Stay organized with collections
Save and categorize content based on your preferences.
Google Distributed Cloud (GDC) air-gapped appliance provides audit logs to help you maintain security
and compliance. These logs track administrative activities and access to your
GDC resources. You can maintain a record of system
events using audit logs, answering to the question
"who did what, where, and when?" for your system.
This section helps to understand and query audit logs, including descriptions of
the audited operations in GDC and containing examples of
log file entries for components that generate audit logs.
Use this section for reference when constructing
LogQL (Log Query Language)
expressions to search for audit logs. For more information, see
Query and view logs.
The information about audit logs is organized in the following two sections:
Audited components:
Details the key fields in audit logs generated by various
GDC components, with examples for constructing
effective queries for audited operations.
Audit log sources:
Provides a comprehensive view of the JSON structure and field descriptions for
raw audit log entries. Use this information to effectively monitor,
troubleshoot, and audit your environment.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-04 UTC."],[[["\u003cp\u003eAudit logs in Google Distributed Cloud (GDC) air-gapped appliances track administrative activities and accesses to answer "who did what, where, and when?" for security, auditing, and compliance purposes.\u003c/p\u003e\n"],["\u003cp\u003eThis document provides details on audited operations within GDC and examples of log file entries from components that generate audit logs for use with LogQL expressions.\u003c/p\u003e\n"],["\u003cp\u003eYou can find details about meaningful audit log fields and examples for querying GDC components in the "Audited components" section, and information on the JSON format and field descriptions from original log sources in the "Audit log sources" section.\u003c/p\u003e\n"],["\u003cp\u003eA known issue exists where the "View all in Grafana Loki" link in the GDC console incorrectly directs to the \u003ccode\u003eplatform-obs\u003c/code\u003e project instead of \u003ccode\u003einfra-obs\u003c/code\u003e, which can be manually corrected in the URL.\u003c/p\u003e\n"]]],[],null,["# Audit logs overview\n\nGoogle Distributed Cloud (GDC) air-gapped appliance provides audit logs to help you maintain security\nand compliance. These logs track administrative activities and access to your\nGDC resources. You can maintain a record of system\nevents using audit logs, answering to the question\n*\"who did what, where, and when?\"* for your system.\n\nThis section helps to understand and query audit logs, including descriptions of\nthe audited operations in GDC and containing examples of\nlog file entries for components that generate audit logs.\n\nUse this section for reference when constructing\n[LogQL](https://grafana.com/docs/loki/latest/logql/) (Log Query Language)\nexpressions to search for audit logs. For more information, see\n[Query and view logs](/distributed-cloud/hosted/docs/latest/appliance/platform/pa-user/query-and-view-logs).\n\nThe information about audit logs is organized in the following two sections:\n\n- [**Audited components**](/distributed-cloud/hosted/docs/latest/appliance/platform-application/pa-ao-operations/audited-components): Details the key fields in audit logs generated by various GDC components, with examples for constructing effective queries for audited operations.\n- [**Audit log sources**](/distributed-cloud/hosted/docs/latest/appliance/platform-application/pa-ao-operations/audit-log-sources): Provides a comprehensive view of the JSON structure and field descriptions for raw audit log entries. Use this information to effectively monitor, troubleshoot, and audit your environment."]]