You can see a high-level overview of all your audit logs on the Cloud Console Activity page. One best practice is to ensure that you’ve applied the appropriate IAM controls, to restrict who can access the audit logs. When configuring roles for Cloud Audit Logs, this how to guide describes some typical scenarios and provides guidance on configuring IAM policies that address the need to control access to audit logs. To view logs, you need to grant the IAM role logging.viewer (Logs Viewer) for the admin activity logs, and logging.privateLogViewer (Private Logs viewer) for the data access logs. You can do this by using IAM roles to apply access controls to logs. You should consider access to audit log data as sensitive and configure appropriate access controls. You can view audit logs from two places in the GCP Console: via the activity feed, which provides summary entries, and via the Stackdriver Logs viewer page, which gives full entries. If you configure your IAM controls incorrectly, your projects may become inaccessible. One best practice for data access logs is to use a test project to validate the configuration for your data access audit collection before you propagate it to developer and production projects. Follow the guidance detailed in Configuring Data Access Logs to enable them. With the exception of BigQuery, however, data Access audit logs are disabled by default. Here’s how to set up, configure and use various Cloud Audit Logs capabilities.Īdmin activity logs are enabled by default you don’t need to do anything to start collecting them. Some services are on by default, and others are just a few clicks away from being operational. Configure and view audit logsGetting started with Cloud Audit Logs is simple. Data access audit logs are disabled by default because they can grow to be quite large.įor your reference, here’s the full list of GCP services that produce audit logs. There's no charge for admin activity audit logs, and they're retained for 13 months/400 days.ĭata access logs, on the other hand, record API calls that create, modify or read user-provided data. Further, these logs are distinct from your application logs.Īdmin activity logs contain log entries for API calls or other administrative actions that modify the configuration or metadata of resources. GCP services generate these logs to help you answer the question of "who did what, where, and when?" within your GCP projects. The first thing to know about Cloud Audit Logs is that each project consists of two log streams: admin activity and data access. In this post, we’ll discuss the key functionality of Cloud Audit Logs and call out some best practices. Google Cloud Audit Logs is an integral part of the Google Stackdriver suite of products, and understanding how it works and how to use it is a key skill you need to implement an auditing approach for systems deployed on Google Cloud Platform (GCP). As an auditor, you probably spend a lot of time reviewing logs.
0 Comments
Leave a Reply. |