Things like images, web assets, public data sets, and scripts are in this category. First off, a lot of the data we store we want folks to access, and we don’t need to know who. I worked on a system like this, and when configs were changed in production, we couldn’t track down the person responsible since all the logs showed up as root.ĭata Access Logs are less commonly used for a couple of reasons. I hope no one is still doing this, but ten years ago it was pretty common practice to have a shared admin account used by multiple people. Admin activity logs, like all logs, are only as useful as what you are logging. Most people have some admin activity logging set up. Google Cloud Platform has Data Access Logs for Cloud Storage, Cloud Dataproc, Deployment Manager, Cloud SQL, Compute Engine, and several other products. Data Access Logs are what you’d expect, they record when users access data. Having good admin audit logs allows you to retroactively figure out how a given change was made and often who made it. These may include spinning up new instances, altering the project metadata, enabling APIs, or deploying an application. Admin Activity Logs record the actions of admins on your project.
In this post, I’m focusing on two categories of logs: Admin Activity Logs and Data Access Logs. Terminologyīefore I dive into the how-to, I want to refine my terminology a bit. Please consider this blog post just one of the many things you should be doing regarding logging and monitoring when preparing your projects for the big scary internet.
#Admin activity audit logs professional#
Also, I am not a security professional or a compliance lawyer. Operations and site reliability are not my areas of expertise. This post walks through setting up and using the audit logging capabilities of GCP. But audit logging of some sort is often a good idea, and many of us forget to set it up and verify that we understand the data on a regular basis. If your audit logs are exciting, you are likely having a bad day.
0 kommentar(er)
