hey all, for the google pub/sub logging plugin, ho...
# kolidep
PJ Meyer
08/11/2020, 1:08 PMhey all, for the google pub/sub logging plugin, how does it use the service account credentials? is it just an env variable
GOOGLE_APPLICATION_CREDENTIALSs
sundsta
08/11/2020, 2:15 PMYes
p
PJ Meyer
08/11/2020, 2:27 PMhmph, is there a way to get more verbose logs? no matter what i'm getting "insufficient scopes" even if it's not pointing to a creds file at all, and on the other side of the spectrum i've oversupplied the service account with GCP permissions to this project hosting the pub/sub
s
sundsta
08/11/2020, 3:52 PMYou can turn on debug logging. https://github.com/kolide/fleet/blob/master/docs/infrastructure/configuring-the-fleet-binary.md#logging_debug
sundsta
08/11/2020, 3:54 PMMy Pub/Sub envs are as follows, running in Kubernetes.
Copy code
KOLIDE_OSQUERY_STATUS_LOG_PLUGIN: pubsub
KOLIDE_OSQUERY_RESULT_LOG_PLUGIN: pubsub
GOOGLE_APPLICATION_CREDENTIALS: /secrets/pubsub/pubsub.json
KOLIDE_PUBSUB_STATUS_TOPIC: osq-status-REDACTED
KOLIDE_PUBSUB_RESULT_TOPIC: osq-result-REDACTED
KOLIDE_PUBSUB_PROJECT: some-gcp-projectp
PJ Meyer
08/11/2020, 5:05 PMyeah that's pretty much aligned on my side, hmm, i'll see if the debug logging helps...thanks!!
3 Views