Organiza tus páginas con colecciones
Guarda y categoriza el contenido según tus preferencias.
Registro de actividad
En este documento, se describe cómo usar Cloud Logging para registrar actividades con Identity Platform.
Habilita el registro de actividad
El registro de actividad está inhabilitado de forma predeterminada. Puedes habilitar el registro de actividad
mediante la Google Cloud consola o con la API de REST:
Console
Ve a la página Configuración en la Google Cloud consola. Ir a Configuración
En Registro de actividad del usuario, selecciona Habilitar.
Habilita el registro de actividad para los proyectos de usuarios
El registro de actividad de los proyectos de usuario está inhabilitado de forma predeterminada. Para habilitar el registro de actividad de los proyectos de inquilinos con la API de REST, ejecuta el siguiente comando:
Cuando Logging está habilitado, se genera una entrada de registro para cada solicitud del usuario. En cada entrada de registro, se incluyen los siguientes campos:
Selecciona Proyecto de Identity Toolkit o Instancia de Identity Toolkit en el menú desplegable de recursos. Si usas un multiusuario, puedes mostrar todas las instancias o filtrar una específica.
Operaciones registradas
En la siguiente tabla, se muestran las operaciones de API que pueden producir registros de actividad:
Logging te proporciona herramientas para inhabilitar la transferencia de registros o excluir las entradas de registro que no deseas. Para obtener más información sobre cómo excluir ciertos registros, consulta Exclusiones de registros.
En el siguiente ejemplo, se muestra cómo excluir registros en los métodos GetAccountInfo() y GetProjectConfig() de solo lectura:
[[["Fácil de comprender","easyToUnderstand","thumb-up"],["Resolvió mi problema","solvedMyProblem","thumb-up"],["Otro","otherUp","thumb-up"]],[["Difícil de entender","hardToUnderstand","thumb-down"],["Información o código de muestra incorrectos","incorrectInformationOrSampleCode","thumb-down"],["Faltan la información o los ejemplos que necesito","missingTheInformationSamplesINeed","thumb-down"],["Problema de traducción","translationIssue","thumb-down"],["Otro","otherDown","thumb-down"]],["Última actualización: 2025-09-04 (UTC)"],[[["\u003cp\u003eActivity logging, which tracks user requests like registration and sign-in, is disabled by default and can be enabled via the Google Cloud console or REST API.\u003c/p\u003e\n"],["\u003cp\u003eEnabling activity logging for both main and tenant projects is possible, but it can impact billing, so consulting Google Cloud Observability pricing is recommended.\u003c/p\u003e\n"],["\u003cp\u003eActivity logs can be viewed through the Logs Explorer in the Google Cloud console by selecting either "Identity Toolkit Project" or "Identity Toolkit Tenant" in the resource dropdown.\u003c/p\u003e\n"],["\u003cp\u003eEach log entry includes details such as the log name, resource, service name, and the logged request or response (\u003ccode\u003eprotoPayload\u003c/code\u003e).\u003c/p\u003e\n"],["\u003cp\u003eCertain log entries can be excluded from ingestion, for example, logs for the read-only methods \u003ccode\u003eGetAccountInfo()\u003c/code\u003e and \u003ccode\u003eGetProjectConfig()\u003c/code\u003e.\u003c/p\u003e\n"]]],[],null,["# Activity logging\n================\n\nThis document describes how to use Cloud Logging for activity logging with\nIdentity Platform.\n| **Note:** *Activity logging* refers to requests made by your app's users, such as registration or sign-in requests. To log requests made by administrators, see [Audit logging](/identity-platform/docs/audit-logging).\n\nEnabling activity logging\n-------------------------\n\nActivity logging is disabled by default. You can enable activity logging\nthrough the Google Cloud console or by using the REST API: \n\n### Console\n\n1. Go to the **Settings** page in the Google Cloud console. \n\n [Go to Settings](https://console.cloud.google.com/customer-identity/settings) \n\n2. Under **User activity logging** , select **Enable**.\n\n3. Click **Save**.\n\n### REST\n\n```bash\ncurl -d \"{'monitoring':{'requestLogging':{'enabled':true}}}\" \\\n -H \"Authorization: Bearer $(gcloud auth print-access-token)\" \\\n -X PATCH -H 'Content-Type: application/json' \\\n https://identitytoolkit.googleapis.com/admin/v2/projects/PROJECT_ID/config?updateMask=monitoring.requestLogging.enabled\n```\n\nReplace \u003cvar translate=\"no\"\u003ePROJECT_ID\u003c/var\u003e with the project ID.\n\nEnabling activity logging can affect your billing. See\n[Google Cloud Observability pricing](/stackdriver/pricing) to learn more.\n\nEnabling activity logging for tenant projects\n---------------------------------------------\n\nActivity logging for tenant projects is disabled by default. You can enable\nactivity logging for tenant projects, using the REST API, by executing the following command: \n\n```bash\ncurl -d \"{'monitoring':{'requestLogging':{'enabled':true}}}\" \\\n -H \"Authorization: Bearer $(gcloud auth print-access-token)\" \\\n -X PATCH -H 'Content-Type: application/json' \\\n https://identitytoolkit.googleapis.com/v2/projects/PROJECT_ID/tenants/TENANT_ID?updateMask=monitoring.requestLogging.enabled\n```\n\nReplace the following:\n\n- \u003cvar translate=\"no\"\u003ePROJECT_ID\u003c/var\u003e: the project ID.\n- \u003cvar translate=\"no\"\u003eTENANT_ID\u003c/var\u003e: the tenant ID.\n\nEnabling activity logging can affect your billing. See\n[Pricing for Google Cloud Observability](/stackdriver/pricing) to learn more.\n\nViewing activity logs\n---------------------\n\nWhen Logging is enabled, a log entry is generated for each\nuser request. Each log entry includes the following fields:\n\nYou can see your project or tenant's activity logs using the\n[Logs Explorer](/logging/docs/view/logs-explorer-interface). To view logs:\n\n1. In the Google Cloud console, go to the **Logs Explorer** page.\n\n [Go to the Logs Explorer page](https://console.cloud.google.com/logs)\n2. Select **Identity Toolkit Project** or **Identity Toolkit Tenant** from the\n resources dropdown. If you're using [multi-tenancy](/identity-platform/docs/multi-tenancy),\n you can show all tenants, or filter to a specific one.\n\nLogged operations\n-----------------\n\nThe follow table lists the API operations that can produce activity logs:\n\n### Excluding operations\n\nLogging gives you tools to disable log ingestion or exclude log\nentries you don't want. For more information about how to exclude certain logs,\nsee [Logs Exclusions](/logging/docs/exclusions).\n\nThe following example shows how to exclude logs for the read-only\n`GetAccountInfo()` and `GetProjectConfig()` methods: \n\n resource.type=\"identitytoolkit_project\"\n (\n jsonPayload.methodName=\"google.cloud.identitytoolkit.v1.AccountManagementService.GetAccountInfo\"\n OR\n jsonPayload.methodName=\"google.cloud.identitytoolkit.v1.ProjectConfigService.GetProjectConfig\"\n )"]]
