The tables below list the Google Cloud services that write Admin Activity or Data Access audit logs. GA indicates that a log type is Generally Available for a service; Beta indicates that a log type is available, but might be changed in backward-incompatible ways and isn't subject to any SLA or deprecation policy.
For an overview of how audit logs are formatted, see the
Google Cloud services producing audit logs
G Suite services producing audit logs
|G Suite services with audit logs||Admin
|G Suite Admin Activities||GA||n/a1|
|G Suite Login Audit Activities||n/a7||GA|
|G Suite Enterprise Groups Audit Activities||GA||n/a1|
For additional context, review the G Suite Admin Help article.
1: Data Access audit logs are not written for this service.
2: Audits OAuth 2.0 client IDs and brands.
3: System Event audit logs are also available for this service.
4: BigQuery Data Access audit logs are enabled by default and don't count against your logs allotment.
5: Does not include request/response information.
6: Audits requests to start managed import or export operations. Audit does not include entity-specific read/write logs for those operations.
7: Admin Activity audit logs are not written for this service.
8: If an object ACL is set to public, audit logs are not generated for reads or writes to that object or its ACL.
9: Security Command Center Settings API Admin, Data access Audit logs, and Container Threat Detection are in Beta.