Skip to content

Google Cloud logging

This document provides an overview of Logs Explorer in the Google Cloud Platform (GCP) console. You can retrieve, inspect, and analyze log data using the Logs Explorer in the Google Cloud console. You can locate and inspect your logs in the Logs Explorer to help you address any issues you encounter.

Prerequisites

  • You should have access to the Google Cloud Console (console.cloud.google.com) with your GCP account credentials.
  • You must have a valid GCP account with the necessary permissions to access Compute Engine instances and view logs.
  • Logging should be enabled for your Compute Engine instance. By default, Compute Engine instances have basic logging enabled, but you may need to configure additional logging options or log types depending on your specific requirements.

Required roles

It's important to ensure that you have the appropriate roles assigned to your Google Cloud Platform (GCP) account to access and view logs effectively. Here's a summary of the required roles:

  • Logs Viewer (roles/logging.viewer): To view all logs in the _Required bucket and logs in the _Default view on the _Default bucket, you need the Logs Viewer role. This role allows you to access and view logs in the Logs Explorer.
  • Private Logs Viewer (roles/logging.privateLogViewer): To view all logs in the _Required and _Default buckets, including data access logs, you require the Private Logs Viewer role. This role grants access to view logs stored in these buckets, including sensitive or private logs.
  • Logs View Accessor (roles/logging.viewAccessor): If you want to view logs stored in a log view on a user-defined log bucket, you need the Logs View Accessor role. The role should include a condition that provides access to the specific log view. Without any conditions attached, the Logs View Accessor role allows viewing logs stored in any log view on user-defined log buckets.
  • Logs Field Accessor (roles/logging.fieldAccessor): To view restricted LogEntry fields in a bucket, you must have the Logs Field Accessor role. This role grants access to view specific fields within logs that might have field-level access configured.

To assign roles to your account or manage IAM permissions, you can use the Google Cloud Console or the gcloud command-line tool.

Logs Explorer

Logs Explorer serves as a useful tool for retrieving, viewing, and analyzing log data in the Google Cloud Platform (GCP).

To generate logs from the Google Cloud Console, you can follow these steps:

  1. Log in to Google Cloud console and navigate to the Compute Engine section from the main menu.
  2. Locate the specific Compute Engine instance where you deploy your CDC agent. Click on the name or ID of the Compute Engine instance to access its details and configuration.
  3. Within the instance details page, look for a subsection or tab called Logs. It may be located under the Monitoring or Logging section.
  4. Once you find the Logs subsection, click on the option labeled Logging or View Logs. This action will open a new tab or window to the Logs Explore in the Google Cloud Console.
  5. The Logs Explorer will automatically filter down to the logs specific to the instance you selected. You can further refine the log view by applying filters, searching for specific log entries, or adjusting the time range.

Log Explorer