Google Cloud access logs provide valuable insights into user access patterns
and can help you troubleshoot access denial errors. These logs record both
successful and denied access attempts, offering a comprehensive view of user
interactions with your applications. In cases of denied access, the logs include
detailed information about the reasons for denial, such as the specific access
levels that were not met.
The logs also contain metadata, such as timestamps, user identities, and
resource details, providing further context for analysis and troubleshooting.
To filter the logs relevant to secure gateway access, use the following
filter:
If you encounter issues while managing secure gateway resources, such as
during creation, updating, or deletion, you can view the logs relevant to
secure gateway resource management by using the following filter:
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-29 UTC."],[],[],null,["# Troubleshoot secure gateway issues\n\nThis document provides information about how to use Google Cloud access logs\nto resolve common issues with secure gateways.\n\nGoogle Cloud access logs are a valuable tool for diagnosing problems.\nYou can view the access logs in the\n[Logs Explorer](https://console.cloud.google.com/logs/query). To view logs for\ntroubleshooting secure gateway problems,\n[configure Data Access audit logs for the `BeyondCorp Enterprise API`](/logging/docs/audit/configure-data-access#config-console).\n\nEnd user access\n---------------\n\nGoogle Cloud access logs provide valuable insights into user access patterns\nand can help you troubleshoot access denial errors. These logs record both\nsuccessful and denied access attempts, offering a comprehensive view of user\ninteractions with your applications. In cases of denied access, the logs include\ndetailed information about the reasons for denial, such as the specific access\nlevels that were not met.\n\nThe logs also contain metadata, such as timestamps, user identities, and\nresource details, providing further context for analysis and troubleshooting.\nTo filter the logs relevant to secure gateway access, use the following\nfilter: \n\n resource.type=\"audited_resource\"\n resource.labels.method=\"AuthorizeUser\"\n resource.labels.service=\"beyondcorp.googleapis.com\"\n\nSecurity gateway resource issues\n--------------------------------\n\nIf you encounter issues while managing secure gateway resources, such as\nduring creation, updating, or deletion, you can view the logs relevant to\nsecure gateway resource management by using the following filter: \n\n resource.type=\"audited_resource\"\n resource.labels.service=\"beyondcorp.googleapis.com\""]]
