Stay organized with collections
Save and categorize content based on your preferences.
Logs are essential for maintaining your air-gapped deployments' health,
security, and operational efficiency. They provide valuable insights into the
following aspects of an environment:
Application behavior: Identify errors, performance issues, and unusual
activity within your applications.
System activity: Monitor the performance and health of underlying
infrastructure components.
Security auditing: Track user actions, access control events, and
potential security threats.
Troubleshooting: Diagnose and resolve issues by analyzing historical log
data.
Therefore, Google Distributed Cloud (GDC) air-gapped provides a logging platform for
collecting and analyzing your logs. GDC captures the
following two types of logs:
Audit logs: Record user and administrative activities on privileged
operations and achieve auditing and compliance requirements on
GDC.
Operational logs: Record conditions, changes, and actions as you manage
ongoing operations in applications and services on
GDC. These logs help developers and operators test
and debug applications.
This page provides an overview of logging features in
GDC environments and explains the key concepts and
components involved in managing logs generated by your applications and the
platform itself.
Key components
GDC deployments use a logging platform to collect and
store logs from various sources. This platform includes the following
components:
Fluent Bit: A lightweight log processor and forwarder deployed on each
cluster node. Fluent Bit collects logs from applications, system components,
and Kubernetes itself.
Loki: An open-source log aggregation system that stores and queries logs
from your applications and infrastructure.
Log sinks: Log routers that export log entries to other destinations,
such as a local storage system or a security information and event
management (SIEM) tool. These log sinks give you flexibility in managing and
analyzing your log data.
Logging pipeline: A managed service that stores log data and implements
the logic for log collection. In air-gapped environments, the logging
pipeline runs locally within your data center.
Grafana: An analytics platform that lets you create insightful
dashboards and explore your logging data. You can query logs stored in the
logging platform using the Grafana user interface.
Considerations for your deployments
Consider the following aspects when using the logging platform to collect logs:
Storage capacity: Plan for sufficient storage capacity to accommodate
the volume of log data your applications and system components generate.
Log retention policies: Define log retention times based on your
compliance and operational needs during the creation of your organization.
For more information, see Log retention.
Benefits
You obtain the following benefits when using the logging platform in
GDC:
Automation: Automate log-related tasks, such as exporting logs to a
central repository or generating reports.
Customization: Build custom logging solutions tailored to your needs and
integrate them with existing tools and workflows.
Efficiency: Programmatically manage large volumes of log data and
perform complex queries.
Flexibility: Access log data from various sources and integrate your
systems with analysis and monitoring tools.
By using the logging platform in your air-gapped environment, you can manage and
analyze log data, even in an isolated environment.
Log retention
Retention policies define how long metrics and logs are stored. These policies
are crucial for meeting compliance requirements and supporting operational
analysis. GDC uses retention times to configure
lifecycle and retention policies for resource configurations.
If specific retention times are not provided during the organization's creation
or are set to 0 in the Organization custom resource during creation time,
the system applies the following default values for logs:
Infrastructure audit logs: 2000 days
Platform audit logs: 400 days
Operational logs: 90 days
Further resources
Consult the comprehensive list of
audit logs
and operational logs
for detailed descriptions of all collected logs from GDC
components. These resources provide valuable context and facilitate advanced
logging strategies.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-29 UTC."],[[["\u003cp\u003eLogs in air-gapped deployments are crucial for monitoring application behavior, system activity, security auditing, and troubleshooting.\u003c/p\u003e\n"],["\u003cp\u003eGoogle Distributed Cloud (GDC) air-gapped collects audit logs for user and administrative activities, and operational logs for ongoing application and service management.\u003c/p\u003e\n"],["\u003cp\u003eThe GDC logging platform includes Fluent Bit for log processing, Loki for log aggregation, log sinks for exporting data, a local logging pipeline, and Grafana for log analysis and dashboards.\u003c/p\u003e\n"],["\u003cp\u003eUsing the GDC logging platform provides automation, customization, efficiency, and flexibility in managing and analyzing log data within an isolated environment.