BT

New Early adopter or innovator? InfoQ has been working on some new features for you. Learn more

Google Expands Audit Logging Capability to Majority of Cloud Services

| by Richard Seroter Follow 2 Followers on Jan 30, 2017. Estimated reading time: 2 minutes |

Tracking "who did what" in a self-service public cloud can be challenging. With Google Cloud Audit Logging, Google captures log streams for seventeen services in Google Cloud Platform (GCP).

Launched in the Fall of 2016, Cloud Audit Logging started off with support for a handful of services. These include Google App Engine, BigQuery, and Cloud IAM. The refreshed offering introduces beta support for Google Compute Engine, Google Container Engine, Google Cloud Dataproc, Google Cloud Storage, Google Cloud SQL, and more.

post by Google Product Manager Joe Corkery described the service and its two stream types:

Cloud Audit Logging provides log streams for each integrated product. The primary log stream is the admin activity log that contains entries for actions that modify the service, individual resources or associated metadata. Some services also generate a data access log that contains entries for actions that read metadata as well as API calls that access or modify user-provided data managed by the service. 

Today, only Google's BigQuery service generates a data access log. Google promises that the data access stream is coming to more services in the future. 

Stackdriver offers a free Basic tier, and for-pay Premium tier. In the Basic tier, individual audit logs are stored for seven days. This goes up to thirty days for Premium tier users. It should be noted that as long as logs are stored in Stackdriver, users can't delete or change them.

Users of Google Cloud Audit Logging have a few options for viewing logs. Log data is visible in the Google Cloud Console (see below). One can also view logs from within the Stackdriver Logs Viewer. Using this interface, users can do free text searches. It's also possible to export log data to Cloud Storage for archive, ship to BigQuery for analysis, or retrieve via API. On top of that, Google mentions partnerships with companies like Splunk for further log analysis.

Source: Blog post - Google Cloud Audit Logging now available across the GCP stack

In the Google blog post, Corkery points out support for alerts on log-based metrics. Stackdriver Logging offers built-in alerting that works with audit log streams. Besides using basic alerting, Corkery demonstrates how to integrate with Google's "serverless" product. He shows how Google Cloud Functions could analyze audit logs and act upon high-risk firewall changes.

Enterprises now expect cloud providers to have mature security and audit capabilities, says eWeek:

Analysts have long considered capabilities like audit logging, cloud encryption, key management and security capabilities such as access control and management critical must-haves for enterprise cloud service providers.

The other major cloud IaaS providers deliver similar audit services. AWS offers CloudTrail. CloudTrail records AWS API calls for all AWS services in all regions. Microsoft Azure gives users an activity log for auditing, and further Log Analytics within the Operations Management Suite.

Rate this Article

Adoption Stage
Style

Hello stranger!

You need to Register an InfoQ account or or login to post comments. But there's so much more behind being registered.

Get the most out of the InfoQ experience.

Tell us what you think

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread

am i missing something by Paul Matencio

If I am not mistaken, CloudTrail does not log actions that modify the services.

Re: am i missing something by Richard Seroter

The docs say that "When you create a trail, your trail logs read-only and write-only management events for your account" (docs.aws.amazon.com/awscloudtrail/latest/usergu...). I believe that means that it's capturing changes made to the service as well. That said, you're just getting the API call, not necessarily what occurred!

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread

2 Discuss

Login to InfoQ to interact with what matters most to you.


Recover your password...

Follow

Follow your favorite topics and editors

Quick overview of most important highlights in the industry and on the site.

Like

More signal, less noise

Build your own feed by choosing topics you want to read about and editors you want to hear from.

Notifications

Stay up-to-date

Set up your notifications and don't miss out on content that matters to you

BT