Stay organized with collections
Save and categorize content based on your preferences.
This page explains how to view the protected resource logs created in
Cloud Logging for backup/recovery appliances. These logs provide information
about the number of applications and virtual machines (VMs) protected in an
appliance. These logs are generated once every eight hours.
Permissions and roles
You need the IAM permission roles/logging.viewer
to view the protected resource logs. The Logs Viewer role gives you read-only
access to view protected resource logs of all backup/recovery appliances in the
specified project. For more information about the IAM
permissions and roles that apply to protected resource logs data, see
Access control with IAM.
View protected resource logs
You can view Backup and DR protected resource logs in Cloud Logging by
using the Google Cloud console and the Google Cloud CLI.
Console
In the Google Cloud console, you can use the Logs Explorer to retrieve the
Backup and DR protected resource log entries for your
backup/recovery appliances:
In the Google Cloud console, go to the Logging > Logs Explorer.
Select an existing Cloud project.
In the Query builder pane, select gcb_protected_resource
from the Select Log name drop-down.
gcloud
The Google Cloud CLI provides a command-line interface to the Cloud Logging API.
To read your protected resource log entries of backup/recovery appliances in a
project, run the following command:
Backup and DR protected resource log entries include the following fields:
Field
Description
Appliance name
The name of the appliance associated with the resource.
Resource name
The name of the resource.
Host ID
The host ID associated with the resource.
Hostname
The hostname associated with the resource.
Resource ID
The resource ID.
Resource type
The type of resource, for example, Compute Engine instance, Google Cloud VMware Engine, file system, or database.
Protected on
The date when the resource was protected.
Source appliance
The source appliance where the backup is taken.
Remote appliance
The remote appliance where the backup is replicated.
Backup plan restrictions
The restrictions applied to a backup plan. The restrictions can be
scheduler disabled, expiration disabled, snapshots disabled,
streamsnap disabled, OnVault disabled,
or process latest snapshot.
Backup inclusion or exclusion
The volumes or databases that are included or excluded for virtual machines or database instances.
Appliance ID
The appliance ID associated with the protected resource.
Source appliance ID
The source appliance ID associated with the protected resource.
Remote appliance ID
The remote appliance ID associated with the protected resource.
Protected data (GiB)
The size of the protected data.
Backup template
The name of the backup template used to protect the application.
Backup template ID
The template ID associated with the protected application.
OnVault (GiB)
The size of data protected using OnVault pool.
Recovery point
The timestamp when the last successful backup was taken.
Policy overrides
The policy overrides that are set at the backup template level.
SLA ID
The protection ID associated with the resource.
The following sample is an example log entry logged on a backup/recovery appliance
baname-417-ba-12092 for a Compute Engine instance.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-04 UTC."],[[["\u003cp\u003eThis document explains how to access and view protected resource logs for backup/recovery appliances within Cloud Logging, which contain details about the applications and virtual machines (VMs) being protected.\u003c/p\u003e\n"],["\u003cp\u003eTo view these logs, you'll need the \u003ccode\u003eroles/logging.viewer\u003c/code\u003e IAM permission, which grants read-only access to protected resource logs across all backup/recovery appliances in the specified project.\u003c/p\u003e\n"],["\u003cp\u003eProtected resource logs can be accessed via the Google Cloud console's Logs Explorer by selecting the \u003ccode\u003egcb_protected_resource\u003c/code\u003e log name, or through the Google Cloud CLI using a specific \u003ccode\u003egcloud logging read\u003c/code\u003e command.\u003c/p\u003e\n"],["\u003cp\u003eEach log entry includes a variety of fields, such as appliance name, resource type, protection status, backup plan details, and protected data size, among others.\u003c/p\u003e\n"],["\u003cp\u003eYou can use specific queries to filter the logs, for example, search logs for specific appliances, resources, host names, and template names.\u003c/p\u003e\n"]]],[],null,["# Protected resource logs\n\nThis page explains how to view the protected resource logs created in\nCloud Logging for backup/recovery appliances. These logs provide information\nabout the number of applications and virtual machines (VMs) protected in an\nappliance. These logs are generated once every eight hours.