This page explains how to view the unprotected resource logs created in Cloud Logging. These logs provide information about unprotected resources across backup/recovery appliances.
Permissions and roles
You need the IAM permission roles/logging.viewer
to view the
unprotected resource logs. The Logs Viewer role gives you read-only access to
view unprotected resource logs of all backup/recovery appliances in the specified
project. For more information about the IAM permissions and roles that apply
to unprotected resource logs data, see Access control with IAM.
View unprotected resource logs
You can view Backup and DR unprotected resource logs in Cloud Logging by using the Google Cloud console and the Google Cloud CLI.
Console
In the Google Cloud console, you can use the Logs Explorer to retrieve the Backup and DR unprotected resource log entries for your backup/recovery appliances:
- In the Google Cloud console, go to the Logging > Logs Explorer.
- Select an existing Cloud project.
- In the Query builder pane, select gcb_unprotected_resource from the Select Log name drop-down.
gcloud
The Google Cloud CLI provides a command-line interface to the Cloud Logging API. To read the unprotected resource log entries of backup/recovery appliances in a project, run the following command:
```sh
gcloud logging read "logName : projects/PROJECT_ID/logs/backupdr.googleapis.com%2Fgcb_unprotected_resource" --project=PROJECT_ID
```
Unprotected resource log format
Backup and DR unprotected resource log entries include the following fields:
Field | Description |
---|---|
Appliance ID | The ID of the appliance on which the resource is discovered. |
Discovered on | The date when the resource was first discovered. |
Discovered by | The name of the appliance on which the resource is discovered. |
Host ID | The host ID associated with the resource. |
Hostname | The hostname associated with the resource. |
Instance name | The name of the database instance. If the resource is not of the database type, it shows N/A. |
Resource ID | The ID of the resource. |
Resource name | The name of the resource. |
Resource type | The type of resource, for example, Compute Engine instance, Google Cloud VMware Engine, file system, or database. |
The following sample is an example log entry logged on a backup/recovery appliance sky-full-82959
.
{
"insertId": "55552852_145719527555",
"jsonPayload": {
"host_name": "host4",
"resource_id": "55552852",
"host_id": "55550547",
"instance_name": "NA",
"discovered_on": "2024-07-02T13:59:46.795078Z",
"resource_type": "FileSystem",
"resource_name": "/boot/efi",
"discovered_by": "sky-full-82959",
"appliance_id": "145719527555"
},
"resource": {
"type": "backupdr.googleapis.com/ManagementConsole",
"labels": {
"resource_container": "projects/myproject",
"location": "us-central1",
"management_server_id": "my-management-server-id"
}
},
"timestamp": "2024-07-24T10:11:14.984Z",
"logName": "projects/project_ID/logs/backupdr.googleapis.com%2Fgcb_unprotected_resource",
"receiveTimestamp": "2024-07-24T10:16:16.320083904Z"
}
Sample queries
To view selected logs, you can write custom queries in the query section.
Use the following query to view all the unprotected resource logs for a given PROJECT_ID:
logName="projects/PROJECT_ID/logs/backupdr.googleapis.com%2Fgcb_unprotected_resource"
If you are looking for the unprotected data logs associated with a particular resource.
logName="projects/PROJECT_ID/logs/backupdr.googleapis.com%2Fgcb_unprotected_resource"
jsonPayload.resource_name="resource_name"
If you are looking for the unprotected resource logs associated with a particular resource type.
logName="projects/PROJECT_ID/logs/backupdr.googleapis.com%2Fgcb_unprotected_resource"
jsonPayload.resource_type="resource_type"
If you are looking for the unprotected resource logs associated with a particular host.
logName="projects/PROJECT_ID/logs/backupdr.googleapis.com%2Fgcb_unprotected_resource"
jsonPayload.host_name="host_name"
What's next
- To configure log-based alerts for Backup and DR Service, create a log query, using the filter unprotected resource logs, and then Configure log-based alerts.