google-cloud-platformgoogle-cloud-storagegoogle-cloud-logginggoogle-cloud-load-balancergoogle-cloud-armor

How to view and configure log retention of Security Policies in Google Cloud Armor?


What is the retention for logs generated by Google Cloud Armor - Security Policies and Adaptive Protection?

The Request Logging Official Documentation states that Google Cloud Armor logs are part of the Cloud Load Balancing logs.

Does that mean the retention period of buckets for Load Balancers state the retention period for Security Policies' logs?

The log retention period for the bucket named 'load-balancer' states 1 day whereas I am able to view logs older than a day, the Log Explorer.


Solution

  • The time that log entries are saved is controlled by the Retention Period set for the logging bucket. There is a 7-day grace period in which expired logs aren't deleted. You should not be able to view them, but the entries are still there. Reference: search for "Configure custom retention" on this page.

    Go to Log buckets. Find the bucket named "_Default". At the far right click on the ellipses. Click "View bucket details". The popup will display the "Retention period". You can also change the retention period with "Edit bucket".

    You can also get the Rention period with the CLI:

    gcloud logging buckets describe _Default --location global