jit-access icon indicating copy to clipboard operation
jit-access copied to clipboard
verified publisher icon GoogleCloudPlatform

Configuration of audit logs for JIT application is not working as expected.

Open Rajeshwaric7 opened this issue 1 year ago • 2 comments

@jpassing , I tried configuring it in 2 ways but have issues even though have setup email configuration properly.

  1. using Google log based alert https://cloud.google.com/logging/docs/alerting/log-based-alerts : Created alert policy to query labels.event="api.activateRole" However logs are showing up in console but emails are not getting forwarded to our Team DL.

  2. Using pub/sub and application Integration https://cloud.google.com/application-integration/docs/listen-pub-sub-topic-send-email Issue is emails are not getting forwarded to our Team DL but if i update our induvial ID's, receiving emails.

Please suggest the reliable solution for enabling this auditing.

Rajeshwaric7 avatar Mar 19 '24 06:03 Rajeshwaric7

@jpassing , Any suggestions on my ask.

Rajeshwaric7 avatar Mar 26 '24 07:03 Rajeshwaric7

Re (1): When you open the Policy details page in the Cloud Console, do you see matching logs and any incidents?

When I set up an alerting policy for the query labels.event="api.activateRole" and activate a role in JIT Access, the page looks like this:

image

If you don't see logs, then maybe logs are being routed to a different project? If you see logs and incidents, but don't get any emails, then I suspect there's something wrong with the configuration of notification channels.

jpassing avatar Mar 27 '24 04:03 jpassing