Using Logging Tools
Cloud Audit Logs
This course looks at how to use and manage cloud logging on the GCP platform and includes demos from GCP that you can follow along with.
We'll cover writing and listing log entries using gcloud, how you can use the API Explorer to list log entries, and how you can view logs and query log entries using Logs Explorer. We'll then move on to cloud audit logs including an overview of the different types of logs, as well as looking at audit log retention, and how you can view audit logs and export audit logs.
- Write and list log entries with gcloud
- List log entries using API explorer
- View logs in the Logs Explorer
- Learn how to view, export, and retain audit logs
This course is intended for anyone who wants to learn how to use and manage cloud logging on the GCP platform.
To get the most out of this course, you should already have a basic understanding of GCP and know your way around the platform.
Hello, and welcome to Viewing Logs in the Logs Explorer. Now, Logs Explorer is a another tool that you can use when working with logs. In this quick demonstration here, I just want to show you how you can use Logs Explorer to view different logs.
Now on the screen here, I'm logged into my Google cloud platform console here, and I'm in the Logs Explorer tool. Now I get to this, what I'll show you here is we go to the navigation menu, and then we scroll down. You'll see under Operations here, we have Logging and then Logs Explorer. So let's bounce it back out to it. And that's where we're at.
Now, what we're going to do here is simply perform a query to retrieve some information about our environment. Now, from this Logs Explorer pane, we have this query builder here. We have some recent queries, some saved queries, and some suggested queries, or really no suggested queries, and no saved queries.
What we'll do here, just to demonstrate the use of Log Explorer is run a query to pull up some information. So from this query builder, what we'll do is select the resource we're interested in. In this case, we're interested in VM instances. So we'll select VM Instance. And then we'll look at a specific instance ID. This is a specific VM that got spun up at some point.
So we'll go ahead and add this in. And what this does is construct a query that we can use to look at the logs related to this particular instance. Once we have our query here built, what we can do is run the query. Now you'll notice we have no data found, and that's because if we look at the time here, the query results are showing logs for the last hour. I haven't done anything with this in the last hour.
So what we'll do is we'll edit the time here. And what we'll do is we're going to enter a custom range here. I'll just go back to the beginning of January, because to be honest, I'm not quite sure when I created this VM. So now we're looking at a start time of 1/1 and an end time of 1/20. So we'll go ahead and apply this. And what this is going to do is pull up any results for this VM within that time period. And you can already see, we have information coming up.
If we expand on one of these results here, we can see information about this particular logging. If we expand the other one here, we again get more information. And we can expand these out individually as well. Now, if I go over to VM Instance, what it's going to do is pull out information specifically related to VM instance.
For example, if I expand this record here, I can see that we tried to deploy a VM instance that wasn't included with the free trial. So it was telling me I had to enable billing for the account to create that Windows VM instance. And then what I can do is expand these other records as well. And this is how I pull information out of Logs Explorer related to the logs for my different resources.
If we expand the VM instance here, we go back to this page here where we can look at the query results. And then we can also filter on severity. We can clear this, and then we can look at just the errors. And then if we clear out the VM instance resource type, and the error severity, we get back to the entire list of records that were pulled out of logging.
So that's how you can go in and run a query to view the logs in Logs Explorer.
Tom is a 25+ year veteran of the IT industry, having worked in environments as large as 40k seats and as small as 50 seats. Throughout the course of a long an interesting career, he has built an in-depth skillset that spans numerous IT disciplines. Tom has designed and architected small, large, and global IT solutions.
In addition to the Cloud Platform and Infrastructure MCSE certification, Tom also carries several other Microsoft certifications. His ability to see things from a strategic perspective allows Tom to architect solutions that closely align with business needs.
In his spare time, Tom enjoys camping, fishing, and playing poker.