Logs Router overview

This page describes the Logs Router in Cloud Logging.

How Google Cloud's operations suite routes logs

In Cloud Logging, all logs, including audit logs, platform logs, and user logs, are sent to the Cloud Logging API where they pass through the Logs Router. The Logs Router checks each log entry against existing rules to determine which log entries to discard, which log entries to ingest (store) in Cloud Logging, and which log entries to export using log sinks.

The routing of log entries is illustrated in the following figure:

Figure illustrating how Stackdriver routes logs entries.

Each log entry that is received by Cloud Logging is compared against the exclusion filters and the inclusion filters. These comparisons are independent:

  • To determine if a log entry is exported to a destination, the log entry is compared to the log sink query of an inclusion filter. When a match occurs, the log entry is exported to the sink destination. A log entry might match multiple inclusion filters.

  • To determine if a log entry is discarded or saved in Cloud Logging storage, the log entry is compared to the exclusion filters. If it matches any exclusion filter, the log entry is discarded. Otherwise, the log entry is saved in Cloud Logging storage.

For explanations of the concepts found in the diagram, including logs exclusions and log sinks, read the Cloud Logging documentation.

Logging can only store logs in the project in which they are ingested. You can use Logs Router to export certain logs to supported destinations in other projects, but those logs aren't visible in Logging in those projects. Logging supports three sink destinations: BigQuery, Pub/Sub, and Cloud Storage. Sinks can be set up at the Google Cloud project level, or at the organization or folder levels using aggregated sinks.

To reliably export logs to Cloud Storage, the Logs Router also stores the logs temporarily, which buffers against temporary disruptions on any log sink. Note that the Logs Router's temporary storage is distinct from the longer term storage provided for included log entries.

You can enable customer-managed encryption keys (CMEK) for the Logs Router to help meet your organization's compliance needs. For details, go to Enabling customer-managed encryption keys for Logs Router.