If you are coming from AWS or Azure, GCP's logging can be a little confusing. Only because of these two radical features

  • Everything is logged and viewed through the same service (Cloud Logging).
  • MOST logs are on by default.

Categories of logs

Broadly speaking there are three categories of logs . The Platform Logs (these are generated by the PaaS or IaaS services themselves  - VPC Flow Logs would be a good example, Cloud Functions Logs would be another), the security logs aka audit logs (these are mostly turned on except for data access audit) and the Agent logs (a good way to think of these are the OS level logs on linux or windows - or any application that has the stackdriver agent installed).

Google Cloud platform logs

Google Cloud platform logs are service-specific logs that can help you debug and troubleshoot issues, as well as better understand the Google Cloud services you're using.

The Google Cloud platform logs visible to you in Cloud Logging vary, depending on which Google Cloud resources you're using in your Google Cloud project or organization.

To learn more about the available Google Cloud platform logs, go to Using platform logs.

Note that some Google Cloud platform logs are sent by an agent.

VPC Flow Logs record a sample of network flows sent from and received by VM instances. For details, see Using VPC Flow Logs.

Logging Agent logs

The Logging agent is pre-configured to send logs from VM instances to Cloud Logging.

Linux

The following logs are pre-configured in the Logging agent running on Linux VM instances.

Log ID Source and configuration files
syslog Linux syslog
apache-accessapache-error Apache logs
cassandracassandra-output Cassandra logs
chef-* Chef logs

Windows

Log ID Description
fluent.info Logging agent messages
winevt.raw Windows Event Log

Security logs

Cloud Logging provides two kinds of security-related logs, Cloud Audit Logs and Access Transparency logs; details are as follows.

Audit logs

Cloud Audit Logs includes three types of audit logs: Admin Activity, Data Access, and System Event. Cloud Audit Logs provide audit trails of administrative changes and data accesses of your Google Cloud resources.

For a list of Google Cloud services that write audit logs, see Google services with audit logs.

For more information about audit logging, see Cloud Audit Logs.

Access Transparency logs

Access Transparency provides you with logs of actions taken by Google staff when accessing your Google Cloud content. Access Transparency logs can help you track compliance with your organization's legal and regulatory requirements.

For a list of Google Cloud services that write Access Transparency logs, see Google services with Access Transparency logs.

For more information, including how to enable Access Transparency logs, see Access Transparency

Log Router to Other Logging Sinks

One can, of course, route the logs outside of google (this will not prevent the logs from being stored in GCP itself).

Pub Sub is what would be used to connect the new external log store (ELK, Splunk) to GCP.

Need a hands-on, GCP Consultant?

Need help with your GCP journey? Start the conversation today.