Skip to main content

lacework-global-489

info

This rule has been split and is linked to lacework-global-246. See Adjusted Rules for CIS GCP 1.3.0 for further details.

2.2 Ensure That Sink Destinations Exist (Automated)

Description

It is recommended that the resource configured as a log sink destination exists.

Remediation

From Console:

Go to Logs Router by visiting: https://console.cloud.google.com/logs/router.
Click on the three dots next to the sink with a non-existent destination.
Click Edit sink.
Under Sink destination, select a sink service and a destination resource.
Click Done.
Click Update Sink.

For more information, see https://cloud.google.com/logging/docs/export/configure_export_v2#dest-create.

note

Ensure that the sink filter is not left empty. Create a filter to ensure that only relevant logs are collected.

From Command Line:

To update a sink with a new destination:

gcloud logging sinks create <sink-name> <destination-name>

References

https://cloud.google.com/logging/docs/reference/tools/gcloud-logging
https://cloud.google.com/logging/quotas
https://cloud.google.com/logging/docs/routing/overview
https://cloud.google.com/logging/docs/export/using_exported_logs
https://cloud.google.com/logging/docs/export/configure_export_v2
https://cloud.google.com/logging/docs/export/aggregated_exports
https://cloud.google.com/sdk/gcloud/reference/beta/logging/sinks/list
https://cloud.google.com/logging/docs/export/configure_export_v2#restore_the_default_sink_filter

2.2 Ensure That Sink Destinations Exist (Automated)