This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

Mapping of audit logs with firewall logs

Posted on 04-02-2025 02:56 AM
cagarwal20
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Can we map the audit logs and firewall logs using some key in both the logs ?

0 2 126
Topic Labels
0 Likes
2 REPLIES 2

Posted on --/--/---- --:-- AM
ruthseki
Staff
Reply posted on --/--/---- --:-- AM

Hi @cagarwal20,

Welcome to Google Cloud Community!

Yes, you can map audit logs and firewall logs in Google Cloud using a common key, primarily the resource.labels.instance_id. The idea is to identify a field or set of fields that exist in both the audit logs and firewall logs, and which uniquely identify the resource, usually a VM instance being affected.

The resource.labels.instance_id represents the unique instance ID of a Compute Engine VM. It's present in both Compute Engine Audit Logs and Firewall Logs when the firewall rule applies to a VM instance. It's specific and directly links the activity in the audit log to network activity recorded in the firewall logs.

Was this helpful? If so, please accept this answer as “Solution”. If you need additional assistance, reply here within 2 business days and I’ll be happy to help.

0 Likes

Posted on --/--/---- --:-- AM
cagarwal20
Bronze 1
Bronze 1
In response to ruthseki
Reply posted on --/--/---- --:-- AM

Hi @ruthseki  , thanks for the reply , I have a small doubt , do we have a unique identifier that maps these logs , let's say some kind of connection_id, I also want to map dns logs , audit logs and firewall logs , using some identifier is there a way ?

Thanks in advance!

0 Likes
Top Labels in this Space
Top Solution Authors
View all