Google Cloud Audit Logs

Log GCP Audit Log events as changes via Pub/Sub push to correlate infrastructure changes with incidents.

InboundCloud Platforms
Start Free Trial

Quick Setup

Copy Webhook URL

Go to your Alert24 dashboard and copy the webhook URL for Google Cloud Audit Logs.

Configure Google Cloud Audit Logs

Add the webhook URL in your Google Cloud Audit Logs settings.

Auto-Detected

Alert24 auto-detects Google Cloud Audit Logs payloads and maps them to incidents.

Step-by-Step Setup Instructions

Google Cloud Audit Logs Webhook Setup

### Option A: Pub/Sub Push (Log Sink)

1.Create a log sink that routes audit logs to a Pub/Sub topic:
gcloud logging sinks create alert24-audit-sink \
  pubsub.googleapis.com/projects/<PROJECT_ID>/topics/audit-logs \
  --log-filter='protoPayload.@type="type.googleapis.com/google.cloud.audit.AuditLog"'
2.Create a Pub/Sub push subscription:
gcloud pubsub subscriptions create alert24-audit-push \
  --topic=audit-logs \
  --push-endpoint=<WEBHOOK_URL>

### Option B: Eventarc

1.Create an Eventarc trigger that sends google.cloud.audit.log.v1.written events to your webhook URL
2.Payloads arrive with CloudEvents headers including ce-type

Example Webhook Payload

This is a sample payload that Google Cloud Audit Logs sends to Alert24 when an alert fires.

{
  "protoPayload": {
    "@type": "type.googleapis.com/google.cloud.audit.AuditLog",
    "serviceName": "compute.googleapis.com",
    "methodName": "v1.compute.instances.delete",
    "resourceName": "projects/my-project/zones/us-central1-a/instances/my-instance",
    "authenticationInfo": {
      "principalEmail": "user@example.com"
    },
    "status": {
      "code": 0
    }
  },
  "resource": {
    "type": "gce_instance",
    "labels": {
      "instance_id": "1234567890",
      "project_id": "my-project",
      "zone": "us-central1-a"
    }
  },
  "timestamp": "2024-01-15T10:30:00Z",
  "severity": "NOTICE",
  "logName": "projects/my-project/logs/cloudaudit.googleapis.com%2Factivity"
}

How Alert24 Maps Google Cloud Audit Logs Data

Status Field

protoPayload.status.code

Message Field

protoPayload.methodName

Auto-Create Incidents

Yes

Auto-Resolve Incidents

No

Status Mapping

Alert24 StatusGoogle Cloud Audit Logs Values
operational
0
down
12345678910111213141516

Track GCP Infrastructure Changes

Track changes for incident correlation and AI root cause analysis

  1. 1Create a Cloud Logging sink filtering on Audit Log events
  2. 2Route to a Pub/Sub topic
  3. 3Create a push subscription pointing to your Alert24 Changes Webhook URL

Alert24 auto-detects GCP Audit Log payloads and extracts the method name, principal email, and resource.

Changes are logged per service. Copy the Changes Webhook URL from your service page in Alert24. When an incident occurs, recent changes are surfaced automatically with AI-powered root cause analysis. Learn more →

Connect Google Cloud Audit Logs to Alert24 in minutes

Free plan includes 5 monitors, 1 status page, and incident management. No credit card required.

Start Free TrialSee Pricing

More Cloud Platforms Integrations

AWS CloudWatch

Inbound

Receive CloudWatch alarm notifications via SNS webhook.

Azure Monitor

Inbound

Receive Azure Monitor alerts and log Activity Log changes to correlate infrastructure changes with incidents.

Azure Service Health

Inbound

Receive Azure Service Health incident, maintenance, and advisory notifications.

Azure Resource Health

Inbound

Receive Azure Resource Health notifications for individual resource availability.

Google Cloud Monitoring

Inbound

Receive Google Cloud Monitoring (formerly Stackdriver) alerts.

Google Cloud SCC

Inbound

Receive Google Cloud Security Command Center threat and vulnerability findings via Pub/Sub.