I created a Health Check in my GCP project for http traffic. I wanted to see the logs in Cloud Logging but I cant see any logs related to the created HealthCheck. I have logging enabled in HealthCheck. Can anyone help me?
You can go to Cloud Logging and filter on gcp_health_check resources, like this
You can view your health check logs under Logs explorer in the GCP console.
Check out this documentation for more details.
To see all logs, you can use the following query:
logName="projects/YOUR_PROJECT_ID/logs/compute.googleapis.com%2Fhealthchecks"
Related
I´m trying to figure it out how to detect if someone deactivate the audit logs on GCP.
Right now I´m monitoring audit logs from GCP from different services and this logs are been sent to a SIEM, but if someone deactivate the audit logs option I can not detect it on my SIEM because it stops arriving.
I tried to detect it from the SIEM side and try to alert if the pipelines in this case were empty but it didn´t work. Is there a way to alert on GCP if this logs have been disabled? I searched on internet but I didn´t get anything clear.
Will put my answer here so it's helpful to other people.
Data Audit Logs can be enabled for each service independently. You can do that either from the console (IAM & Admin > Audit Logs > Select Service and Enable Logs).
What way to alert if logs are disabled is to use the API. You can query the Project and see which logs are enabled. Example below using gcloud
➜ ~ gcloud projects get-iam-policy $PROJECT
auditConfigs:
- auditLogConfigs:
- logType: ADMIN_READ
- logType: DATA_READ
- logType: DATA_WRITE
service: storage.googleapis.com
So this can be done either with gcloud wrapped in a script or using the GCP API.
I can see in one of the GCE Instance start up script as
userdel -r userid
due to this user is not able to SSH through browser.
My question is which logs how do we find who has added this startup script to the vm and when?
can we use some logs?
Yes , you can check logs for this in activity log.
you can use below url by replacing your project id.
https://console.cloud.google.com/home/activity?project=
If you want to know who adds a startup script to the VM, you can check the Admin Activity audit logs and the System Event audit logs.
Admin Activity audit logs contain log entries for API calls or other actions that modify the configuration or metadata of resources.
And, System Event audit logs contain log entries for Google Cloud actions that modify the configuration of resources.
Google Cloud services write audit logs that record administrative
activities and accesses within your Google Cloud resources. Audit logs
help you answer "who did what, where, and when?" within your Google
Cloud resources with the same level of transparency as in on-premises
environments. Cloud Audit Logs provides the following audit logs for
each Cloud project, folder, and organization:
Admin Activity audit logs
Data Access audit logs
System Event audit logs
Policy Denied audit logs
The Data Access audit logs can be very useful too, but are disabled by default, Data Access audit logs contain API calls that read the configuration or metadata of resources, as well as user-driven API calls that create, modify, or read user-provided resource data. If you want to enable it, please follow this link.
To view the Audits logs
In the Cloud console, go to the Logging> Logs Explorer page.
Select an existing Cloud project, folder, or organization.
In the Query builder pane, do the following:
In Resource type, select the Google Cloud resource whose audit logs
you want to see.
In Log name, select the audit log type that you want to see:
For Admin Activity audit logs, select activity.
For Data Access audit logs, select data_access.
For System Event audit logs, select system_event.
For Policy Denied audit logs, select policy.
If you don't see these options, then there aren't any audit logs of
that type available in the Cloud project, folder, or organization.
If you want to know more about Audit logs in GCP, please follow this link.
I have a Windows Server 2016 Instance in GCP,
I would like to to view the Event Viewer log or custom log in Google Cloud Logging.
I already install the OpsAgent, configure the default config in C:\Program Files\Google\Cloud Operations\Ops Agent\config\config.yaml and restart the service.
The VM also had Stackdriver Logging API: Write Only &
Stackdriver Monitoring API: Write Only permissions.
I try to restart the IIS, the log is appear in Event Viewer but not in Cloud Logging.
What i need to do to make the logging coming out in Cloud Logging ?
Thank you.
I able to solve my own issues.
Since my default Logs Router _Default is only allowing the log from container.
By create a new Log Router to incude resource.type="gce_instance" resources, I'm able to see the log coming from the Windows instance now.
In CloudRun, my developer can't see the metrics on the CloudRun service dashboard, but they can see the metrics on the metrics dashboard. What policy am I missing?
The CloudRun Dashboard Missing Metrics Charts:
The IAM Policy:
Expected Dashboard:
check if you have a pop-up blocker or any kind of blocker extension
I was able to solve this and get some data on the graphs by granting the user the role of Monitoring Viewer.
Since you already have that, #valentin22 answer might still be worth a try.
I am Filtering an cloud trail to identify events on security groups or on NACL's and cloud watch is giving me alerts. now i want to sort the calls made by an IAM user and calls made by cloud formation scripts.
Is it possible? please help.
Thanks
Got the answer for this..
If we check the logs carefully we get multiple parameters out of which we can go for "sourceIPAddress". if event is because of cloud formation this IP address will get logged as ""cloudformation.amazonaws.com".
Just apply filter on source IP address and its done.
Its working properly.
Thanks