lacework-global-489
This rule has been split and is linked to lacework-global-246. See Adjusted Rules for CIS GCP 1.3.0 for further details.
2.2 Ensure That Sink Destinations Exist (Automated)
Description
Best practices recommend that the resource configured as a log sink destination exists.
Remediation
From Console:
- Go to Logs Router by visiting https://console.cloud.google.com/logs/router.
- Click the three dots next to the sink with a non-existent destination.
- Click Edit sink.
- Under Sink destination, select a sink service and a destination resource.
- Click Done.
- Click Update Sink.
For more information, see https://cloud.google.com/logging/docs/export/configure_export_v2#dest-create.
Ensure that the sink filter is not left empty. Create a filter to collect only the relevant logs.
From Command Line:
To update a sink with a new destination:
gcloud logging sinks create <sink-name> <destination-name>
References
https://cloud.google.com/logging/docs/reference/tools/gcloud-logging
https://cloud.google.com/logging/quotas
https://cloud.google.com/logging/docs/routing/overview
https://cloud.google.com/logging/docs/export/using_exported_logs
https://cloud.google.com/logging/docs/export/configure_export_v2
https://cloud.google.com/logging/docs/export/aggregated_exports
https://cloud.google.com/sdk/gcloud/reference/beta/logging/sinks/list
https://cloud.google.com/logging/docs/export/configure_export_v2#restore_the_default_sink_filter