BT

Facilitating the Spread of Knowledge and Innovation in Professional Software Development

Write for InfoQ

Topics

Choose your language

InfoQ Homepage News Google Expands Audit Logging Capability to Majority of Cloud Services

Google Expands Audit Logging Capability to Majority of Cloud Services

This item in japanese

Bookmarks

Tracking "who did what" in a self-service public cloud can be challenging. With Google Cloud Audit Logging, Google captures log streams for seventeen services in Google Cloud Platform (GCP).

Launched in the Fall of 2016, Cloud Audit Logging started off with support for a handful of services. These include Google App Engine, BigQuery, and Cloud IAM. The refreshed offering introduces beta support for Google Compute Engine, Google Container Engine, Google Cloud Dataproc, Google Cloud Storage, Google Cloud SQL, and more.

post by Google Product Manager Joe Corkery described the service and its two stream types:

Cloud Audit Logging provides log streams for each integrated product. The primary log stream is the admin activity log that contains entries for actions that modify the service, individual resources or associated metadata. Some services also generate a data access log that contains entries for actions that read metadata as well as API calls that access or modify user-provided data managed by the service. 

Today, only Google's BigQuery service generates a data access log. Google promises that the data access stream is coming to more services in the future. 

Stackdriver offers a free Basic tier, and for-pay Premium tier. In the Basic tier, individual audit logs are stored for seven days. This goes up to thirty days for Premium tier users. It should be noted that as long as logs are stored in Stackdriver, users can't delete or change them.

Users of Google Cloud Audit Logging have a few options for viewing logs. Log data is visible in the Google Cloud Console (see below). One can also view logs from within the Stackdriver Logs Viewer. Using this interface, users can do free text searches. It's also possible to export log data to Cloud Storage for archive, ship to BigQuery for analysis, or retrieve via API. On top of that, Google mentions partnerships with companies like Splunk for further log analysis.

Source: Blog post - Google Cloud Audit Logging now available across the GCP stack

In the Google blog post, Corkery points out support for alerts on log-based metrics. Stackdriver Logging offers built-in alerting that works with audit log streams. Besides using basic alerting, Corkery demonstrates how to integrate with Google's "serverless" product. He shows how Google Cloud Functions could analyze audit logs and act upon high-risk firewall changes.

Enterprises now expect cloud providers to have mature security and audit capabilities, says eWeek:

Analysts have long considered capabilities like audit logging, cloud encryption, key management and security capabilities such as access control and management critical must-haves for enterprise cloud service providers.

The other major cloud IaaS providers deliver similar audit services. AWS offers CloudTrail. CloudTrail records AWS API calls for all AWS services in all regions. Microsoft Azure gives users an activity log for auditing, and further Log Analytics within the Operations Management Suite.

Rate this Article

Adoption
Style

BT