This document describes how to configure Gemini Code Assist Standard and Enterprise logging for a project by using the Google Cloud console or an API.
Limitations
Gemini Standard and Enterprise in Google Cloud log data recording is limited to user interactions with Gemini Code Assist within the IDE.
Additionally, Gemini for Google Cloud doesn't log data for Gemini Code Assist Standard and Enterprise if VS Code telemetry is turned off by the user.
Before you begin
Ensure your Google Cloud project is attached to a billing account.
(Optional) Grant IAM permissions
To configure Gemini Code Assist Standard and Enterprise logging, you must have specific Identity and Access Management (IAM) permissions, which are detailed in the following sections. Make sure these permissions are added to custom IAM roles.
Alternatively, you can
grant the
Gemini for Google Cloud Settings Admin (roles/cloudaicompanion.settingsAdmin) IAM predefined role, which includes all required
permissions needed to work with all Gemini for Google Cloud
administrator settings.
(Optional) Bind permissions to settings and targets
If you are configuring Gemini Code Assist Standard and Enterprise administrator settings in the Google Cloud console, then you can skip this section.
To configure Gemini Code Assist Standard and Enterprise administrator settings with the Gemini for Google Cloud API, you must first create settings, then create bindings to "bind" those settings and targets (such as instance, topic, or projects) for specific products (such as Gemini Cloud Assist or Gemini Code Assist).
All permissions to create and update settings are at the project level.
Configure Gemini Code Assist logging
The following sections provide steps required to enable the collection and storage of Gemini Code Assist Standard and Enterprise activity in Cloud Logging, including:
Gemini Code Assist Standard and Enterprise prompts and response logs, such as user input, contextual information, and responses.
Gemini Code Assist Standard and Enterprise metadata logs, such as telemetry metadata and lines of code accepted by the user.
For more details on both types of logs, see View Gemini logs.
Enable logging for Gemini Code Assist
Select one of the following options:
Console
Ensure you have enabled the Cloud Logging API in the project.
Ensure that you have the following Identity and Access Management (IAM) permissions on the project that owns the subscription:
loggingSettings.createloggingSettings.listloggingSettings.updateloggingSettings.getcloudaicompanion.instances.loggingSettings.usecloudaicompanion.instances.queryEffectiveSettingsettingBindings.loggingSettingsListsettingBindings.loggingSettingsGetsettingBindings.loggingSettingsUpdatesettingBindings.loggingSettingsCreatecloudaicompanion.settingBindings.loggingSettingsUsecloudaicompanion.instances.queryEffectiveSettingBindings
In the Google Cloud console, go to the Admin for Gemini page.
The Gemini for Google Cloud page loads.
Click Settings in the left navigation menu.
The Settings page loads.
(Optional) Click Logging for Code Assist metadata to record the metadata generated by users of Gemini Code Assist Standard and Enterprise in the project.
(Optional) Click Logging for Code Assist prompts and responses to record the prompts and responses generated by users of Gemini Code Assist Standard and Enterprise in the project.
Click Save Changes.
API
To enable logging for Gemini Code Assist Standard and
Enterprise, use the loggingSetting method.
Ensure you have enabled the Cloud Logging API in the project.
Ensure that you have the following Identity and Access Management (IAM) permissions on the project that owns the subscription:
loggingSettings.createloggingSettings.listloggingSettings.updateloggingSettings.getcloudaicompanion.instances.loggingSettings.usecloudaicompanion.instances.queryEffectiveSettingsettingBindings.loggingSettingsListsettingBindings.loggingSettingsGetsettingBindings.loggingSettingsUpdatesettingBindings.loggingSettingsCreatecloudaicompanion.settingBindings.loggingSettingsUsecloudaicompanion.instances.queryEffectiveSettingBindings
Create the setting and a setting-specific value:
Obtain the token:
TOKEN=$(gcloud auth print-access-token)
Enable Gemini Code Assist Standard and Enterprise metadata logs.
