Google Cloud Cloud/Key activity logging
up vote
1
down vote
favorite
I have just recently started to work with Google Cloud and I am trying to wrap my head around some of its inner workings, mainly the audit logging part.
What I want do is get the log activity from when my keys are used for anything and also when someone actually logged into the Google Console Cloud (it could be the Key Vault or the Key Ring, too).
I have been using power shell to extract these logs using gcloud read logging and this is where I start to doubt whether I have the right place. I will explain:
I have created new keys and I see in the Activity Panel this action, and I can already extract this through gcloud read logging resource.type=cloudkms_cryptokey (there could be a typo on the command line, since I am writing it from the top of my head, sorry for that!).
Albeit I have this information, I am rather curious if this is the correct course of action here. I saw the CreateCryptoKey and SetIamPolicy methods on my logs, alright, but am I going to see all actions related to these keys? By reading the GCloud docs, I feel as though I am only getting some of the actions?
As I have said, I am trying to work my way around the GCloud Documentation, but it is such an overwhelming amount of information that I am not really getting the proper answer I am looking for, this is why I thought about resorting to this community.
So, to summarize, am I getting all the information related to my keys the way I am doing right now? And what about the people that have access to the Google Cloud Console page, is there a way to find who accessed it and which part (Crypto Keys page, Crypto Vault page for example)? That's something I have not understood from the docs as well, sadly. Perhaps someone could show me the proper page where I can make references to what I am looking for? Because the Cloud Audit Logging page doesn't feel totally clear to me on this front (and I assume I could be at fault here, these past weeks have been harsh!)
Thanks for anyone that takes some time to answer my question!
google-cloud-platform google-cloud-logging google-cloud-kms asked Nov 20 at 0:04
Kazimirz
63
add a comment |
up vote
1
down vote
favorite
I have just recently started to work with Google Cloud and I am trying to wrap my head around some of its inner workings, mainly the audit logging part.
What I want do is get the log activity from when my keys are used for anything and also when someone actually logged into the Google Console Cloud (it could be the Key Vault or the Key Ring, too).
I have been using power shell to extract these logs using gcloud read logging and this is where I start to doubt whether I have the right place. I will explain:
I have created new keys and I see in the Activity Panel this action, and I can already extract this through gcloud read logging resource.type=cloudkms_cryptokey (there could be a typo on the command line, since I am writing it from the top of my head, sorry for that!).
Albeit I have this information, I am rather curious if this is the correct course of action here. I saw the CreateCryptoKey and SetIamPolicy methods on my logs, alright, but am I going to see all actions related to these keys? By reading the GCloud docs, I feel as though I am only getting some of the actions?
As I have said, I am trying to work my way around the GCloud Documentation, but it is such an overwhelming amount of information that I am not really getting the proper answer I am looking for, this is why I thought about resorting to this community.
So, to summarize, am I getting all the information related to my keys the way I am doing right now? And what about the people that have access to the Google Cloud Console page, is there a way to find who accessed it and which part (Crypto Keys page, Crypto Vault page for example)? That's something I have not understood from the docs as well, sadly. Perhaps someone could show me the proper page where I can make references to what I am looking for? Because the Cloud Audit Logging page doesn't feel totally clear to me on this front (and I assume I could be at fault here, these past weeks have been harsh!)
Thanks for anyone that takes some time to answer my question!
google-cloud-platform google-cloud-logging google-cloud-kms asked Nov 20 at 0:04
Kazimirz
63
add a comment |
up vote
1
down vote
favorite
up vote
1
down vote
favorite
I have just recently started to work with Google Cloud and I am trying to wrap my head around some of its inner workings, mainly the audit logging part.
What I want do is get the log activity from when my keys are used for anything and also when someone actually logged into the Google Console Cloud (it could be the Key Vault or the Key Ring, too).
I have been using power shell to extract these logs using gcloud read logging and this is where I start to doubt whether I have the right place. I will explain:
I have created new keys and I see in the Activity Panel this action, and I can already extract this through gcloud read logging resource.type=cloudkms_cryptokey (there could be a typo on the command line, since I am writing it from the top of my head, sorry for that!).
Albeit I have this information, I am rather curious if this is the correct course of action here. I saw the CreateCryptoKey and SetIamPolicy methods on my logs, alright, but am I going to see all actions related to these keys? By reading the GCloud docs, I feel as though I am only getting some of the actions?
As I have said, I am trying to work my way around the GCloud Documentation, but it is such an overwhelming amount of information that I am not really getting the proper answer I am looking for, this is why I thought about resorting to this community.
