System logging protocol (syslog) audit logs

Various components in GDCH produce their audit logs using a standard syslog format according to the RFC-5424 specification. For more information, see https://datatracker.ietf.org/doc/html/rfc5424.

JSON representation

{
  "pid": string,
  "pri": string,
  "hostname": string,
  "ident": string,
  "msgid": string,
  "extradata": string,
  "message": string
}
Fields
pid

string

The process ID of the application that originated the message. For example, "1"

pri

string

Priority value. For example, "46"

hostname

string

The component that originally sent the syslog message. For example, "anthos-audit-logs-forwarder-2kbnd"

ident

string

The device or application that originated the message. For example, "/logging-prober-sidecar"

msgid

string

The type of message. For example, "audit-log"

extradata

string

Additional custom information. For example, "[exampleSDID@20224 iut=\"3\" eventSource=\"Application\" eventID=\"11211\"]"

message

string

A free-form message that provides information about the event. For example,

"{\"time\":\"2024-01-24T17:24:55.076954537Z\",\"auditID\":\"7ab3bf57-67cb-4373-bbf6-b3ad0835cc65\",\"user\":{\"identity\":\"audit-log-writer\"},\"resource\":\"41075\",\"action\":\"-\",\"description\":\"This is a prober testing the functionality of the syslog endpoint\",\"userAgent\":\"audit-log-prober\",\"response\":\"-\",\"_gdch_org\":\"-\",\"_gdch_service\":\"audit-log-prober\"}"