Google Cloud Audit Logs Sample Event Messages
Use these sample event messages to verify a successful integration with JSA.
Due to formatting issues, paste the message format into a text editor and then remove any carriage return or line feed characters.
Google Cloud Audit Logs sample message when you use the Google Cloud Pub/Sub protocol: list of objects retrieved
The following sample event message shows the retrieval of a list of objects that match the criteria that are provided. This retrieval is the result of an action that was taken by Google Cloud Storage.
{"insertId":"a1aaaaa11aaa","logName":"projects/clover-pciprod/logs/cloudaudit.googleapis.
com%2Fdata_access","protoPayload":{"@type":"type.googleapis.com/google.cloud.audit.AuditLog",
"authenticationInfo" :{ "principalEmail":"user@test" },
"authorizationInfo":[{"granted":true,"permission":"storage.objects.list","resource":"projects
/_/buckets/rivus-file-cache-clover-pciprod","resourceAttributes":{}}],
"methodName":"storage.objects.list" , "requestMetadata" :
{ "callerIp":"10.135.0.42" ,"callerNetwork":"//compute.googleapis.com/projec
ts/clover-vpc-pci/global/networks/__unknown__","callerSuppliedUserAgent":"Clover Google-API-Jav
a-Client Google-HTTP-Java-Client/1.28.0 (gzip),gzip(gfe)","destinationAttributes":{},"requestAt
tributes":{"auth":{},"time":"2020-04-08T23:35:14.487672816Z"}},"resourceLocation":{"currentLoca
tions":["location"]},"resourceName":"projects/_/buckets/rivus-file-cache-clover-pciprod",
"serviceName":"storage.googleapis.com" ,"status":{}},
"receiveTimestamp":"2020-04-08T23:35:15.981168264Z" ,"resource":{"labels":
{"bucket_name":"rivus-file-cache-clover-pciprod","location":"location","project_id":"clover-pc
iprod"},"type":"gcs_bucket"},"severity":"INFO","timestamp":"2020-04-08T23:35:14.483227095Z"}JSA field name |
Highlighted payload field name |
|---|---|
Event ID |
MethodName |
Event Category |
serviceName |
Logsource Time |
receivedTimestamp |
Username |
authenticationInfo + principalEmail |
Source IP |
requestMetadata + callerIp |
Google Cloud Audit Logs sample message when you use the Google Cloud Pub/Sub protocol: object information modified
The following sample event message shows the modification of an object's information and is the result of an action that was taken by Google Cloud Storage.
{"insertId":"a1aaaaa11aaa","logName":"projects/clover-pciprod/logs/cloudaudit.googleapis.
com%2Fdata_access","protoPayload":{"@type":"type.googleapis.com/google.cloud.audit.AuditLog",
"authenticationInfo":{ "principalEmail":"user@test" },"authorizationInfo":
[{"granted":true,"permission":"storage.objects.update","resource":"projects/_/buckets/rivusfile-
cache-clover-pciprod/objects/NORTH_ADJUSTMENT/2020/04/08/USER#A11AAA.11111111.111111.te
st.example","resourceAttributes":{}}], "methodName":"storage.objects.update"
,"requestMetadata":{ "callerIp":"10.135.0.42" ,"callerNetwork":"//compute.
googleapis.com/projects/clover-vpc-pci/global/networks/__unknown__","callerSuppliedUserAgent":
"Clover Google-API-Java-Client Google-HTTP-Java-Client/1.28.0 (gzip),gzip(gfe)","destinationAt
tributes":{},"requestAttributes":{"auth":{},"time":"2020-04-08T23:35:26.176068572Z"}},"resourc
eLocation":{"currentLocations":["location"]},"resourceName":"projects/_/buckets/rivus-file-cac
he-clover-pciprod/objects/NORTH_ADJUSTMENT/2020/04/08/USER#A11AAA.11111111.111111.test.example
", "serviceName":"storage.googleapis.com" ,"status":{}},"receiveTimestamp":
"2020-04-08T23:35:27.212247517Z","resource":{"labels":{"bucket_name":"rivus-file-cache-cloverpciprod","
location":"location","project_id":"clover-pciprod"},"type":"gcs_bucket"},"severity":
"INFO", "timestamp":"2020-04-08T23:35:26.171189525Z" }JSA field name |
Highlighted payload field name |
|---|---|
Event ID |
principalEmail |
Event Category |
methodName |
Logsource Time |
callerIp |
Username |
serviceName |
Source IP |
timestamp |