This page explains how to view the protected resource logs for vaulted resources in Cloud Logging. These logs provide insights of the resources protected and have their backups stored in the backup vault using the backup plans. You can view these logs in the project where the backup vault is created.
If you want to view the protected resources logs that are protected using the backup template in the management console, see Protected resource logs.
Permissions and roles
You need the IAM permission roles/logging.viewer
to view the
protected resource logs. The Logs Viewer
role gives you read-only access to
view protected resource logs of all resources protected by backup plan in your
backup vault project. For more information about the IAM
permissions and roles that apply to protected resource logs data, see
Access control with IAM.
View protected resource logs
You can view Backup and DR protected resource logs in Cloud Logging by using the Google Cloud console and the Google Cloud CLI. To view the protected resource log, select the project where the backup vault is created.
Console
In the Google Cloud console, you can use the Logs Explorer to retrieve the protected resource logs entries for your vaulted resources:
- In the Google Cloud console, go to the Logging > Logs Explorer.
- Select an existing Cloud project, where the backup vault is created.
- In the Query builder pane, select bdr_protected_resource from the Select log name drop-down.
gcloud
The Google Cloud CLI provides a command-line interface to the logging API. To read your protected resource log entries of a project, run the following command:
gcloud logging read "logName: bdr_protected_resource" --project=PROJECT_ID
Replace the following:
PROJECT_ID
: the name of the project where the backup vault is created.
Protected resource log format
Protected resource log entries include the following fields:
Field | Description |
---|---|
sourceResourceLocation |
The location of the source resource. |
sourceResourceId |
The ID of the source resource. |
currentBackupVaultName |
The relative name of the backup vault that is associated with the source resource. |
currentBackupRuleDetails |
The backup rule details of the backup plan that is associated with the source resource. |
ruleName |
The name of the backup rule used to backup jobs. |
retentionDays |
The duration in days for which the backups should be retained in the backup vault before they are deleted. |
recurrenceSchedule |
The recurrence schedule of a backup based on the backup rule. |
backupWindow |
The backup window where you have defined the timeframe of when backup jobs can start. The backup window uses the 24-hour clock format, with start and end times between 00 and 24 hours, and a minimum of six hours for the window. |
recurrence |
The backup recurrence type, which can be hourly, daily, weekly, monthly, or yearly. |
lastProtectedOn |
The timestamp when the resource was last protected, which is in the YYYY-MM-DDTHH:MM:SS.SSSZ format. |
currentBackupPlanName |
The relative name of the backup plan that is associated with the source resource. |
sourceResourceName |
The relative name of the resource. |
resourceType |
The type of resource. For example, a Compute Engine instance. |
sourceResourceDataSizeGib |
The size of the source resource. |
The following sample is an example of a log entry for viewing protected
resources stored in the backup vault doc-test
.
{
"insertId": "15471111095544249995",
"jsonPayload": {
"lastProtectedOn": "2024-08-21T06:51:54Z",
"currentBackupRuleDetails": [
{
"backupWindow": "01:00 to 23:00",
"retentionDays": 14,
"recurrence": "Hourly",
"recurrenceSchedule": "Every 6 hours",
"backupWindowTimezone": "Etc/UTC",
"ruleName": "random-plan"
}
],
"sourceResourceDataSizeGib": 10,
"currentBackupPlanName": "projects/Backupvault_project_ID/locations/us-central1/backupPlans/backup-plan",
"resourceType": "Compute Engine",
"currentBackupVaultName": "projects/Backupvault_project_ID/locations/us-central1/backupVaults/doc-set",
"sourceResourceLocation": "us-central1-a",
"sourceResourceId": "1606474933247566298",
"sourceResourceName": "projects/Source_project_ID/zones/us-central1-a/instances/farhanmd-log-test--instance",
"@type": "type.googleapis.com/google.cloud.backupdr.logging.v1.BDRProtectedResourceLog"
},
"resource": {
"type": "backupdr.googleapis.com/BackupPlan",
"labels": {
"location": "us-central1",
"backup_plan_id": "backup-plan",
"resource_container": "236738525349"
}
},
"timestamp": "2024-11-05T10:39:03Z",
"severity": "INFO",
"logName": "projects/Backupvault_Name/logs/backupdr.googleapis.com%2Fbdr_protected_resource",
"receiveTimestamp": "2024-11-05T10:50:34.275819255Z"
}
Sample queries
To view selected logs, you can write custom queries in the query section.
Use the following query to view resources protected using a backup plan.
logName:"bdr_protected_resource" jsonPayload.currentBackupPlanName:"backupPlans/BACKUPPLAN_NAME"
Use the following query to view resources protected in a backup vault.
logName:"bdr_protected_resource" jsonPayload.currentBackupVaultName:"backupVaults/BACKUPVAULT_NAME"
What's next
- To configure log-based alerts for Backup and DR Service, create a log query, using the filter job logs, and then Configure log-based alerts.