Stay organized with collections
Save and categorize content based on your preferences.
After you enable Cloud Audit Logs, the Google Cloud console logging explorer records the contents of the following categories:
AuditLog proto
API-level log
Enable and view
Cloud Audit Logs allow you to view administrative activities and permissions within Google Cloud resources.
Enable logging
Follow these steps to enable the logs.
Navigate to the Google Cloud console, select IAM & Admin > Audit Logs.
Enter the Dialogflow API filter for Data access audit logs configuration, and select the following API types: Admin read, Data read, and Data write.
View logs
You must acquire the project owner and private logs viewerIAM roles, then follow these steps to view the logs.
Navigate to the Google Cloud console, then select Logging > Logs Explorer.
Optional: In Logs Explorer, add a filter or adjust the timeline as preferred.
Select an entry to view details.
The logging proto
Each log entry will be an instance of the AuditLog proto, which contains the following fields:
Field Type
Field Name
string
service_name
string
method_name
string
resource_name
ResourceLocation
resource_location
current_locations
original_locations
google.protobuf.Struct
resource_original_state
int64
num_response_items
google.rpc.Status
status
AuthenticationInfo
authentication_info
principal_email
principal
authority_selector
third_party_principal
service_account_key_name
service_account_delegation_info
service_account_delegation_session_id
principal_subject
service_delegation_history
repeated AuthorizationInfo
authorization_info
authorization_logging_options
resource_attributes
admin_access_control_authorization_info
permission_type
ADMIN_READ
ADMIN_WRITE
DATA_READ
DATA_WRITE
impersonation_peer_borg_role
PolicyViolationInfo
policy_violation_info
repeated PolicyViolationInfo
policy_violations
RequestMetadata
request_metadata
caller_ip
caller_supplied_user_agent
caller_network
caller_location
caller_region_code
caller_internal_gce_vnid
caller_gce_network_project_number
caller_is_gce_client
request_attributes
destination_attributes
google.protobuf.Struct
request
google.protobuf.Struct
response
google.protobuf.Struct
metadata
bytes
audit_loggable_mint
bytes
loggable_ubermint
bytes
audit_loggable_service_control_token
Redaction
redactions
type
CLEARED
REPLACED
FAILED_TO_PROVIDE
NOT_REQUIRED
PARTIAL
field
reason
Depending on the enabled Cloud Audit Logs fields, the log explorer populates the API's request and response bodies into the request and response fields of the logging proto.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-04-01 UTC."],[[["Cloud Audit Logs track administrative activities and permissions within Google Cloud resources, and upon enabling them, the logging explorer will record both the AuditLog proto and API-level logs."],["To enable logging, you must go to the Google Cloud console, navigate to **IAM & Admin** \\\u003e **Audit Logs**, and filter for `Dialogflow API`, selecting **Admin read**, **Data read**, and **Data write** API types."],["Viewing logs requires the *project owner* and *private logs viewer* IAM roles, after which you can navigate to **Logging** \\\u003e **Logs Explorer** in the Google Cloud console."],["Each log entry is an instance of the `AuditLog proto`, containing detailed fields like `service_name`, `method_name`, `request`, and `response`, along with authentication and authorization information."],["API-level logs capture specific request and response fields, such as `participant` in `AnalyzeContent` requests and `speech_model` in `StreamingAnalyzeContent` responses."]]],[]]