So, to summarize, am I getting all the information related to my keys the way I am doing right now? And what about the people that have access to the Google Cloud Console page, is there a way to find who accessed it and which part (Crypto Keys page, Crypto Vault page for example)? That's something I have not understood from the docs as well, sadly. Perhaps someone could show me the proper page where I can make references to what I am looking for? Because the Cloud Audit Logging page doesn't feel totally clear to me on this front (and I assume I could be at fault here, these past weeks have been harsh!)
Thanks for anyone that takes some time to answer my question!
google-cloud-platform google-cloud-logging google-cloud-kms asked Nov 20 at 0:04
Kazimirz
63
I have just recently started to work with Google Cloud and I am trying to wrap my head around some of its inner workings, mainly the audit logging part.
What I want do is get the log activity from when my keys are used for anything and also when someone actually logged into the Google Console Cloud (it could be the Key Vault or the Key Ring, too).
I have been using power shell to extract these logs using gcloud read logging and this is where I start to doubt whether I have the right place. I will explain:
I have created new keys and I see in the Activity Panel this action, and I can already extract this through gcloud read logging resource.type=cloudkms_cryptokey (there could be a typo on the command line, since I am writing it from the top of my head, sorry for that!).
Albeit I have this information, I am rather curious if this is the correct course of action here. I saw the CreateCryptoKey and SetIamPolicy methods on my logs, alright, but am I going to see all actions related to these keys? By reading the GCloud docs, I feel as though I am only getting some of the actions?
As I have said, I am trying to work my way around the GCloud Documentation, but it is such an overwhelming amount of information that I am not really getting the proper answer I am looking for, this is why I thought about resorting to this community.
So, to summarize, am I getting all the information related to my keys the way I am doing right now? And what about the people that have access to the Google Cloud Console page, is there a way to find who accessed it and which part (Crypto Keys page, Crypto Vault page for example)? That's something I have not understood from the docs as well, sadly. Perhaps someone could show me the proper page where I can make references to what I am looking for? Because the Cloud Audit Logging page doesn't feel totally clear to me on this front (and I assume I could be at fault here, these past weeks have been harsh!)
Thanks for anyone that takes some time to answer my question!
google-cloud-platform google-cloud-logging google-cloud-kms google-cloud-platform google-cloud-logging google-cloud-kms asked Nov 20 at 0:04
Kazimirz
63
asked Nov 20 at 0:04
Kazimirz
63
edited Nov 20 at 0:16
asked Nov 20 at 0:04
Kazimirz
63
asked Nov 20 at 0:04
Kazimirz
63
asked Nov 20 at 0:04
Kazimirz
63
63
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
up vote
1
down vote
Admin activities such as creating a key or setting IAM policy are logged by default.
Data access activities such as listing Cloud KMS resources (key rings, keys, etc.), or performing cryptographic operations (encryption, decryption, etc.) are not logged by default. You can enable data access logging, via the steps at https://cloud.google.com/kms/docs/logging. I'm not sure if that is the topic you are referring to, or https://cloud.google.com/logging/docs/audit/.
answered Nov 20 at 0:41
Walter Poupore
375
Hey Walter, thanks for the reply! I have seen these pages, but I will make sure to read 'em again with extreme attention. And to add a better summary, what I really want in the end is to have logs of what is going on within my GCloud account. Say that someone an user created a key. I can already see that since cloudkms_keyring extracts that information. Now, I want to know if someone just as much as visited the Key Rings page, or any other page. What is Encrypting/Decrypting might be good, yes, but it can come later, I am sure that is a lot of data and the logs can get quite heavy I take it.
– Kazimirz
Nov 20 at 11:25
add a comment |
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
1
down vote
Admin activities such as creating a key or setting IAM policy are logged by default.
Data access activities such as listing Cloud KMS resources (key rings, keys, etc.), or performing cryptographic operations (encryption, decryption, etc.) are not logged by default. You can enable data access logging, via the steps at https://cloud.google.com/kms/docs/logging. I'm not sure if that is the topic you are referring to, or https://cloud.google.com/logging/docs/audit/.
answered Nov 20 at 0:41
Walter Poupore
375
Hey Walter, thanks for the reply! I have seen these pages, but I will make sure to read 'em again with extreme attention. And to add a better summary, what I really want in the end is to have logs of what is going on within my GCloud account. Say that someone an user created a key. I can already see that since cloudkms_keyring extracts that information. Now, I want to know if someone just as much as visited the Key Rings page, or any other page. What is Encrypting/Decrypting might be good, yes, but it can come later, I am sure that is a lot of data and the logs can get quite heavy I take it.
