Stay organized with collections
Save and categorize content based on your preferences.
Various components in GDC produce their audit logs using a standard syslog format according to the RFC-5424 specification. For more information, see https://datatracker.ietf.org/doc/html/rfc5424.
The process ID of the application that originated the message. For example, "1"
pri
string
Priority value. For example, "46"
hostname
string
The component that originally sent the syslog message. For example, "anthos-audit-logs-forwarder-2kbnd"
ident
string
The device or application that originated the message. For example, "/logging-prober-sidecar"
msgid
string
The type of message. For example, "audit-log"
extradata
string
Additional custom information. For example, "[exampleSDID@20224 iut=\"3\" eventSource=\"Application\" eventID=\"11211\"]"
message
string
A free-form message that provides information about the event. For example,
"{\"time\":\"2024-01-24T17:24:55.076954537Z\",\"auditID\":\"7ab3bf57-67cb-4373-bbf6-b3ad0835cc65\",\"user\":{\"identity\":\"audit-log-writer\"},\"resource\":\"41075\",\"action\":\"-\",\"description\":\"This is a prober testing the functionality of the syslog endpoint\",\"userAgent\":\"audit-log-prober\",\"response\":\"-\",\"_gdch_org\":\"-\",\"_gdch_service\":\"audit-log-prober\"}"
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-04 UTC."],[[["GDC components generate audit logs in a standard syslog format, adhering to the RFC-5424 specification."],["The audit logs are represented in JSON format, containing fields like `pid`, `pri`, `hostname`, `ident`, `msgid`, `extradata`, and `message`."],["The `message` field contains a free-form text message that includes detailed information about the event, such as time, audit ID, user, and resource."],["The `hostname` field indicates the component that originally sent the message, whereas `ident` specifies the device or application source."],["The field `msgid` specify the type of the message that is being logged, for example \"audit-log\"."]]],[]]
