Stackdriver Logging Flashcards
What is cloud logging
Provides:
Storage for logs
User interface called the Logs Viewer
API to manage logs programmatically
Logging lets you read and write log entries, search and query your logs, export your logs, and create logs-based metrics.
Whom are logs created for
Logs are associated primarily with Google Cloud projects, although other resources, such as organizations, folders, and billing accounts, can also have logs
Logs Viewer
The Logs Viewer shows only the logs from one project, but using the Logging API, you can read log entries across multiple resources.
Log entries
A log entry records status or an event. The entry might be created by Google Cloud services, AWS services, third-party applications, or your own applications.
Creation of log entries
Created:
When services that routinely produce log entries are used, like Compute Engine or BigQuery.
When you connect the operations suite to AWS
When you install the Logging agent on your VM instances
When you call the entries.write method in the Logging API.
Payload
The “message” the log entry carries is called the “payload”; it can be a simple string or structured data.
Logs
A log is a named collection of log entries within a Google Cloud resource. Each log entry includes the name of its log. A log name can be a simple identifier, like syslog, or a structured name including the log’s writer, like compute.googleapis.com/activity. Logs exist only if they have log entries.
Retention period for logs
Log entries are held in Cloud Logging for a limited time known as the retention period. After that, the entries are deleted. If you want to keep your log entries longer, export them outside of Cloud Logging.
Monitored resources
Each log entry indicates where it came from by including the name of a monitored resource
Logging queries
An advanced query is a filter expression in the Logging query language. It is used in the Logs Viewer and the Logging API to select log entries, such as those from a particular VM instance or those arriving in a particular time period with a particular severity level.
Logs router
The Logs Router checks each log entry against existing rules to determine which log entries to ingest (store), which log entries to include in exports, and which log entries to discard.
All logs, including audit logs, platform logs, and user logs, are sent to the Cloud Logging API where they pass through the Logs Router.
Exporting logs using sinks
Log entries received by Logging can be exported to Cloud Storage buckets, BigQuery datasets, and Pub/Sub topics by configuring log sinks, which then continue to export log entries as they arrive in Logging. A sink includes a destination and a query that selects the log entries to export.
Logs-based Metric
A logs-based metric is a metric whose value is the number of log entries that match a query that you specify.
Audit logs
Google Cloud services write audit logs to record certain administrative or user actions on Google Cloud resources. Audit logs appear in the Logs Viewer alongside other logs.
Helps answer the questions of “who did what, where, and when?” within your Google Cloud resources.
Requires Cloud IAM role Logging/Logs Viewer or Project/Viewer.
Access control for logs
The ability to access Logging logs is controlled by granting Cloud Identity and Access Management permissions to members.
IAM Viewer role - To read all logs
Cloud IAM Owner role - To read data access audit logs or access transparency logs