Run the following command to create the setting:
curl -X POST \ -H "Authorization: Bearer $TOKEN" \ -H 'Content-Type: application/json' \ -d '{ "log_metadata": true, } ' \ "https://cloudaicompanion.googleapis.com/v1/projects/CONTAINER_PROJECT_NAME/locations/global/loggingSettings?logging_setting_id=SETTING_ID"Replace the following:
CONTAINER_PROJECT_NAME: Enter the parent project ID.SETTING_ID: Enter a unique setting name, such asgcalm1forGemini Code Assist log metadata.
If the command succeeds, it returns a response body that shows the
log_metadataset totrue:{ "name": "projects/CONTAINER_PROJECT_NAME/locations/global/loggingSettings/SETTING_ID", "createTime": "2025-01-23T15:22:49.717166932Z", "updateTime": "2025-01-23T15:22:49.717166932Z", "log_metadata": true }Run the following command to create the Gemini Code Assist Standard and Enterprise metadata logs setting binding:
curl -X POST \ -H "Authorization: Bearer $TOKEN" \ -H 'Content-Type: application/json' \ -d '{ "target": "projects/TARGET_PROJECT_NAME" }' \ "https://cloudaicompanion.googleapis.com/v1/projects/CONTAINER_PROJECT_NAME/locations/global/loggingSettings/SETTING_ID/settingBindings?setting_binding_id=BINDING_ID"
Replace the following:
TARGET_PROJECT_NAME: Enter the target project to which the setting should be applied.SETTING_ID: Use the same SETTING_ID when you created the setting, but append it withb1. For example, usegcalmb1forGemini Code Assist log metadata.
If the command succeeds, it returns the operation metadata in the following format:
{ "name": "projects/<var>CONTAINER_PROJECT_NAME</var>/locations/global/operations/operation-1737646069712-62c6140bb04bb-49261230-43701daf", "metadata": { "@type": "type.googleapis.com/google.cloud.cloudaicompanion.v1.OperationMetadata", "createTime": "2025-01-23T15:27:50.076075570Z", "target": "projects/<var>TARGET_PROJECT_NAME</var>/locations/global/loggingSettings/<var>SETTING_ID</var>/settingBindings/<var>BINDING_ID</var>", "verb": "create", "requestedCancellation": false, "apiVersion": "v1" }, "done": false }Enable Gemini Code Assist Standard and Enterprise user logs.
Run the following command to create the setting:
curl -X POST \ -H "Authorization: Bearer $TOKEN" \ -H 'Content-Type: application/json' \ -d '{ "log_prompts_and_responses": true, } ' \ "https://cloudaicompanion.googleapis.com/v1/projects/CONTAINER_PROJECT_NAME/locations/global/loggingSettings?logging_setting_id=SETTING_ID"Replace the following:
CONTAINER_PROJECT_NAME: Enter the parent project ID.SETTING_ID: Enter a unique setting name, such asgcapar1forGemini Code Assist prompts and responses.
If the command succeeds, it returns a response body that shows the
log_prompts_and_responsesset totrue:{ "name": "projects/CONTAINER_PROJECT_NAME/locations/global/loggingSettings/SETTING_ID", "createTime": "2025-01-23T15:22:49.717166932Z", "updateTime": "2025-01-23T15:22:49.717166932Z", "log_prompts_and_responses": true }Run the following command to create the Gemini Code Assist Standard and Enterprise user logs setting binding:
curl \ -H "Authorization: Bearer $TOKEN" \ -H 'Content-Type: application/json' \ -d '{ "target": "projects/TARGET_PROJECT_NAME" }' \ "https://cloudaicompanion.googleapis.com/v1/projects/CONTAINER_PROJECT_NAME/locations/global/loggingSettings/SETTING_ID/settingBindings?setting_binding_id=BINDING_ID"
Replace the following:
TARGET_PROJECT_NAME: Enter the target project to which the setting should be applied.SETTING_ID: Use the same SETTING_ID when you created the setting, but append it withb1. For example, usegcaparb1forGemini Code Assist prompts and responses.
