Using Cloud Audit Logs
In Chapter 11, in the Cloud Logging section, we explored various types of Google Cloud logs and learned how to view, filter, and store them. The concept of Cloud Audit Logs was briefly introduced as well. This section aims to provide more visibility into the Cloud Audit Logs topic.
Cloud Audit Logs are a part of Cloud Logging. Still, contrary to logs generated by workloads, they record user actions providing details on who did what activity (for example, created or deleted a resource) from where (such as from a local computer, browser etc.)and when this happened. This type of log is mainly collected for auditing, troubleshooting, and compliance.
There are the following audit log types:
- Admin Activity logs that log users’ creation and deletion of Google Cloud resources. The log collection is enabled by default and can’t be disabled. We also can’t delete such logs. Google will store them for 400 days in the
_Requiredlog bucket...
