGIQ Configuration
E-Mail Configuration
Single Sign-On with SAML
Log Ingest configuration
Terminology
Minimal server configuration
Server options
Sources
Destinations
Filters
Groupings
Rules
Credentials
Partitions
RUNNING ON AWS
Getting started
AWS IAM Resources
1-Click deployment using CloudFormation
Powered By GitBook
Sources
Sources provide matching rules for sender ip addresses. Sources can specify a single IP, a range of IP addresses or a list of IP addresses. A source definition can specify one or more of single IP, range of IP addresses or a list of IP addresses. In this case the source condition evaluates true if any of these source definitions are a match.
1
sources:
2
-
3
name: localhost
4
ipv4: 127.0.0.1
5
-
6
name: 3164_ip_1
7
ipv4: 192.168.55.20
8
-
9
name: 3164_ip_2
10
ipv4: 192.168.55.21
11
-
12
name: qa_lab
13
ipv4: 192.168.40.3
14
ipv4_range: 10.0.1.5/24
15
ipv4_list: 192.168.1.1, 192.168.1.10
Copied!
Sources are defined with the "sources" keyword in the config file. All source definitions must have a "name". Sources are referred in rules using their name. The config file validator will flag an error for names that are not found and or source definitions that have a missing name.

name [required]

This key is used to specify a unique name for source matching rules.
1
-
2
name: qa_lab
3
ipv4_list: 192.168.1.1, 192.168.1.10
Copied!
The source matching conditions are referenced in message rules using their names
1
rules:
2
-
3
source: localhost
4
destination: t_debug
Copied!

Client IP/Network details [optional]

At least one of ipv4, ipv4_list and ipv4_range is required when selecting a Client IP/Network based source

ipv4 - Specify a single ip address

1
sources:
2
-
3
name: qa_lab_dns
4
ipv4: 192.168.4.21
Copied!

ipv4_list - Specify a list of ip addresses

An IP address list is specified by individual ip addresses separated by commas. Note that in the "ipv4_list" keyword, only individual ip addresses are allowed and not CIDR ranges.
1
sources:
2
-
3
name: qa_lab
4
ipv4_list: 192.168.1.1, 192.168.1.10
Copied!

ipv4_range - Specify a range of ip addresses

The IP address range is specified using the CIDR notation. E.g. 10.0.1.5/24 represents a range of ip's starting from 10.0.1.0 - 10.0.1.255 or a total of 256 addresses.
1
sources:
2
-
3
name: qa_lab
4
ipv4_range: 10.0.1.5/24
Copied!

Cloud S3 storage buckets

Stackdriver logs from GCP cloud storage

LOGIQ can directly ingest from Stackdriver's Google cloud storage sink. You do not need to incur additional pub sub costs for this. Create a google_cloud_storage source in LOGIQ config for this.
1
-
2
name: stackdriver_gcp_storage_bucket
3
s3:
4
type: google_cloud_storage
5
credential: >
6
{
7
"type": "service_account",
8
"project_id": <google_project_id>,
9
"private_key_id": <private_key_id>,
10
"private_key": <private_key_string>,
11
"client_email": <client_email>,
12
"client_id": <client_id>,
13
"auth_uri": "https://accounts.google.com/o/oauth2/auth",
14
"token_uri": "https://oauth2.googleapis.com/token",
15
"auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
16
"client_x509_cert_url": <client cert url>
17
}
18
bucket: <cloud storage bucket name>
Copied!
Log Ingest configuration - Previous
Server options
Next - Log Ingest configuration
Destinations
Last modified 2yr ago
Export as PDF
Copy link
Contents
name [required]
Client IP/Network details [optional]
ipv4 - Specify a single ip address
ipv4_list - Specify a list of ip addresses
ipv4_range - Specify a range of ip addresses
Cloud S3 storage buckets
Stackdriver logs from GCP cloud storage