Stay organized with collections
Save and categorize content based on your preferences.
After you enable Cloud Audit Logs, the Google Cloud console logging explorer records the contents of the following categories:
AuditLog proto
API-level log
Enable and view
Cloud Audit Logs allow you to view administrative activities and permissions within Google Cloud resources.
Enable logging
Follow these steps to enable the logs.
Navigate to the Google Cloud console, select IAM & Admin > Audit Logs.
Enter the Dialogflow API filter for Data access audit logs configuration, and select the following API types: Admin read, Data read, and Data write.
View logs
You must acquire the project owner and private logs viewerIAM roles, then follow these steps to view the logs.
Navigate to the Google Cloud console, then select Logging > Logs Explorer.
Optional: In Logs Explorer, add a filter or adjust the timeline as preferred.
Select an entry to view details.
The logging proto
Each log entry will be an instance of the AuditLog proto, which contains the following fields:
Field Type
Field Name
string
service_name
string
method_name
string
resource_name
ResourceLocation
resource_location
current_locations
original_locations
google.protobuf.Struct
resource_original_state
int64
num_response_items
google.rpc.Status
status
AuthenticationInfo
authentication_info
principal_email
principal
authority_selector
third_party_principal
service_account_key_name
service_account_delegation_info
service_account_delegation_session_id
principal_subject
service_delegation_history
repeated AuthorizationInfo
authorization_info
authorization_logging_options
resource_attributes
admin_access_control_authorization_info
permission_type
ADMIN_READ
ADMIN_WRITE
DATA_READ
DATA_WRITE
impersonation_peer_borg_role
PolicyViolationInfo
policy_violation_info
repeated PolicyViolationInfo
policy_violations
RequestMetadata
request_metadata
caller_ip
caller_supplied_user_agent
caller_network
caller_location
caller_region_code
caller_internal_gce_vnid
caller_gce_network_project_number
caller_is_gce_client
request_attributes
destination_attributes
google.protobuf.Struct
request
google.protobuf.Struct
response
google.protobuf.Struct
metadata
bytes
audit_loggable_mint
bytes
loggable_ubermint
bytes
audit_loggable_service_control_token
Redaction
redactions
type
CLEARED
REPLACED
FAILED_TO_PROVIDE
NOT_REQUIRED
PARTIAL
field
reason
Depending on the enabled Cloud Audit Logs fields, the log explorer populates the API's request and response bodies into the request and response fields of the logging proto.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-09 UTC."],[[["\u003cp\u003eCloud Audit Logs track administrative activities and permissions within Google Cloud resources, and upon enabling them, the logging explorer will record both the AuditLog proto and API-level logs.\u003c/p\u003e\n"],["\u003cp\u003eTo enable logging, you must go to the Google Cloud console, navigate to \u003cstrong\u003eIAM & Admin\u003c/strong\u003e > \u003cstrong\u003eAudit Logs\u003c/strong\u003e, and filter for \u003ccode\u003eDialogflow API\u003c/code\u003e, selecting \u003cstrong\u003eAdmin read\u003c/strong\u003e, \u003cstrong\u003eData read\u003c/strong\u003e, and \u003cstrong\u003eData write\u003c/strong\u003e API types.\u003c/p\u003e\n"],["\u003cp\u003eViewing logs requires the \u003cem\u003eproject owner\u003c/em\u003e and \u003cem\u003eprivate logs viewer\u003c/em\u003e IAM roles, after which you can navigate to \u003cstrong\u003eLogging\u003c/strong\u003e > \u003cstrong\u003eLogs Explorer\u003c/strong\u003e in the Google Cloud console.\u003c/p\u003e\n"],["\u003cp\u003eEach log entry is an instance of the \u003ccode\u003eAuditLog proto\u003c/code\u003e, containing detailed fields like \u003ccode\u003eservice_name\u003c/code\u003e, \u003ccode\u003emethod_name\u003c/code\u003e, \u003ccode\u003erequest\u003c/code\u003e, and \u003ccode\u003eresponse\u003c/code\u003e, along with authentication and authorization information.\u003c/p\u003e\n"],["\u003cp\u003eAPI-level logs capture specific request and response fields, such as \u003ccode\u003eparticipant\u003c/code\u003e in \u003ccode\u003eAnalyzeContent\u003c/code\u003e requests and \u003ccode\u003espeech_model\u003c/code\u003e in \u003ccode\u003eStreamingAnalyzeContent\u003c/code\u003e responses.\u003c/p\u003e\n"]]],[],null,["# Cloud Logging field definitions\n\nAfter you enable Cloud Audit Logs, the Google Cloud console logging explorer records the contents of the following categories:\n\n- AuditLog proto\n- API-level log\n\nEnable and view\n---------------\n\nCloud Audit Logs allow you to view administrative activities and permissions within Google Cloud resources.\n\n### Enable logging\n\nFollow these steps to enable the logs.\n\n1. Navigate to the Google Cloud console, select **IAM \\& Admin** \\\u003e **Audit Logs**.\n2. Enter the `Dialogflow API` filter for **Data access audit logs configuration** , and select the following API types: **Admin read** , **Data read** , and **Data write**.\n\n| **Note:** To enable logging for either all or no methods in a category, you configure logging by data access type, not individual method.\n\n### View logs\n\nYou must acquire the *project owner* and *private logs viewer* [IAM roles](/iam/docs/roles-overview), then follow these steps to view the logs.\n\n1. Navigate to the Google Cloud console, then select **Logging** \\\u003e **Logs Explorer**.\n2. Optional: In Logs Explorer, add a filter or adjust the timeline as preferred.\n3. Select an entry to view details.\n\n| **Note:** Many fields in the request or response body are logged, but not all. Engineering annotates the RPC definition to indicate the fields to expose for logging. For example, the `protoPayload` filter exposes the JSON object with the audit log entry.\n\nThe logging proto\n-----------------\n\nEach log entry will be an instance of the `AuditLog proto`, which contains the following fields:\n\nDepending on the enabled Cloud Audit Logs fields, the log explorer populates the API's request and response bodies into the request and response fields of the logging proto.\n\nAPI-level logged fields\n-----------------------"]]
