Skip to main content

Inspecting Stackdriver Admin Activity Audit Logs

Hands-On Lab

 

Photo of Joseph Lowery

Joseph Lowery

Google Cloud Training Architect II in Content

Length

00:15:00

Difficulty

Beginner

Any working computer system consists of a vast number of individual resources that are utilized each and every day. With Google Cloud, the Stackdriver Audit Logs keep track of the creation and deletion of these resources. IT professionals know that logs are their very best friend when it comes time to track down errors, misalignments, overcharges, and a host of other issues. In this hands-on lab, we’ll set up a couple of networks with associated subnets as well as a few Compute Engine instances, then use Stackdriver logging to review the record of the installation. We will also make a significant change and note the logs' response.

What are Hands-On Labs?

Hands-On Labs are scenario-based learning environments where learners can practice without consequences. Don't compromise a system or waste money on expensive downloads. Practice real-world skills without the real-world risk, no assembly required.

Inspecting Stackdriver Admin Activity Audit Logs

Introduction

Any working computer system consists of a vast number of individual resources that are utilized each and every day. With Google Cloud, the Stackdriver Audit Logs keep track of the creation and deletion of these resources. IT professionals know that logs are their very best friend when it comes time to track down errors, misalignments, overcharges, and a host of other issues. In this hands-on lab, we’ll set up a couple of networks with associated subnets as well as a few Compute Engine instances, then use Stackdriver logging to review the record of the installation. We will also make a significant change and note the logs' response.

Logging In to the Environment

  1. On the lab instructions page, right-click the Open GPC Console button.
  2. From the dropdown, select the option to open the link in a private browser window. (Note: Different browsers have different names for a private browser window. On Chrome, you'll choose Open Link in Incognito Window. If you're using Firefox, click Open Link in New Private Window. Etc.)
  3. On the Google sign-in page, enter the unique username you were provided on the lab instructions page. Click Next.
  4. Enter the unique password you were provided on the lab instructions page. Click Next.
  5. On the Welcome to your new account page, click Accept.
  6. In the Welcome L.A.! menu, check the box under Terms of service.
  7. Choose your country of residence, then click AGREE AND CONTINUE.

Explore the Created Services

  1. From the Google Cloud Platform dashboard, click the main navigation menu at the top left of the page.
  2. In the dropdown, select VPC network > VPC networks.
  3. Review the existing VPC networks.

Review the Stackdriver Logs

  1. Click the main navigation menu at the top left of the page.
  2. In the dropdown, select Logging > Logs Viewer.
  3. Review the audited resource that appears by default.
  4. Click Audited Resource to expand the filter options list.
  5. Select GCE Network from the dropdown.
  6. Expand the first entry in the list, Compute Engine insert global:la-peer-1, and review the log output.
  7. Expand the second entry in the list, Compute Engine insert global:la-peer-2, and review the log output.
  8. Expand the third entry in the list, Compute Engine insert {"request":.
  9. Expand the jsonPayload: { section and review the output.
  10. Click the main navigation menu, and select VPC network > Firewall rules from the dropdown.
  11. Review the default and custom firewall rules.
  12. Click the main navigation menu, and select Logging > Logs Viewer.
  13. Click GCE Network, and select GCE Firewall Rule > icmp-la-peer-1 from the dropdown.
  14. Click the main navigation menu, and select Compute Engine > VM instances from the dropdown.
  15. Note the three VM instances that have been created.
  16. Click the main navigation menu, and select Logging > Logs Viewer from the dropdown.
  17. Click GCE Firewall Rule, icmp-la-peer-1, and select GCE VM Instance from the dropdown.

Delete a Resource and Review the Logs

  1. Click the main navigation menu at the top left of the page.
  2. From the dropdown, choose VPC network > Firewall rules.
  3. Select the ssh-la-peer-2 rule and click Delete.
  4. In the Delete firewall? menu that opens, click DELETE.
  5. Click the main navigation menu at the top left of the page, and choose Logging > Logs Viewer from the dropdown.
  6. In the filter options list, choose GCE Firewall Rule.
  7. Expand the compute.firewalls.delete entry at the bottom of the logs list.
  8. Expand the jsonPayload: { section.
  9. Expand the actor: { section.
  10. You should see a cloud_user email address.

Conclusion

Congratulations, you've successfully completed this hands-on lab!