Backups ensure that audit logs are preserved even if the original data is lost or corrupted, helping meet requirements and letting you recover information in case of system failures or accidental deletions. Restored audit logs provide access to historical data, enabling analysis of past events, security incidents, and user activity.
Implementing a backup and restore process for audit logs is beneficial for maintaining data integrity, ensuring compliance, and enabling historical analysis.
You can secure audit logs from your Google Distributed Cloud (GDC) air-gapped environment in remote backup buckets to preserve and restore data when necessary. This process is handled by Infrastructure Operators (IOs) who install and configure the necessary components to recover historical audit logs from those backups.
Identify the source bucket
You must identify the source GDC bucket that contains the original audit logs you want to secure.
To get the permissions you need to view platform audit logs buckets, ask your
Organization IAM Admin to grant you the Audit Logs Platform Bucket Viewer
(audit-logs-platform-bucket-viewer) role in the Management API server in the
audit-logs-loki-pa-buckets namespace.
You must share with the IO the name and endpoint of the bucket that contains the logs you want to secure. To learn how to view bucket configurations, see List and view storage bucket configurations.
Contact your IO to create a backup and restore audit logs
To request a backup and restore process for audit logs, contact your Infrastructure Operator (IO) and provide them with the backup bucket's endpoint and access credentials. You are responsible for ensuring the IO gets these permissions upon request.
To learn how to grant access, see Grant and revoke access.