The tables below list the Google Cloud services that write Admin Activity or Data Access audit logs. GA indicates that a log type is Generally Available for a service; Beta indicates that a log type is available, but might be changed in backward-incompatible ways and isn't subject to any SLA or deprecation policy.
For an overview of how audit logs are formatted, see the
Google Cloud services producing audit logs
Google Workspace services producing audit logs
|Google Workspace services with audit logs||Admin
|Google Workspace Admin Activities||GA||n/a1|
|Google Workspace Login Audit Activities||n/a7||GA|
|Google Workspace Enterprise Groups Audit Activities||GA||n/a1|
For additional context, review the Google Workspace Admin Help article.
1: Data Access audit logs are not written for this service.
2: Audits OAuth 2.0 client IDs and brands.
3: System Event audit logs are also available for this service.
4: BigQuery Data Access audit logs are enabled by default and don't count against your logs allotment.
5: Does not include request/response information.
6: Audits requests to start managed import or export operations. Audit does not include entity-specific read/write logs for those operations.
7: Admin Activity audit logs are not written for this service.
8: If an object ACL is set to public, audit logs are not generated for reads or writes to that object or its ACL.
9: Security Command Center Settings API Admin, Data access Audit logs, and Container Threat Detection are in Beta.