Google Cloud Audit Logs + Alert24
Stream events from Google Cloud Audit Logs into Alert24 to correlate changes with incidents and shorten time to resolution.
Log GCP Audit Log events as changes via Pub/Sub push to correlate infrastructure changes with incidents.
Auto-detected payloads
Alert24 recognizes Google Cloud Audit Logs webhooks out of the box and maps fields to incidents automatically.
On-call routing & escalations
Page the right engineer over SMS, voice, push, email, or chat with policy-driven escalations.
Auto-updating status pages
Promote incidents to a public or private status page with one click and keep customers informed.
Change correlation & AI RCA
Recent deploys, infra updates, and feature flag flips surface alongside the incident for faster root cause.
Quick Setup
Copy Webhook URL
Go to your Alert24 dashboard and copy the webhook URL for Google Cloud Audit Logs.
Configure Google Cloud Audit Logs
Add the webhook URL in your Google Cloud Audit Logs settings.
Auto-Detected
Alert24 auto-detects Google Cloud Audit Logs payloads and maps them to incidents.
Step-by-Step Setup Instructions
Google Cloud Audit Logs Webhook Setup
### Option A: Pub/Sub Push (Log Sink)
gcloud logging sinks create alert24-audit-sink \
pubsub.googleapis.com/projects/<PROJECT_ID>/topics/audit-logs \
--log-filter='protoPayload.@type="type.googleapis.com/google.cloud.audit.AuditLog"'gcloud pubsub subscriptions create alert24-audit-push \
--topic=audit-logs \
--push-endpoint=<WEBHOOK_URL>### Option B: Eventarc
google.cloud.audit.log.v1.written events to your webhook URLce-typeExample Webhook Payload
This is a sample payload that Google Cloud Audit Logs sends to Alert24 when an alert fires.
{
"protoPayload": {
"@type": "type.googleapis.com/google.cloud.audit.AuditLog",
"serviceName": "compute.googleapis.com",
"methodName": "v1.compute.instances.delete",
"resourceName": "projects/my-project/zones/us-central1-a/instances/my-instance",
"authenticationInfo": {
"principalEmail": "user@example.com"
},
"status": {
"code": 0
}
},
"resource": {
"type": "gce_instance",
"labels": {
"instance_id": "1234567890",
"project_id": "my-project",
"zone": "us-central1-a"
}
},
"timestamp": "2024-01-15T10:30:00Z",
"severity": "NOTICE",
"logName": "projects/my-project/logs/cloudaudit.googleapis.com%2Factivity"
}How Alert24 Maps Google Cloud Audit Logs Data
Status Field
protoPayload.status.code
Message Field
protoPayload.methodName
Auto-Create Incidents
Yes
Auto-Resolve Incidents
No
Status Mapping
| Alert24 Status | Google Cloud Audit Logs Values |
|---|---|
| operational | 0 |
| down | 12345678910111213141516 |
Track GCP Infrastructure Changes
Track changes for incident correlation and AI root cause analysis
- 1Create a Cloud Logging sink filtering on Audit Log events
- 2Route to a Pub/Sub topic
- 3Create a push subscription pointing to your Alert24 Changes Webhook URL
Alert24 auto-detects GCP Audit Log payloads and extracts the method name, principal email, and resource.
Changes are logged per service. Copy the Changes Webhook URL from your service page in Alert24. When an incident occurs, recent changes are surfaced automatically with AI-powered root cause analysis. Learn more →
Connect Google Cloud Audit Logs to Alert24 in minutes
Free plan includes 5 monitors, 1 status page, and incident management. No credit card required.
More Cloud Platforms Integrations
AWS CloudWatch
InboundReceive CloudWatch alarm notifications via SNS webhook.
Azure Monitor
InboundReceive Azure Monitor alerts and log Activity Log changes to correlate infrastructure changes with incidents.
Azure Service Health
InboundReceive Azure Service Health incident, maintenance, and advisory notifications.
Azure Resource Health
InboundReceive Azure Resource Health notifications for individual resource availability.
Google Cloud Monitoring
InboundReceive Google Cloud Monitoring (formerly Stackdriver) alerts.
Google Cloud SCC
InboundReceive Google Cloud Security Command Center threat and vulnerability findings via Pub/Sub.