– Kazimirz
Nov 20 at 11:25
add a comment |
up vote
1
down vote
Admin activities such as creating a key or setting IAM policy are logged by default.
Data access activities such as listing Cloud KMS resources (key rings, keys, etc.), or performing cryptographic operations (encryption, decryption, etc.) are not logged by default. You can enable data access logging, via the steps at https://cloud.google.com/kms/docs/logging. I'm not sure if that is the topic you are referring to, or https://cloud.google.com/logging/docs/audit/.
answered Nov 20 at 0:41
Walter Poupore
375
Hey Walter, thanks for the reply! I have seen these pages, but I will make sure to read 'em again with extreme attention. And to add a better summary, what I really want in the end is to have logs of what is going on within my GCloud account. Say that someone an user created a key. I can already see that since cloudkms_keyring extracts that information. Now, I want to know if someone just as much as visited the Key Rings page, or any other page. What is Encrypting/Decrypting might be good, yes, but it can come later, I am sure that is a lot of data and the logs can get quite heavy I take it.
– Kazimirz
Nov 20 at 11:25
add a comment |
up vote
1
down vote
up vote
1
down vote
Admin activities such as creating a key or setting IAM policy are logged by default.
Data access activities such as listing Cloud KMS resources (key rings, keys, etc.), or performing cryptographic operations (encryption, decryption, etc.) are not logged by default. You can enable data access logging, via the steps at https://cloud.google.com/kms/docs/logging. I'm not sure if that is the topic you are referring to, or https://cloud.google.com/logging/docs/audit/.
answered Nov 20 at 0:41
Walter Poupore
375
Admin activities such as creating a key or setting IAM policy are logged by default.
Data access activities such as listing Cloud KMS resources (key rings, keys, etc.), or performing cryptographic operations (encryption, decryption, etc.) are not logged by default. You can enable data access logging, via the steps at https://cloud.google.com/kms/docs/logging. I'm not sure if that is the topic you are referring to, or https://cloud.google.com/logging/docs/audit/.
answered Nov 20 at 0:41
Walter Poupore
375
answered Nov 20 at 0:41
Walter Poupore
375
answered Nov 20 at 0:41
Walter Poupore
375
answered Nov 20 at 0:41
Walter Poupore
375
375
Hey Walter, thanks for the reply! I have seen these pages, but I will make sure to read 'em again with extreme attention. And to add a better summary, what I really want in the end is to have logs of what is going on within my GCloud account. Say that someone an user created a key. I can already see that since cloudkms_keyring extracts that information. Now, I want to know if someone just as much as visited the Key Rings page, or any other page. What is Encrypting/Decrypting might be good, yes, but it can come later, I am sure that is a lot of data and the logs can get quite heavy I take it.
– Kazimirz
Nov 20 at 11:25
add a comment |
Hey Walter, thanks for the reply! I have seen these pages, but I will make sure to read 'em again with extreme attention. And to add a better summary, what I really want in the end is to have logs of what is going on within my GCloud account. Say that someone an user created a key. I can already see that since cloudkms_keyring extracts that information. Now, I want to know if someone just as much as visited the Key Rings page, or any other page. What is Encrypting/Decrypting might be good, yes, but it can come later, I am sure that is a lot of data and the logs can get quite heavy I take it.
– Kazimirz
Nov 20 at 11:25
Hey Walter, thanks for the reply! I have seen these pages, but I will make sure to read 'em again with extreme attention. And to add a better summary, what I really want in the end is to have logs of what is going on within my GCloud account. Say that someone an user created a key. I can already see that since cloudkms_keyring extracts that information. Now, I want to know if someone just as much as visited the Key Rings page, or any other page. What is Encrypting/Decrypting might be good, yes, but it can come later, I am sure that is a lot of data and the logs can get quite heavy I take it.
– Kazimirz
Nov 20 at 11:25
Hey Walter, thanks for the reply! I have seen these pages, but I will make sure to read 'em again with extreme attention. And to add a better summary, what I really want in the end is to have logs of what is going on within my GCloud account. Say that someone an user created a key. I can already see that since cloudkms_keyring extracts that information. Now, I want to know if someone just as much as visited the Key Rings page, or any other page. What is Encrypting/Decrypting might be good, yes, but it can come later, I am sure that is a lot of data and the logs can get quite heavy I take it.
– Kazimirz
Nov 20 at 11:25
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53384382%2fgoogle-cloud-cloud-key-activity-logging%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