\u003c/p\u003e\n"],["\u003cp\u003eLog retention policies are set during organization creation and are permanent, with default values of 2000 days for infrastructure audit logs, 400 days for platform audit logs, and 90 days for operational logs.\u003c/p\u003e\n"]]],[],null,["# Logging overview\n\nLogs are essential for maintaining your air-gapped deployments' health,\nsecurity, and operational efficiency. They provide valuable insights into the\nfollowing aspects of an environment:\n\n- **Application behavior**: Identify errors, performance issues, and unusual activity within your applications.\n- **System activity**: Monitor the performance and health of underlying infrastructure components.\n- **Security auditing**: Track user actions, access control events, and potential security threats.\n- **Troubleshooting**: Diagnose and resolve issues by analyzing historical log data.\n\nTherefore, Google Distributed Cloud (GDC) air-gapped provides a logging platform for\ncollecting and analyzing your logs. GDC captures the\nfollowing two types of logs:\n\n- **Audit logs**: Record user and administrative activities on privileged operations and achieve auditing and compliance requirements on GDC.\n- **Operational logs**: Record conditions, changes, and actions as you manage ongoing operations in applications and services on GDC. These logs help developers and operators test and debug applications.\n\nThis page provides an overview of logging features in\nGDC environments and explains the key concepts and\ncomponents involved in managing logs generated by your applications and the\nplatform itself.\n\nKey components\n--------------\n\nGDC deployments use a logging platform to collect and\nstore logs from various sources. This platform includes the following\ncomponents:\n\n- **Fluent Bit**: A lightweight log processor and forwarder deployed on each cluster node. Fluent Bit collects logs from applications, system components, and Kubernetes itself.\n- **Loki**: An open-source log aggregation system that stores and queries logs from your applications and infrastructure.\n- **Log sinks**: Log routers that export log entries to other destinations, such as a local storage system or a security information and event management (SIEM) tool. These log sinks give you flexibility in managing and analyzing your log data.\n- **Logging pipeline**: A managed service that stores log data and implements the logic for log collection. In air-gapped environments, the logging pipeline runs locally within your data center.\n- **Grafana**: An analytics platform that lets you create insightful dashboards and explore your logging data. You can query logs stored in the logging platform using the Grafana user interface.\n\nConsiderations for your deployments\n-----------------------------------\n\nConsider the following aspects when using the logging platform to collect logs:\n\n- **Storage capacity**: Plan for sufficient storage capacity to accommodate the volume of log data your applications and system components generate.\n- **Log retention policies** : Define log retention times based on your compliance and operational needs during the creation of your organization. For more information, see [Log retention](#retention).\n\nBenefits\n--------\n\nYou obtain the following benefits when using the logging platform in\nGDC:\n\n- **Automation**: Automate log-related tasks, such as exporting logs to a central repository or generating reports.\n- **Customization**: Build custom logging solutions tailored to your needs and integrate them with existing tools and workflows.\n- **Efficiency**: Programmatically manage large volumes of log data and perform complex queries.\n- **Flexibility**: Access log data from various sources and integrate your systems with analysis and monitoring tools.\n\nBy using the logging platform in your air-gapped environment, you can manage and\nanalyze log data, even in an isolated environment.\n\nLog retention\n-------------\n\n| **Important:** Retention times are permanent and are configured when the organization is created. You cannot modify retention times after the organization's creation.\n\nRetention policies define how long metrics and logs are stored. These policies\nare crucial for meeting compliance requirements and supporting operational\nanalysis. GDC uses retention times to configure\nlifecycle and retention policies for resource configurations.\n\nIf specific retention times are not provided during the organization's creation\nor are set to `0` in the `Organization` custom resource during creation time,\nthe system applies the following default values for logs:\n\n- **Infrastructure audit logs**: 2000 days\n- **Platform audit logs**: 400 days\n- **Operational logs**: 90 days\n\n| **Note:** Minimum default audit log retention time is 400 days.\n\nFurther resources\n-----------------\n\nConsult the comprehensive list of\n[audit logs](/distributed-cloud/hosted/docs/latest/gdch/platform-application/pa-ao-operations/audit-logs-overview)\nand [operational logs](/distributed-cloud/hosted/docs/latest/gdch/platform-application/pa-ao-operations/operational-logs-overview)\nfor detailed descriptions of all collected logs from GDC\ncomponents. These resources provide valuable context and facilitate advanced\nlogging strategies."]]
