Log event of file download from GCS bucket

Google Cloud Cloud Foundations & Onboarding
1

Dear Team,

I’m trying to capture the log events of file downloaded from GCS bucket. Upon investigation in cloud logging, I can only see object.get or object.create event entries. But there is no specific entry for the download action performed by the user.

Appreciate any pointers.

Best regards,

Abhi

2

Hi @bansodab ,

Welcome to Google Cloud Community!

You can enable Audit Logging,

Admin Activity audit logs are always enabled; you can’t disable them.> Data Access audit logs are disabled by default and aren’t written unless explicitly enabled.> > For information about enabling some or all of your Data Access audit logs, see Configure Data Access audit logs.

Set the Permissions and roles via IAM to determine your ability to access audit logs data in Google Cloud resources.
You can view audit logs in Cloud Logging by using the Google Cloud console, the Google Cloud CLI, or the Logging API.

Hope this helps.

1 Like
3

To capture log events of file downloads from a GCS bucket, you can use Cloud Audit Logging. Cloud Audit Logging tracks all API operations performed on Google Cloud resources, including downloads from GCS buckets.

To enable Cloud Audit Logging for your GCS bucket, follow these steps:

  1. Go to the Cloud Audit Logging page in the Google Cloud console.
  2. Click Enable logging for all resources.
  3. Select the Audit Logging checkbox for the Storage API.
  4. Click Save.

Once Cloud Audit Logging is enabled, you will be able to view log events of file downloads from your GCS bucket in the Cloud Logging console.

To view log events of file downloads, follow these steps:

  1. Go to the Cloud Logging page in the Google Cloud console.
  2. In the Filter box, enter the following query:
resource.type="gcs_bucket"
AND operation.type="object.get"

This query will return all log events of objects being downloaded from GCS buckets.

To view more details about a log event, click on the event. The event details will include information such as the time and date of the event, the user who performed the event, and the object that was downloaded.

You can also export Cloud Audit Logging data to BigQuery for further analysis. To export Cloud Audit Logging data to BigQuery, follow these steps:

  1. Go to the Cloud Audit Logging page in the Google Cloud console.
  2. Click Export to BigQuery.
  3. Select the dataset where you want to export the data.
  4. Click Export.

Once the data has been exported to BigQuery, you can use BigQuery to analyze the data and generate reports.

I hope this information is helpful. Please let me know if you have any other questions.

1 Like