Audit Log Retention
Start course

This course looks at how to use and manage cloud logging on the GCP platform and includes demos from GCP that you can follow along with.

We'll cover writing and listing log entries using gcloud, how you can use the API Explorer to list log entries, and how you can view logs and query log entries using Logs Explorer. We'll then move on to cloud audit logs including an overview of the different types of logs, as well as looking at audit log retention, and how you can view audit logs and export audit logs.

Learning Objectives

  • Write and list log entries with gcloud
  • List log entries using API explorer
  • View logs in the Logs Explorer
  • Learn how to view, export, and retain audit logs

Intended Audience

This course is intended for anyone who wants to learn how to use and manage cloud logging on the GCP platform.


To get the most out of this course, you should already have a basic understanding of GCP and know your way around the platform.


Hello, and welcome to Audit log retention. As we wind things down here, let’s take a look at how long audit logs can be retained.

By default, individual audit log entries are only retained for a certain amount of time, depending on the type of log. When that time expires, the logs are deleted. 

The table on your screen shows the retention period for each log type. Notice the Admin Activity logs are retained for 400 days, while Data Access logs are only retained for 30 days. Like the Admin Activity logs, System Event audit logs are held for 400 days before being deleted, while Policy Denied logs are deleted after just 30 days.

Notice that some of these logs can be configured with custom retention settings, while some cannot. For logs that allow a configurable retention period, you can configure Cloud Logging to retain them for between 1 and 3650 days.

Now, I should also mention that if you need to keep these audit logs for a longer period of time than what is allowed, you can export them just like any other Logging log entries. Exporting them allows you to retain them for as long as you need to.

About the Author
Learning Paths

Tom is a 25+ year veteran of the IT industry, having worked in environments as large as 40k seats and as small as 50 seats. Throughout the course of a long an interesting career, he has built an in-depth skillset that spans numerous IT disciplines. Tom has designed and architected small, large, and global IT solutions.

In addition to the Cloud Platform and Infrastructure MCSE certification, Tom also carries several other Microsoft certifications. His ability to see things from a strategic perspective allows Tom to architect solutions that closely align with business needs.

In his spare time, Tom enjoys camping, fishing, and playing poker.