This page describes how to view the audit logs generated by pgAudit, which helps you to configure logs that are often required to comply with government, financial, and ISO certifications. This page also describes the log format for pgAudit. For more information about pgAudit, see About pgAudit.
Before you begin
To view audit logs, you must do the following:
Enable Data Access audit logs for your AlloyDBproject.
Ensure that you have the Private Logs Viewer (
roles/logging.privateLogViewer
) role.
View audit logs
The generated pgAudit logs for a given instance are sent to Cloud Logging as Data Access audit logs.
You can view the generated pgAudit logs by using the Logs Explorer application.
To view the pgAudit logs, select the cloudaudit.googleapis.com/data_access
log filter in the Logs Explorer application.
To view all pgAudit logs for an AlloyDB project, execute the following query by using the Advanced Filter interface:
resource.type="alloydb.googleapis.com/Instance" logName="projects/your-project-name/logs/cloudaudit.googleapis.com%2Fdata_access" protoPayload.request.@type="type.googleapis.com/google.cloud.alloydb.audit.v1.PgAuditEntry"
Log format for pgAudit
Each pgAudit log entry in the Data Access audit logs contains fields that represent the information collected for a query. For more information about these log entry fields, see the pgAudit documentation.
Sample pgAudit log entry:
{ protoPayload: { @type: "type.googleapis.com/google.cloud.audit.AuditLog" methodName: "alloydb.instances.query" request: { @type: "type.googleapis.com/google.cloud.alloydb.audit.v1.PgAuditEntry" auditClass: "READ" auditType: "SESSION" chunkCount: "1" chunkIndex: "1" command: "SELECT" database: "finance" databaseSessionId: 2209692 parameter: "[not logged]" statement: "SELECT * FROM revenue" statementId: 2 substatementId: 1 user: "alice" } } }
The following are descriptions of the fields in the Data Access audit logs:
- auditClass. The type of the statement that is logged. Possible values are READ, WRITE, FUNCTION, ROLE, DDL, MISC, and MISC_SET.
- auditType. SESSION or OBJECT.
- chunkCount. Chunking can occur on the data provided in the
parameter
andstatement
fields. ThechunkCount
field indicates the total number of chunks. Also see the description of thechunkIndex
field. - chunkIndex. Specifies the index number of the data chunks in the
parameter
andstatement
fields in the currentrequest
container. The initial number is1
. Also see the description of thechunkCount
field. - command. For example, ALTER TABLE or SELECT.
- parameter. The
chunkIndex
field can determine the contents of this field; see the description of thechunkIndex
field. If the value for `pgaudit.log_parameter` is set, theparameter
field can contain the statement parameters as quoted CSV data. If there are no parameters, this field contains[none]
. Otherwise, this field contains[not logged]
. - statement. Statement that is executed on the backend.
The
chunkIndex
field can determine the contents of thestatement
field; see the description of thechunkIndex
field. - statementId. Unique statement ID for this session. Each statement ID represents a backend call. Statement IDs are sequential, even if some statements are not logged.
- substatementId. Sequential ID for each sub-statement within the main statement.