Make my Logs Explorer more human

Google Cloud Cloud Foundations & Onboarding
1

Hi,

I practice GCP cloud and now I am studying the Logs Explorer section based on events generated from Cloud NAT which I created previously.

What i did?

  1. Log in to VM instance #gcloud compute ssh vm-internal --zone us-east4-c --tunnel-through-iap

  2. On VM #sudo apt-get update

  3. Go to Logs Explorer where I see bunch of logs which tells me nothing. Exemplary output:

INFO 2024-01-03T10:28:22.389769Z [protoPayload.serviceName: oslogin.googleapis.com] [protoPayload.methodName: google.cloud.oslogin.v1.OsLoginService.CheckPolicy] [protoPayload.resourceName: projects/qwiklabs-gcp-00-12a41874ee7d/zones/us-east4-c/instances/vm-internal] [protoPayload.authenticationInfo.principalEmail: student-03-ecd3b5a62c26@qwiklabs.net] audit_log, method: “google.cloud.oslogin.v1.OsLoginService.CheckPolicy”, principal_email: “student-03-ecd3b5a62c26@qwiklabs.net

As example, how would I retrieve output like?

  1. Which command was executed? I mean: apt-get update

  2. Or which packages were updated?

  3. For which VM instance? Name? IP etc?

Or question to GCP experts, how are you uisng Logs Explorer? How do you filter logs outputs to make it more readable?

1 Like
2

Hi,

Great to hear you are learning Google Cloud! :slightly_smiling_face:

Logs Explorer is part of Cloud Operations Suite and will show you any logs ingested by the Cloud Logging service. What you pasted above is an example of a log entry from a native Google Cloud service, in this case the oslogin service.

If you want to see logs from the VM itself - for example to see standard system log messages you would need to install the Ops Agent, this is a tool that then runs on the VM and can feed VM system logs into Cloud Logging so that you can view and query logs centrally from all your systems, more details here:

https://cloud.google.com/stackdriver/docs/solutions/agents/ops-agent

There are many ways to install it, either at VM creation time or after, some guidance here:

https://cloud.google.com/stackdriver/docs/solutions/agents/ops-agent/install-index

However, one thing to point out is that this will only capture logs generated on the VMs logging system. For example if you wanted to capture every command entered on a system, you would first need to ensure there is a mechanism on the the VM to log this and then ensure that log is also captured by the Ops Agent. This is outside the scope of this forum, but there are some suggestions on a post like this:

https://serverfault.com/questions/336217/how-do-i-log-every-command-executed-by-a-user

Finally, how do you make logs more readable, well there is plenty of guidance around how to search and navigate Logs Explorer here:

https://cloud.google.com/logging/docs/view/logs-explorer-interface

And there is also the really cool new Duet AI log summary capability which can explain log entries to you if you have the service enabled:

https://cloud.google.com/logging/docs/view/summarize-log-entries-duet-ai

Hope that helps, happy logging! :slightly_smiling_face:

Alex

1 Like