Logs Router overview

This page describes the Logs Router in Cloud Logging.

How Google Cloud's operations suite routes logs

In Cloud Logging, all logs, including audit logs, platform logs, and user logs, are sent to the Cloud Logging API where they pass through the Logs Router. The Logs Router checks each log entry against existing rules to determine which log entries to discard, which log entries to ingest (store) in Cloud Logging, and which log entries to route to supported destinations using log sinks.

The following figure illustrates how Cloud Logging routes log entries:

Figure illustrating how Cloud Logging routes logs entries.

Cloud Logging compares each log entry it receives against the Google Cloud project, organization, or the folder’s log sinks, which act independently of each other:

  • Sinks. Cloud Logging compares the log entry against a sink’s filter to determine whether to route the log entry to the sink's destination. Matching log entries are then compared against the sink's exclusion filters to determine whether to discard the log entry or to route it to the sink's destination. Logs sinks can be used to route log entries to supported destinations.

  • Exclusions. By default, every project has a _Default logs sink that routes all logs to be stored in a _Default logs bucket in Cloud Logging. Logs exclusions control the exclusion filters for the _Default log sink and can be used to prevent matching logs from being stored in Cloud Logging by default.

For explanations of the concepts found in the diagram, including logs exclusions and log sinks, read the Cloud Logging documentation.

You can use the Logs Router to route certain logs to supported destinations in other projects. Logging supports the following sink destinations: BigQuery, Pub/Sub, Cloud Storage, and Logs Buckets in Cloud Logging. Sinks can be set up at the Google Cloud project level, or at the organization or folder levels using aggregated sinks.

To reliably export logs to Cloud Storage, the Logs Router also stores the logs temporarily, which buffers against temporary disruptions on any log sink. Note that the Logs Router's temporary storage is distinct from the longer term storage provided by Cloud Logging Logs Buckets.

You can enable customer-managed encryption keys (CMEK) for the Logs Router to help meet your organization's compliance needs. For details, go to Enabling customer-managed encryption keys for Logs Router.