I haven't changed the retention period of _Default and _Required even though I am getting billing for this.
I have checked in the metrics browser global - Log Bytes ingested resources are:
bigquery_dataset, bigquery_dts_config, bigquery_project, bigquery_resource, build, cloud_composer_environment, cloud_dataproc_cluster, cloud_dataproc_job, cloud_function, cloud_run_revision, cloudsql_database, gce_instance, gce_instance_group, gce_target_pool, gce_bucket, gke_nodepool, http_load_balancer, k8s_cluster, k8s_container, k8s_node, k8s_pod, ml_job, uptime_url
Can anyone help me to trace why billing is coming? Thanks
As John Hanley explains in the comments, Google Cloud Platform charges for logging.
In order to disable logging, you have to:
Go to APIs & Services > Library
In the search bar, enter Stackdriver
Disable the API
NOTE: Is it not recomended to disable the Logging API since it's useful for troubleshoot further problems that you may face in the future.
Related
I received an email indicating that my Google Cloud Project have been suspended because I was supposedly mining cryptocurrencies.
My project is a tool like a Calculator and that issue surely isn't possible.
What could be happen?
In order to create a function I hired a programmer on UpWork and give him access to the GCP.
Well, it seems this developer has abused our trust and did something wrong.
What can I do?
Now the project is suspended and any section I try to go in the form "Appeal" appears.
I appealed but I have to wait Google to reply.
How can I check if my project have been used for these bad usages?
I want to cut services the developer could be used or so.
Unfortunately, you must wait for Google’s reply.
AS a recommendation you could review this information to determine if it is intended, Cryptocurrency mining is often an indication of the use of fraudulent accounts and payment instruments, and requires verification in order to mine cryptocurrency in the Cloud Security Help Center.
If you believe your project has been compromised, I recommend that you secure all your instances, which may require uninstalling and then reinstalling your project, you could follow the steps.
To better protect your organization from misconfiguration and access the best of Google's threat detection, you may consider enabling Security Command Center (SCC) for your organization. To learn more about SCC visit.
I developed and support a client's mobile app that uses Firebase services.
Google Cloud Platform logged this event yesterday at 4:17 am:
'<my account email> has executed
google.api.serviceusage.v1.ServiceUsage.EnableService
on stackdriver.googleapis.com'
I was sleeping at the time and a review of Google Admin Console Login Audit Log does not show a login event around that same time.
Immediately, 100% errors were reporting for 'compute':
A look at the Stackdriver API overview page does not give any indication of activity:
My question, my concern, how/why did this service get activated and what is the activity driving the compute errors at 100%?
During my efforts to understand, I clicked on Compute Engine API in the API library, which enabled the API (but no VMs, Disk, etc. were created):
A short time later, Google Cloud Platform has several log entries:
google.devtools.cloudbuild.v1.CloudBuild.ListBuilds
was executed on builds
Number of returned items 1000
The 'compute' errors stopped.
When I disabled the Compute Engine API, the ListBuilds logs stopped, but the Computer Errors returned to 100%.
I have not found a definitive answer to my question.
It's clear that Stackdriver API was enabled, but I don't know why.
When enabled, 100% Compute errors were being reported (orange line on graph) without any details.
While customizing the Google Cloud Platform Dashboard for this account, I toggled/enabled the Compute Engine card/graph hoping that might reveal some clues regarding the 100% errors. That action initialized the Compute Engine API. Almost immediately the Compute errors ended but there was a surge of activity that has continued. Reviewing many resources I found information that suggest this is normal behavior.
I would still like to fully understand how Stackdriver was enabled, why it was enabled, what value it provides, if I can simply disable it and Compute API as this project will never require VM compute services.
GCP suspended my instance on the pretext of mining cryptocurrency on the 3rd of August 2020. In fact, my instance has not been reinstated yet, and I am writing to seek help on the matter.
Details of my instance are:
Machine Type: n1-standard-8 (8 vCPUs, 30 GB memory)
Zone: us-west1-b
Last used on: 3rd August 2020
The two questions I have:1. How do I get my instance reinstated along with its project files? I have submitted an appeal for the same, however, have not received a response.2. What was the issue with my instance? 3. What measures should I take to avoid this situation in the future?
I came across this article on Stack Overflow Google banned the project believing that it has cryptocurrency mining detailing a similar issue but it has no responses.
