Audit logs record administrative activities and accesses within your Google Distributed Cloud (GDC) air-gapped appliance resources. Audit logs help you answer "who did what, where, and when?" within your system so that your security, auditing, and compliance entities can monitor and troubleshoot issues with data and systems.
This document describes the audited operations in GDC and contains examples of log file entries for components that generate audit logs. Use this document for reference when constructing LogQL (Log Query Language) expressions to search for audit logs stored in the monitoring instance of your project. For information on how to query logs in the monitoring instance, see Query and view logs.
The information about audit log entries is organized in the following two sections:
- Audited components: This section contains a list of the meaningful audit log fields and examples for use in queries of GDC components that audit operations. You can search for logs from these components using LogQL queries in the monitoring instance.
- Audit log sources: This section contains the total JSON representation and a description of the fields generated by the original resources that capture audit logs.
For information about the logging processes in GDC, see Collect and query logs.