Skip to main content

Google Cloud Logging

 

  • An exabyte-scale, fully managed service for real-time log management. 
  • Helps you to securely store, search, analyze, and alert on all of your log data and events.

Features

  • Write any custom log, from any source, into Cloud Logging using the public write APIs.
  • You can search, sort, and query logs through query statements, along with rich histogram visualizations, simple field explorers, and the ability to save the queries.
  • Integrates with Cloud Monitoring to set alerts on the logs events and logs-based metrics you have defined.
  • You can export data in real-time to BigQuery to perform advanced analytics and SQL-like query tasks.
  • Cloud Logging helps you see the problems with your mountain of data using Error Reporting. It helps you automatically analyze your logs for exceptions and intelligently aggregate them into meaningful error groups.

Cloud Audit Logs

Cloud Audit Logs maintains audit logs for each Cloud project, folder, and organization. There are four types of logs you can use:

1. Admin Activity audit logs

  • Contains log entries for API calls or other administrative actions that modify the configuration or metadata of resources.
  • You must have the IAM role Logging/Logs Viewer or Project/Viewer to view these logs.
  • Admin Activity audit logs are always written and you can’t configure or disable them in any way.

2. Data Access audit logs

  • Contains API calls that read the configuration or metadata of resources, including user-driven API calls that create, modify, or read user-provided resource data.
  • You must have the IAM roles Logging/Private Logs Viewer or Project/Owner to view these logs.
  • You must explicitly enable Data Access audit logs to be written. They are disabled by default because they are large.

3. System Event audit logs

  • Contains log entries for administrative actions taken by Google Cloud that modify the configuration of resources.
  • You must have the IAM role Logging/Logs Viewer or Project/Viewer to view these logs.
  • System Event audit logs are always written so you can’t configure or disable them.
  • There is no additional charge for your System Event audit logs.

4. Policy Denied audit logs

  • Contains logs when a Google Cloud service denies access to a user or service account triggered by a security policy violation.
  • You must have the IAM role Logging/Logs Viewer or Project/Viewer to view these logs.
  • Policy Denied audit logs are generated by default. Your cloud project is charged for the logs storage. 

Exporting Audit Logs

  • Log entries received by Logging can be exported to Cloud Storage buckets, BigQuery datasets, and Pub/Sub topics.
  • To export audit log entries outside of Logging:
    • Create a logs sink.
    • Give the sink a query that specifies the audit log types you want to export.
  • If you want to export audit log entries for a Google Cloud organization, folder, or billing account, review Aggregated sinks.

Pricing

  • All features of Cloud Logging are free to use, and the charge is only applicable for ingested log volume over the free allotment. Free usage allotments do not come with upfront fees or commitments.
Labels:

Comments

Post a Comment

Popular posts from this blog

Google Cloud Pub/Sub

  Cloud Pub/Sub is a fully-managed real-time messaging service for event driven systems that allows you to send and receive messages between independent applications. Features Capable of global message routing to simplify multi-region systems. Synchronous, cross-zone message replication and per-message receipt tracking ensure at-least-once delivery at any scale. Pub/Sub delivers each message at least once, so the Pub/Sub service might redeliver messages. You can declare independent quota and billing for publishers and subscribers. Cloud Pub/Sub doesn’t have shards or partitions. You just need to set your quota, publish, and consume. Key Concepts Topic It is a named resource to which publishers send messages. Subscription Is a named resource representing the stream of messages from a specific topic, to be sent to the subscribing application. Message The combination of data and attributes that a publisher sends to a topic and is eventually sent to subscribers. Message attribute A key...
Post a Comment
Read more

Google Cloud Dataprep

  Cloud Dataprep by Trifacta is an intelligent data service for visually exploring, cleaning, and preparing structured and unstructured data for analysis, reporting, and machine learning. Features You can transform structured or unstructured datasets of any size — megabytes to petabytes — with equal ease and simplicity. Cloud Dataproc can transform datasets stored in CSV, JSON, or relational table formats. You can process data stored in Cloud Storage, BigQuery, or from your desktop, then export the refined data to BigQuery or Cloud Storage for storage, analysis, visualization, or machine learning. Uses a proprietary algorithm that interprets the data transformation intent of a user’s data selection. You can leverage hundreds of transformation functions readily available to turn your data into the asset you want. Cloud Dataprep enables users to collaborate on similar flow objects in real-time or to create copies for other team members to use for independent tasks. Explore your data ...
Post a Comment
Read more

Google Cloud Identity and Access Management

  Create and manage permissions for your Google Cloud resources with Identity Access Management (IAM). Provides a unified view into your organization’s security policy with built-in auditing to ease compliance purposes. Features Lets you authorize who can take specific actions on resources to give you full control and visibility on your Google Cloud services centrally. Permissions are represented in the form of  service.resource.verb Can map job functions into groups and roles. With IAM, users only get access to what they need to get the job done. Cloud IAM enables you to grant access to cloud resources at fine-grained levels, well beyond project-level access. You can leverage Cloud Identity to easily create or sync user accounts across applications and projects. IAM lets you set policies at the following levels of the resource hierarchy: Organization level The organization resource represents your company. IAM roles granted at this level are inherited by all resources under t...
Post a Comment
Read more