Skip to main content
All CollectionsSetup & Configuration
Set up Log shipping
Set up Log shipping

Log shipping automates sending system event logs to an external data store for centralized storage and analysis

Updated over 7 months ago

This tutorial details configuring log shipping, where Axiom's event logs are forwarded to a designated external data store for centralized management and analysis.

Amazon S3 setup

1. Create an S3 Bucket

1. Go to the AWS Management Console and navigate to the Amazon S3 service.

2. Click on Create bucket.

3. Choose a unique name for your bucket and select the desired region.

4. For advanced configurations like access logging or versioning, adjust the settings as needed.

5. Click Create.

1. Create an IAM Policy

1. Go to the IAM service in the AWS Management Console.

2. Click on Policies and then Create policy.

3. Switch the Policy editor to JSON and enter the following policy:

{
	"Version": "2012-10-17",
	"Statement": [
		{
			"Sid": "Statement1",
			"Effect": "Allow",
			"Action": [
				"s3:GetObject",
				"s3:PutObject",
				"s3:DeleteObject"
			],
			"Resource": [
				"arn:aws:s3:::<bucket-name>/*"
			]
		}
	]
}

4. Replace <bucket-name> with the name of the bucket you created earlier.

5. Click Next: Review and provide a name for your policy.

6. Click Create policy.

3a. Create an IAM Role (for Role Authentication Method)

1. Go to the IAM service in the AWS Management Console.

2. Click on Roles and then Create role.

3. Select AWS account as the trusted entity type.

4. Choose Another AWS account and enter the following Account ID 172796517899.

5. Choose Require external ID and generate a random string as the ID and click Next.

7. Search for and select the policy you created earlier and attach it to the role.

8. Click Next: Review and provide a name for your role.

9. Click Create role.

3b. Create an IAM User (for Credentials Authentication Method)

1. Go to the IAM service in the AWS Management Console.

2. Click on Users and then Create user.

3. Provide a name for your user and click Next.

4. Choose the Attach policies directly and search for and select the policy you created earlier.

5. Click Next and review your user.

6. Click Create user.

7. Go to the Security credentials tab of IAM User, and click on Create access key.

8. Choose Other and click Next.

9. Enter a description and click Create access key.

10. Record the Access key and Secret access key and click Done.

GCP GCS setup

1. Create a Service Account and Download Credentials

1. Go to the IAM & Admin section of the Google Cloud Console.

2. Click Service Account from the left-hand menu.

3. Click Create service account.

4. Enter a Name and an optional Description, And click Create and continue.

5. Download Credentials:

1. Click on the Keys tab.

2. Click Add key and select Create new key.

3. Choose JSON as the key type and click Create. This downloads the credentials file.

2. Create a GCS Bucket

1. Go to the Storage section of the Google Cloud Console.

2. Click Create bucket.

3. Enter a unique Bucket name and choose a Location (region) for your data.

4. Leave default settings and click Create.

3. Assign the Predefined Role

1. Go to the Permission tab of GCP Bucket.

2. Click on Grant Access.

3. Find and select the service account you created earlier.

4. Select the predefined role Storage Object User and click Save.

Axiom setup

1. Go to the Preferences section of Axiom User Portal.

2. Go to the Log Shipping tab.

3. Click on Create, fill the details based on your destination setup, and click on Save.

4. Verify the Configuration toggle is on and the Status is Healthy.

Related Articles
Axiom Runner - Setup and Secret Configuration
Google Cloud Platform (GCP) Integration
Release Notes 2024
Setup Kubernetes Integration
Did this answer your question?