For further context, this was the email I received from GCP:
We’ve detected that your Google Cloud Project (project id) IP (address not disclosed) is violating the Supplemental Terms and Conditions For Google Cloud Startup Program by engaging cryptocurrency mining, resulting in the suspension of all project resources displaying this behavior.
Abuse Details:
Origin: (project id) / (IP address not disclosed)
Time frame: 2020-08-03 01:35 to 2020-08-03 01:42 (Pacific Time)
Requesting you to help me out with this.
Unfortunately, StackOverflow community can do nothing with such cases, you should wait for response from Google Cloud Support and follow the instructions.
Have a look at the documentation Google Cloud project suspension:
Google Cloud projects may be suspended due to violations of the GCP
ToS, including the Google Cloud Acceptable Use Policy (GCP AUP). When
activities that violate the Google Cloud AUP or ToS are detected in a
project, the project owner has an obligation to fix the violation
immediately. If the violation is not fixed, Google may take action to
suspend the project.
and
To recover a suspended project please fix the issue and follow the
link in the notification email or contact Google support. See the
Policy Violations FAQ for more information on appeal best practices in
case of a Project resource suspension.
More information you can find at Policy Violations FAQ:
What are the best practices for ensuring that my projects are not taken down for abusive activity? Here are some of the best practices
for appealing a warning or avoiding a suspension:
Monitor the relevant email address (the project owner email address) regularly so that you know as soon as your project is warned.
Make sure that emails from google-cloud-compliance#google.com do not go to the spam folder.
Fix the issue as soon as possible. Your email will tell you how you can fix the issue. You have a limited time window to fix the issue as
described in the email.
Ensure that your project does not violate the Google Cloud Platform Terms of Service or Acceptable Use Policy.
Respond to the notification as described above in My project has received a warning. What should I do now?. (Please do not respond
to the email.) Let us know the steps you've taken to fix the issue.
Explain clearly and concisely. Our team needs to know the steps you
took to fix the issue, but we don't need to know the exact code you
used.
If you need help fixing the issue, you can contact support from the Google Cloud Platform Support page.
If you embed the Stackdrvier client library in your application and the Google stack driver API has downtime (Google documentation indicates 99.95% or 21.92 minutes of downtime/month)
My question is: What will happen to my application during the downtime? Will logging info build up in memory? Will it cause application errors or will it discard the log data and continue on?
Logging API downtimes can have different root causes and consequences. Google System Engineers have mechanisms in place to track and take mitigation actions so the downtime and its consequences are minimal but Google cannot guarantee data loss prevention in all outages all the time related to logging API.
Hopefully your application and pipeline can withstand up to (21.56 minutes) expected downtime a month (SLA 99.95%) as per the internal SLOs and SLAs of GCP.
The three scenarios you listed are plausible. In this period, your application sending the logs may have 500 responses from the network so it has to be able to deal with this kind of issue.
If the logging data manages to reach Google's platform but an outage prevents the data to be accessible, then Google's team will try their best to release backlogs, repopulate data, etc. They will post general notice on https://status.cloud.google.com/
If the issue is caused by the logging agent not sending data to our platform, then logging data may not be retrievable (but it could still be an infrastructural outage with one of the GCP products) or linked to something other than an outage like your application or its underlying host running out of resources or the logging agent being corrupted which is not covered by GCP Stackdriver SLA [1].
If the pipeline that ingests data from Logging API is backlogged, it could cause an outage but GCP team will try their best to make the data accessible after the outage ends.
If you suspect issues with Logging API malfunctioning, please contact support or file issue tracker or inspect open issues where Google's product team will provide updates live. Links below:
[1] https://cloud.google.com/stackdriver/sla#sla_exclusions
[2]
create new incident:
https://issuetracker.google.com/issues/new?component=187203&template=0
[3]
open issues:
https://issuetracker.google.com/savedsearches/559764
I have seen some solutions for capturing client-side errors and reporting them to Stackdriver.
Does anybody know if it's possible to utilize Stackdriver in some way to collect page load timing metrics and report those? I couldn't find any example of how I might be able to do that in the documentation.
I believe a better approach is to send these information to your back end and have it forward them to stackdriver.
Otherwise, you have to either share credentials to the client to allow them to hit the stackdriver endpoint or open them as public. These are both horrible as someone could start hammering our logging and hide info/increase cost for you.
If you still want to go the "client logging directly" way, it's simply hitting the monitoring.googleapis.com endpoint with authenticated calls (here the auth is the hard part).