What you'll need
- A GCP project with Cloud Logging enabled and ingesting your application/infrastructure logs
- Permission to create service accounts and JSON keys in that project
- The project ID (the human-readable string, not the numeric project number)
Set it up
Create a service account
GCP Console → IAM & Admin → Service Accounts → Create service account. Name it parumox-connector. Skip the optional grants step — we'll add the role explicitly in step 2.
Grant the Logs Viewer role
From IAM & Admin → IAM, add a role binding for the service account email. The minimum role is Logs Viewer (roles/logging.viewer). For private logs (data-access audit logs and similar), additionally grant Private Logs Viewer (roles/logging.privateLogViewer).
Create a JSON key
The service account → Keys → Add key → Create new key → JSON. The browser downloads a JSON file — keep it safe, GCP will not let you re-download it. You'll paste the entire file contents into Parumox in step 5.
Note the project ID
Use the project's string ID (e.g. my-project-prod), not its numeric ID. The string ID is shown in the Console header next to the project name and inside the JSON key file as project_id.
Permissions required
The connector calls logging.logEntries.list, which is granted by Logs Viewer. The OAuth scope used is https://www.googleapis.com/auth/logging.read.
Paste into Parumox
Portal → Connectors → Add Connector → choose GCP Cloud Logging and fill in:
- Project ID — string project ID from step 4
- Service Account JSON — paste the entire JSON key file from step 3 verbatim
Save. The health check lists one log entry from the last few minutes to confirm the credentials and project are correct.