This guide provides specific details for using Cloud Audit Logging with the Service Management API. You can find out more about general Cloud Audit Logging concepts and tasks in Cloud Audit Logging.
There are two types of audit logs within Cloud Audit Logging:
- Admin activity logs are entries for operations that modify a service configuration.
- Data access logs are entries for operations that:
- Read a service configuration.
- Create, read, or modify user-provided data.
The Service Management API only creates admin activity logs.
The following Service Management API operations generate admin activity log entries:
- Creating a service
- Deleting a service
- Undeleting a service
- Creating a service configuration
- Submitting a service configuration in source format
- Rolling out a service configuration
The Service Management API logs follow the same format as other Cloud Audit Logging logs, using the AuditLog object and contain:
- The user who made the request, including the email address of that user.
- The resource name on which the request was made.
- The outcome of the request.
Admin activity is logged by default, and does not count towards your log ingestion quota.
The following users can view admin activity logs:
- Project owners, editors, and viewers.
- Users with the Logs Viewer IAM role.
- Users with the
You can view the Cloud Audit Logging logs for your service producer project in the Activity Stream on the Google Cloud Platform Console, as well as more detailed logs in the Logs Viewer. Further instructions on filtering logs in the Logs Viewer can be found in the Cloud Audit Logging documentation.
If desired, you can also export logs.