Stay organized with collections
Save and categorize content based on your preferences.
Various components in GDC produce their audit logs using a standard syslog format according to the RFC-5424 specification. For more information, see https://datatracker.ietf.org/doc/html/rfc5424.
The process ID of the application that originated the message. For example, "1"
pri
string
Priority value. For example, "46"
hostname
string
The component that originally sent the syslog message. For example, "anthos-audit-logs-forwarder-2kbnd"
ident
string
The device or application that originated the message. For example, "/logging-prober-sidecar"
msgid
string
The type of message. For example, "audit-log"
extradata
string
Additional custom information. For example, "[exampleSDID@20224 iut=\"3\" eventSource=\"Application\" eventID=\"11211\"]"
message
string
A free-form message that provides information about the event. For example,
"{\"time\":\"2024-01-24T17:24:55.076954537Z\",\"auditID\":\"7ab3bf57-67cb-4373-bbf6-b3ad0835cc65\",\"user\":{\"identity\":\"audit-log-writer\"},\"resource\":\"41075\",\"action\":\"-\",\"description\":\"This is a prober testing the functionality of the syslog endpoint\",\"userAgent\":\"audit-log-prober\",\"response\":\"-\",\"_gdch_org\":\"-\",\"_gdch_service\":\"audit-log-prober\"}"
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-07 UTC."],[[["\u003cp\u003eGDC components generate audit logs in a standard syslog format, adhering to the RFC-5424 specification.\u003c/p\u003e\n"],["\u003cp\u003eThe audit logs are represented in JSON format, containing fields like \u003ccode\u003epid\u003c/code\u003e, \u003ccode\u003epri\u003c/code\u003e, \u003ccode\u003ehostname\u003c/code\u003e, \u003ccode\u003eident\u003c/code\u003e, \u003ccode\u003emsgid\u003c/code\u003e, \u003ccode\u003eextradata\u003c/code\u003e, and \u003ccode\u003emessage\u003c/code\u003e.\u003c/p\u003e\n"],["\u003cp\u003eThe \u003ccode\u003emessage\u003c/code\u003e field contains a free-form text message that includes detailed information about the event, such as time, audit ID, user, and resource.\u003c/p\u003e\n"],["\u003cp\u003eThe \u003ccode\u003ehostname\u003c/code\u003e field indicates the component that originally sent the message, whereas \u003ccode\u003eident\u003c/code\u003e specifies the device or application source.\u003c/p\u003e\n"],["\u003cp\u003eThe field \u003ccode\u003emsgid\u003c/code\u003e specify the type of the message that is being logged, for example "audit-log".\u003c/p\u003e\n"]]],[],null,[]]
