3 Broad Categories of Logs in GCP
If you are coming from AWS or Azure, GCP's logging can be a little confusing. Only because of these two radical features
- Everything is logged and viewed through the same service (Cloud Logging).
- MOST logs are on by default.
Categories of logs
Broadly speaking there are three categories of logs . The Platform Logs (these are generated by the PaaS or IaaS services themselves - VPC Flow Logs would be a good example, Cloud Functions Logs would be another), the security logs aka audit logs (these are mostly turned on except for data access audit) and the Agent logs (a good way to think of these are the OS level logs on linux or windows - or any application that has the stackdriver agent installed).
Google Cloud platform logs
Google Cloud platform logs are service-specific logs that can help you debug and troubleshoot issues, as well as better understand the Google Cloud services you're using.
The Google Cloud platform logs visible to you in Cloud Logging vary, depending on which Google Cloud resources you're using in your Google Cloud project or organization.
To learn more about the available Google Cloud platform logs, go to Using platform logs.
Note that some Google Cloud platform logs are sent by an agent.
VPC Flow Logs record a sample of network flows sent from and received by VM instances. For details, see Using VPC Flow Logs.
Logging Agent logs
The Logging agent is pre-configured to send logs from VM instances to Cloud Logging.
Linux
Log ID | Source and configuration files |
---|---|
syslog |
Linux syslog |
apache-access , apache-error |
Apache logs |
cassandra , cassandra-output |
Cassandra logs |
chef-* |
Chef logs |
Windows
Log ID | Description |
---|---|
fluent. |
Logging agent messages |
winevt. |
Windows Event Log |
Security logs
Cloud Logging provides two kinds of security-related logs, Cloud Audit Logs and Access Transparency logs; details are as follows.
Audit logs
Cloud Audit Logs includes three types of audit logs: Admin Activity, Data Access, and System Event. Cloud Audit Logs provide audit trails of administrative changes and data accesses of your Google Cloud resources.
For a list of Google Cloud services that write audit logs, see Google services with audit logs.
For more information about audit logging, see Cloud Audit Logs.
Access Transparency logs
Access Transparency provides you with logs of actions taken by Google staff when accessing your Google Cloud content. Access Transparency logs can help you track compliance with your organization's legal and regulatory requirements.
For a list of Google Cloud services that write Access Transparency logs, see Google services with Access Transparency logs.
For more information, including how to enable Access Transparency logs, see Access Transparency
Log Router to Other Logging Sinks
One can, of course, route the logs outside of google (this will not prevent the logs from being stored in GCP itself).
Pub Sub is what would be used to connect the new external log store (ELK, Splunk) to GCP.
Need a hands-on, GCP Consultant?
Need help with your GCP journey? Start the conversation today.
Leave a Reply