\n\nPermissions and roles\n---------------------\n\nYou need the [IAM](/iam/docs) permission `roles/logging.viewer`\nto view the protected resource logs. The Logs Viewer role gives you read-only\naccess to view protected resource logs of all backup/recovery appliances in the\nspecified project. For more information about the IAM\npermissions and roles that apply to protected resource logs data, see\n[Access control with IAM](/logging/docs/access-control).\n\nView protected resource logs\n----------------------------\n\nYou can view Backup and DR protected resource logs in Cloud Logging by\nusing the Google Cloud console and the Google Cloud CLI. \n\n### Console\n\nIn the Google Cloud console, you can use the **Logs Explorer** to retrieve the\nBackup and DR protected resource log entries for your\nbackup/recovery appliances:\n\n1. In the Google Cloud console, go to the **Logging** \\\u003e **Logs Explorer**.\n2. Select an existing Cloud project.\n3. In the **Query builder** pane, select **gcb_protected_resource** from the **Select Log name** drop-down.\n\n### gcloud\n\nThe Google Cloud CLI provides a command-line interface to the Cloud Logging API.\nTo read your protected resource log entries of backup/recovery appliances in a\nproject, run the following command: \n\n ```sh\n gcloud logging read \"logName : projects/\u003cvar translate=\"no\"\u003ePROJECT_ID\u003c/var\u003e/logs/backupdr.googleapis.com%2Fgcb_protected_resource\" --project=\u003cvar translate=\"no\"\u003ePROJECT_ID\u003c/var\u003e\n ```\n\nProtected resource log format\n-----------------------------\n\nBackup and DR protected resource log entries include the following fields:\n\nThe following sample is an example log entry logged on a backup/recovery appliance\n`baname-417-ba-12092` for a Compute Engine instance. \n\n {\n \"insertId\": \"5614471_142862358970\",\n \"jsonPayload\": {\n \"protected_on\": \"2024-02-27T01:16:28.357675\",\n \"host_id\": \"11072\",\n \"sla_id\": \"12241\",\n \"onvault_in_gib\": 0,\n \"appliance_id\": \"142862358970\",\n \"protected_data_in_gib\": 20,\n \"remote_appliance\": \"ironman-417-ba-12092\",\n \"source_appliance\": \"ironman-417-ba-12092\",\n \"recovery_point\": \"2024-03-12T11:13:45.574\",\n \"backup_plan_policy_template_id\": \"11892\",\n \"resource_type\": \"GCPInstance\",\n \"backup_inclusion_or_exclusion\": \"NA\",\n \"resource_name\": \"test-instance-129\",\n \"resource_id\": \"11073\",\n \"backup_plan_restrictions\": \"NA\",\n \"policy_overrides\": \"NA\",\n \"host_name\": \"test-instance-129\",\n \"source_appliance_id\": \"142862358970\",\n \"backup_plan_policy_template\": \"30-min-schedule-continuous\",\n \"remote_appliance_id\": \"142862358970\",\n \"appliance_name\": \"ironman-417-ba-12092\"\n },\n \"resource\": {\n \"type\": \"backupdr.googleapis.com/ManagementConsole\",\n \"labels\": {\n \"resource_container\": \"projects/xxxxxxxxxxxx\",\n \"location\": \"us-central1\",\n \"management_server_id\": \"xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx\"\n }\n },\n \"timestamp\": \"2024-03-12T11:15:42.138Z\",\n \"logName\": \"projects/project_ID/logs/backupdr.googleapis.com%2Fgcb_protected_resource\",\n \"receiveTimestamp\": \"2024-03-12T11:17:56.894501906Z\"\n }\n\nSample queries\n--------------\n\nTo view selected logs, you can write custom queries in the query section.\n\nUse the following query to view all the protected resource logs for a given \u003cvar translate=\"no\"\u003ePROJECT_ID\u003c/var\u003e: \n\n logName=\"projects/\u003cvar translate=\"no\"\u003ePROJECT_ID\u003c/var\u003e/logs/backupdr.googleapis.com%2Fgcb_protected_resource\"\n\nIf you are looking for protected resource logs with a backup policy template name. \n\n logName=\"projects/\u003cvar translate=\"no\"\u003ePROJECT_ID\u003c/var\u003e/logs/backupdr.googleapis.com%2Fgcb_protected_resource\"\n jsonPayload.backup_plan_policy_template\"\u003cvar translate=\"no\"\u003ebackup_plan_policy_template\u003c/var\u003e\"\n\nIf you are looking for protected resource logs associated with a backup/recovery appliance. \n\n logName=\"projects/\u003cvar translate=\"no\"\u003ePROJECT_ID\u003c/var\u003e/logs/backupdr.googleapis.com%2Fgcb_protected_resource\"\n jsonPayload.appliance_name=\"\u003cvar translate=\"no\"\u003eappliance_name\u003c/var\u003e\"\n\nIf you are looking for the protected resource logs associated with a particular resource. \n\n logName=\"projects/\u003cvar translate=\"no\"\u003ePROJECT_ID\u003c/var\u003e/logs/backupdr.googleapis.com%2Fgcb_protected_resource\"\n jsonPayload.resource_name=\"\u003cvar translate=\"no\"\u003eresource_name\u003c/var\u003e\"\n\nIf you are looking for protected resource logs associated with a specific host. \n\n logName=\"projects/\u003cvar translate=\"no\"\u003ePROJECT_ID\u003c/var\u003e/logs/backupdr.googleapis.com%2Fgcb_protected_resource\"\n jsonPayload.host_name=\"\u003cvar translate=\"no\"\u003ehostname\u003c/var\u003e\"\n\nWhat's next\n-----------\n\n- To configure log-based alerts for Backup and DR Service, create a log query, using the [filter protected resource logs](#log), and then [Configure log-based alerts](/backup-disaster-recovery/docs/configure-alerts)."]]