Logs and metrics

This page explains how Certificate Manager logs various types of information about its operation and how to view that information.

Logs

To view Certificate Manager logs, use the Logs Explorer in the Cloud console.

Certificate Manager uses Cloud Logging to capture and store logs. Certificate Manager logging is always enabled and only captures a minimal amount of information specifically related to certificate expiration. The Certificate Manager resource type is certificatemanager.googleapis.com/Project.

You can also capture and retrieve Certificate Manager logs using Cloud Logging. See the documentation for Cloud Logging client libraries for information on how to configure this logging mechanism.

Metrics

This section lists the metrics supported by Certificate Manager. To view Certificate Manager metrics, use the Metrics Explorer in the Cloud console.

Standard metrics

Certificate Manager writes the following standard Cloud Monitoring API metrics:

Metric	Description
`serviceruntime.googleapis.com/api/request_count` Kind: `Delta` Type: `INT64` Unit: `1`	Cumulative count of completed requests. The following labels apply: `protocol` indicates the request's protocol, such as `http` or `grpc`. `response_code` is the HTTP (or equivalent for gRPC) response code for HTTP/gRPC requests. See code list. `response_code_class` is the class (or equivalent for gRPC) of the response code, such as `200` or `400`. `grpc_status_code` is the gRPC response code or its HTTP equivalent. See code list.
`serviceruntime.googleapis.com/api/request_latencies` Kind: `Delta` Type: `DISTRIBUTION` Unit: `Seconds`	Distribution of latencies for non-streaming requests.
`serviceruntime.googleapis.com/api/request_sizes` Kind: `Delta` Type: `DISTRIBUTION` Unit: `Byte`	Distribution of request sizes. Request size is recorded when a request completes.
`serviceruntime.googleapis.com/api/response_sizes` Kind: `Delta` Type: `DISTRIBUTION` Unit: `Byte`	Distribution of response sizes. Response size is recorded when a request completes.

Custom metrics

Additionally, Certificate Manager writes the following custom metrics using the Cloud Monitoring API:

Metric Description

Metric	Description
`certificatemanager.googleapis.com/project/certificates` Kind: `GAUGE` Type: `INT64` Unit: `1`	Number of certificates provisioned within the target Cloud project. The following labels apply: `type` indicates whether the certificate is Google-managed (`MANAGED`) or self-managed (`SELF_MANAGED`). `scope` indicates whether the certificate scope is Cloud Load Balancing (`DEFAULT`) or Media CDN (`EDGE_CACHE`). `is_active` indicates whether the certificate is active. Valid values are `true` and `false`.
`certificatemanager.googleapis.com/map/entries` Kind: `GAUGE` Type: `INT64` Unit: `1`	Number of certificate map entries provisioned within the target Cloud project. The following labels apply: `is_primary` indicates whether the certificate map entry is the primary entry in the certificate map. Valid values are `true` and `false`.

certificatemanager.googleapis.com/project/certificates

Kind: GAUGE
Type: INT64
Unit: 1

Number of certificates provisioned within the target Cloud project. The following labels apply:

type indicates whether the certificate is Google-managed (MANAGED) or self-managed (SELF_MANAGED).
scope indicates whether the certificate scope is Cloud Load Balancing (DEFAULT) or Media CDN (EDGE_CACHE).
is_active indicates whether the certificate is active. Valid values are true and false.

certificatemanager.googleapis.com/map/entries

Kind: GAUGE
Type: INT64
Unit: 1

Number of certificate map entries provisioned within the target Cloud project. The following labels apply:

is_primary indicates whether the certificate map entry is the primary entry in the certificate map. Valid values are true and false.