Observability audit logger

JSON representation

{
  "auditID": string,
  "action": string,
  "time": string,
  "user":{
    object
  },
  "resource": string,
  "description": string,
  "sourceIPs": [
    string array
  ],
  "userAgent": string,
  "numBytesSent": integer,
  "numBytesReceived": integer,
  "orgAdminClusterName": string,
  "serviceName": string,
  "_gdch_service_name": string,
  "_gdch_namespace": string,
  "_gdch_tenant_id": string,
  "_gdch_cluster": string,
  "_gdch_fluentbit_pod": string
  "_gdch_org_name": string
  "_gdch_org_id": string
}
Fields
auditID

string

The unique audit identification value generated for each request. For example, "15000"

action

string

The action performed on the resource for the event. For example, "create"

time

string

The time of the action up to milliseconds. For example, "2022-11-30T02:14:33Z"

user

object

Information about the identity and issuer of the authenticated user who performed the action. For example,

{
  "identity":"s:gpc-system:artifact-registry-services-registry-exporter",
  "issuer":"artifact.private.gdc.goog/hra"
}

resource

string

The identification value of the resource. For example, "dataproc-service/private-cloud-devel/dataproc:3.1-dataproc-3"

description

string

A longer description of the nature of the access. The value might be the complete request object.

sourceIPs

string array

The IPs from where the request originated and the intermediate proxies.

userAgent

string

The user agent string reported by the client.

numBytesSent

integer

The number of bytes sent in response for this request.

numBytesReceived

integer

The number of bytes received from this request.

orgAdminClusterName

integer

The name of the org admin cluster that generated the audit log.

serviceName

integer

A short name of the component or service that generated the audit log.

_gdch_service_name

string

A short name of the component or service that generated the audit log.

_gdch_namespace

string

The name of the service namespace.

_gdch_tenant_id

string

The name of the service tenant.

Possible values:

  • "infra-obs"
  • "platform-obs"

_gdch_cluster

string

The name of the Kubernetes cluster producing the successful event. For example, "root-admin"

_gdch_fluentbit_pod

string

The name of the pod collecting audit logs. For example, "anthos-audit-logs-forwarder-wqbg8"

_gdch_org_name

string

The name of the organization. For example, "org-1"

_gdch_org_id

string

The ID of the organization. For example, "org-1.zone1.google.gdch.test"