Recovering Logs in Dead Letter Topic (Alternative)

When the recommended method of for recovery described in Recovering Logs in Dead Letter Topic (Recommended) is not an option, you may use the existing Log Forwarder to reprocess undelivered logs.

Audit log recovery using existing log forwarder installation

Warning

This approach is only recommended for implementors with advanced knowledge of the involved GCP services and can result in permanent loss/duplication of audit logs and additional cost. If unsure, install an additional log forwarder to reprocess logs or reach out to Protegrity for guidance.

Steps to recover audit logs using existing Log Forwarder installation:

Fix any configuration errors causing the Log Forwarder to fail. Verify audit logs are being transmitted successfully to ESA.
Identify the dead letter pub/sub topic (DLQ 1 in the above diagram) resource name by running command
```
terraform output
```
for the Log Forwarder. Note the value for audit_log_dlq_topic.
Set audit_log_dead_letter_topic in the terraform installation script to the value of audit_log_dlq_topic identified in previous step. Apply the changes with
```
terraform apply
```
When audit logs have been transmitted to ESA, revert setting audit_log_dead_letter_topic to null Apply the changes with
```
terraform apply
```

Feedback

Was this page helpful?

Last modified : April 27, 2026