Integrations
Integrations
Integrations
nano supports multiple ingestion methods for getting logs into the platform. Choose the integration that matches your infrastructure.
Cloud Sources (Pull)
nano connects to cloud queues and subscriptions to pull log data directly — no agent needed.
| Integration | Transport | Common Log Types |
|---|---|---|
| AWS S3 via SQS | S3 bucket notifications → SQS queue | CloudTrail, VPC Flow Logs, GuardDuty, ALB/NLB, WAF |
| GCP Pub/Sub | Log Router sink → Pub/Sub subscription | Cloud Audit Logs, VPC Flow Logs, Security Command Center, GKE |
| Kafka | Kafka consumer group | Application logs, security events, streaming pipelines |
Push Sources (Direct)
Clients push logs to nano over HTTP-based protocols.
| Integration | Transport | Common Log Types |
|---|---|---|
| Splunk HEC | Splunk HTTP Event Collector (port 8088) | Windows Event Logs, Palo Alto, Cisco ASA — anything from Splunk forwarders or Cribl |
| HTTP | HTTP POST with X-Source-Type header (port 8080) | Applications, webhooks, Fluentd/Filebeat/Cribl |
On-Premises Sources (Via Aggregator)
Sources like syslog, OTLP, and log files don't include a source_type field. A lightweight Vector aggregator on your network tags events and forwards them to nano.
| Integration | Sources Covered | Transport to nano |
|---|---|---|
| Vector Aggregator | Syslog, OpenTelemetry, log files, Fluent protocol | Vector native protocol (port 6000) |
How It All Fits Together
Credential Security
Cloud credentials (AWS, GCP, Kafka) are encrypted at rest using AES-256-GCM. The API never returns secret values — only the credential name, provider, and metadata are visible after creation. Credentials cannot be deleted while any log source references them.
Choosing an Integration
| I want to ingest... | Use this |
|---|---|
| AWS CloudTrail, VPC Flow Logs, GuardDuty | AWS S3 via SQS |
| Google Cloud Audit Logs, GCP security logs | GCP Pub/Sub |
| Logs already in a Kafka cluster | Kafka |
| Logs from Splunk forwarders or Cribl | Splunk HEC |
| Syslog from firewalls, switches, servers | Vector Aggregator |
| OpenTelemetry from applications | Vector Aggregator |
| Application logs via HTTP/webhook | Set Up Your First Feed |