Google Cloud Logging
      Back to home
      1. Knowledge Base
      2. GCP Knowledge Base
      3. Google Cloud Logging

      Log Sinks Disabled

      Risk Level: Low

      Description

      This module guarantees a log sink is empowered to send out all logs. Log sinks send log information to a capacity administration for recorded and consistency. A log sink with no channel is important to guarantee that all logs are as a rule appropriately sent.

      About the Service

      Google Cloud Logging:

      Cloud Logging is a fully managed service that allows you to store, search, analyze, monitor, and alert on logging data and events from Google Cloud and Amazon Web Services. Logging lets you read and write log entries, query your logs, and control how you route and use your logs. Log-based metrics are based on the content of log entries. For example, the metrics can record the number of log entries containing particular messages, or they can extract latency information reported in log entries. You can use log-based metrics in Cloud Monitoring charts and alerting policies. To know more about GCP Cloud Load Balancing click here.

      Impact

      Log sinks send log data to a storage service for archival and compliance. A log sink with no filter is necessary to ensure that all logs are being properly sent. If logs are sent to a storage bucket, the bucket must exist and bucket versioning should exist. This plugin ensures a log sink is enabled to export all logs. Log sinks send log data to a storage service for archival and compliance. A log sink with no filter is necessary to ensure that all logs are being properly sent. Thus, the recommended action for this is to ensure a log sink is configured properly with an empty filter and a destination.

      Steps to Reproduce

      Using GCP Console-

      In order to ensure or determine, if the selected Log Sink is not configured with an empty filter, follow the steps mentioned below:

      1. Firstly, use the administrator account for signing up to Google Cloud Platform Console.
      2. Now, from the top navigation bar, select the GCP Project you want to investigate in.
      3. From the Navigation Menu on the left, you may find the Operations section.
      4. Click on the Logging subsection under Operations.
      5. Under the Logging navigation panel, you may find Logs Router as shown in the figure below.
      6. Click on the Logs Router navigation link and a Logs Router Page will appear on the screen. Click to open directly from here.
      7. On the Logs Router Page, you will find the list of all the Log Sinks present within the Google Cloud Logging in your GCP Project.
      8. Click on the name Log Sink to select it, of which you want to check the configurations.
      9. Click on the three dots present to select View Sink Details of that Log Sink.
      10.  A detailed dialog box will appear on the screen, check the Inclusion Filter option available in that box. If it is showing any filter option then the selected Log Sink is not configured with the empty filter.
      11. You may repeat the above-mentioned steps to check for the other GCP projects/folders in your organization.

      Steps for Remediation

      Using GCP Console-

      In order to configure the selected Log Sink with an empty filter, follow the steps mentioned below:

      1. Firstly, use the administrator account for signing up to Google Cloud Platform Console.
      2. Now, from the top navigation bar, select the GCP Project you want to investigate in.
      3. From the Navigation Menu on the left, you may find the Operations section.
      4. Click on the Logging subsection under Operations.
      5. Under the Logging navigation panel, you may find Logs Router as shown in the figure below.
      6. Click on the Logs Router navigation link and a Logs Router Page will appear on the screen. Click to open directly from here.
      7. On the Logs Router Page, you will find the list of all the Log Sinks present within the Google Cloud Logging in your GCP Project.
      8. Click on the name Log Sink to select it, of which you want to check the configurations.
      9. Click on the three dots present to select View Sink Details of that Log Sink.
      10.  A detailed dialog box will appear on the screen, check the Inclusion Filter option available in that box. If it is showing any filter option then the selected Log Sink is not configured with the empty filter.
      11. Click on the Edit Sink option available at the bottom of the appeared Log Sink Details dialog box.
      12. An Edit Logs Routing Sink screen will appear on the screen. Clear out the filter available over and save the changes. Now the Inclusion Filter option is empty. 
      13. You may repeat the above-mentioned steps to check for the other GCP projects/folders in your organization.