If the command succeeds, it returns the operation metadata in the following format:
{ "name": "projects/<var>CONTAINER_PROJECT_NAME</var>/locations/global/operations/operation-1737646069712-62c6140bb04bb-49261230-43701daf", "metadata": { "@type": "type.googleapis.com/google.cloud.cloudaicompanion.v1.OperationMetadata", "createTime": "2025-01-23T15:27:50.076075570Z", "target": "projects/<var>TARGET_PROJECT_NAME</var>/locations/global/loggingSettings/<var>SETTING_ID</var>/settingBindings/<var>BINDING_ID</var>", "verb": "create", "requestedCancellation": false, "apiVersion": "v1" }, "done": false }
Disable logging for Gemini Code Assist
Select one of the following options:
Console
Ensure that you have the following Identity and Access Management (IAM) permissions on the project that owns the subscription:
loggingSettings.deleteloggingSettings.listloggingSettings.updateloggingSettings.getcloudaicompanion.instances.loggingSettings.usecloudaicompanion.instances.queryEffectiveSettingsettingBindings.loggingSettingsListsettingBindings.loggingSettingsGetsettingBindings.loggingSettingsUpdatesettingBindings.loggingSettingsDeletecloudaicompanion.settingBindings.loggingSettingsUsecloudaicompanion.instances.queryEffectiveSettingBindings
In the Google Cloud console, go to the Admin for Gemini page.
The Gemini for Google Cloud page loads.
Click Settings in the left navigation menu.
The Settings page loads.
Click Logging for Code Assist metadata to turn off recording the metadata from the usage of Gemini Code Assist Standard and Enterprise in the project.
Click Save Changes.
API
To enable logging for Gemini Code Assist Standard and
Enterprise, use the loggingSetting method.
Ensure that you have the following Identity and Access Management (IAM) permissions on the project that owns the subscription:
loggingSettings.createloggingSettings.listloggingSettings.updateloggingSettings.getcloudaicompanion.instances.loggingSettings.usecloudaicompanion.instances.queryEffectiveSettingsettingBindings.loggingSettingsListsettingBindings.loggingSettingsGetsettingBindings.loggingSettingsUpdatesettingBindings.loggingSettingsCreateserviceusage.services.enable
Create the setting and a setting-specific value:
Obtain the token:
TOKEN=$(gcloud auth print-access-token)
Run the following command to disable the Gemini Code Assist Standard and Enterprise metadata logs setting:
curl -X POST \ -H "Authorization: Bearer $TOKEN" \ -H 'Content-Type: application/json' \ -d '{ "log_metadata": false, } ' \ "https://cloudaicompanion.googleapis.com/v1/projects/CONTAINER_PROJECT_NAME/locations/global/loggingSettings?logging_metadata_id=SETTING_ID"Replace the following:
CONTAINER_PROJECT_NAME: Enter the parent project ID.SETTING_ID: Enter the existing setting name, such asgcalm1forGemini Code Assist log metadata.If the command succeeds, it returns a response body that shows the
log_metadataset tofalse:{ "name": "projects/CONTAINER_PROJECT_NAME/locations/global/loggingSettings/SETTING_ID", "createTime": "2025-01-23T15:22:49.717166932Z", "updateTime": "2025-01-23T15:22:49.717166932Z", "log_metadata": false }
Run the following command to disable the Gemini Code Assist Standard and Enterprise user logs setting:
curl -X POST \ -H "Authorization: Bearer $TOKEN" \ -H 'Content-Type: application/json' \ -d '{ "log_prompts_and_responses": false, } ' \ "https://cloudaicompanion.googleapis.com/v1/projects/CONTAINER_PROJECT_NAME/locations/global/loggingSettings?logging_setting_id=SETTING_ID"Replace the following:
CONTAINER_PROJECT_NAME: Enter the parent project ID.SETTING_ID: Enter the existing setting name, such asgcapar1forGemini Code Assist prompts and responses.If the command succeeds, it returns a response body that shows the
log_prompts_and_responsesset tofalse:{ "name": "projects/CONTAINER_PROJECT_NAME/locations/global/loggingSettings/SETTING_ID", "createTime": "2025-01-23T15:22:49.717166932Z", "updateTime": "2025-01-23T15:22:49.717166932Z", "log_prompts_and_responses": false }