This blog is about creating a log sink for billing accounts.
It will be a short and straight-forward blog.
First things first, let me tell you the situation here.
Suppose you have a user who is performing some operations in the billing account and you want to see those logs. So here we will be creating a log sink for the billing account and exporting the logs to the service like pub/sub.
First, we will create a log sink for your billing account using the below query in cloud shell:
gcloud logging sinks create <SINK_NAME> <DEST_Name>
--log-filter=`LOG_ID("cloudaudit.gogleapis.com/activity")` --billing-account=<billing_account_id>
Alternative command to create a log sink for your billing account below:
gcloud logging sinks create <SINK_NAME> <DEST_Name>
--log-filter='logName="billingAccounts/<billing_account_id /logs/cloudaudit.googleapis.com%2Factivity”' --billing-account=<billing_account_id>
You can also use the filter like billing endpoint here to get a logs for those under Billing Account:
gcloud logging sinks create <SINK_NAME> <DEST_Name>
--log-filter='protoPayload.serviceName="cloudbilling.googleapis.com"'
Note: The log sink that you created using the above query will not be visible in the GCP UI because it is in the billing account. You have to be the Billing Account Administrator, Billing Creator, or have an appropriate role to have access to the Billing Account
Once you create the log sink you can use the below query to list the log sink in the cloud shell.
gcloud logging sinks list --billing-account=[YOUR-BILLING-ACCOUNT]
Once you created the sink, Next step would be do some operation like Adding a role to the billing account for your username or remove the role from the user in the Billing Account.
The reason why I said to do operations because with this you will get a Audit logs (Activity log), So in real-time the logs will be exported to pub/sub.
Lastly, Go to your pub/sub topic and pull the logs, You will get to see the logs in the UI.
If you want to see the logs in the Cloud shell use the below command:
gcloud logging read –billing-account=[YOUR-BILLING-ACCOUNT]
That's it, for now, we will continue further more in next blog.
Hope you liked it. Will see you on the next topic 😃