- 필수 기능
- 시작하기
- Glossary
- 표준 속성
- Guides
- Agent
- 통합
- 개방형텔레메트리
- 개발자
- Administrator's Guide
- API
- Datadog Mobile App
- CoScreen
- Cloudcraft
- 앱 내
- 서비스 관리
- 인프라스트럭처
- 애플리케이션 성능
- APM
- Continuous Profiler
- 스팬 시각화
- 데이터 스트림 모니터링
- 데이터 작업 모니터링
- 디지털 경험
- 소프트웨어 제공
- 보안
- AI Observability
- 로그 관리
- 관리
It is recommended to create a sink that will export copies of all log entries. This can help aggregate logs from multiple projects and export them to a Security Information and Event Management (SIEM).
Log entries are held in Cloud Logging. To aggregate logs, export them to a SIEM. To keep them longer, it is recommended to set up a log sink. To export logs, create a filter that selects the log entries to export, and then choose a destination, such as Cloud Storage, BigQuery, or Cloud Pub/Sub, to which to export them. The filter and destination are held in an object called a sink. To ensure all log entries are exported to sinks, ensure that there is no filter configured for a sink. Sinks can be created in projects, organizations, folders, and billing accounts.
Note:
Custom Destination
.--log-filter
to ensure the sink exports all log entries.--include-children
in the gcloud
command.There are no costs or limitations in Cloud Logging for exporting logs, but the destinations to which the logs are exported charge for storing or transmitting the log data.
By default, there are no sinks configured.
Currently findings are only audited at the project level. Folder and Organization level log sinks will be audited in the near future. Due to this, a fail
finding may be generated if the log sink is configured at the folder or organization level. In this case the rule may be muted to ensure accurate CSM scoring.
Logs Router
by visiting https://console.cloud.google.com/logs/router.View sink details
.empty
Inclusion filter.Destination
exists.gcloud logging sinks create <sink-name>
storage.googleapis.com/DESTINATION_BUCKET_NAME
gcloud logging sinks create <sink-name>
storage.googleapis.com/DESTINATION_BUCKET_NAME --include-children -- folder=FOLDER_ID | --organization=ORGANIZATION_ID