Configuring Google Cloud Audit Logs to communicate with QRadar

Before you can add a log source in IBM® QRadar®, you must set up a functioning Pub/Sub system on your Google Cloud console.


  1. Create a Google account. For more information, see Create a Google Account (
  2. Set up a Pub/Sub system on your Google Cloud console. For more information, see Quickstart: building a functioning Pub/Sub system (
    Important: When you create service account credentials on the Google Cloud platform, use the following service account credentials:
      "type": "service_account",
      "project_id": "<project_id>",
      "private_key_id": "<private_key_id>",
      "private_key": “<private_key>",
      "client_email": "<client_email>",
      "client_id": "1111111111111111111",
      "auth_uri": "",
      "token_uri": "",
      "auth_provider_x509_cert_url": "",
      "client_x509_cert_url": "< client_x509_cert_url >"

What to do next

Add a log source in QRadar. For more information, see Google Cloud Pub/Sub protocol log source parameters for Google Cloud Audit Logs.