GCP audit logs are comprehensive logs of all activity within the GCP infrastructure, while system audit logs are specific to the Glean system, and user activity logs are specific to the customer's use of Glean. Additionally, GCP audit logs and system audit logs are available to Glean employees for debugging purposes, while user activity logs are not accessible to Glean employees unless explicitly allowed by the customer.
In summary, system logs are general-purpose logs that capture a wide range of system events, while system audit logs are focused specifically on security-related events and changes to the system configuration.
System Audit Logs capture events within the Glean application itself, while GCP Audit Logs capture changes made to the underlying GCP infrastructure that supports Glean.
GCP Audit logs:
comprehensive logs of all activity within the GCP infrastructure that capture changes made to the underlying GCP infrastructure
track changes in GCP environment for compliance and security purposes
logs specific to the glean system, and specifically on the security-related events and changes to the system configuration
Comprehensive GCP audit logs (400-day retention) are enabled logging changes to GCP system components (enabled by default unless the GCP organization policies are set to prevent some types of audit logging). Glean employees can view admin activity and system events audit logs, which do not contain PII.
User Activity logs:
specific to the customer’s use of Glean
User activity logs are available for searches and actions done by the customer’s employees in Glean. These logs are not accessible to Glean employees unless the customer has allowed for debugging purposes.
GCP storage bucket (270-day retention) scio-<projectid>-query-endpoint-access : logs for all search queries being made. Each entry has the user identity and the query performed.
GCP storage buckets(270-day retention) scio-<projectid>-search-query, scio-<projectid>-search-result, scio-<projectid>-search-result-feedback : This has entries for queries, the results we return per query and the clicks/views for the results. This is primarily used by our ranking pipelines to improve the search.
System logs:
general-purpose logs that capture a wide range of system events
Non-PII logs (400-day retention) are available in the Stackdriver GCP console (
). Glean employees can view these logs for debugging purposes.
PII logs are available in the glean_sensitive_logs_bigquery and audit_logs BigQuery table in the GCP project (30-day retention). Note that by PII we mean information like employee emails or permission group names, and not the content stored in the document body - we don't log the content stored in the document body anywhere. The IAM roles for the BigQuery only allow the GCP project’s admin and not Glean employees. In some rare debugging scenarios Glean employees can lookup specific log entries using debugging APIs in order to debug production issues. All such access is audit logged and requires justification, and must be authorized by a small set of the Glean engineering leadership team.
GCP Error reporting dashboard
monitor and troubleshoot crashes in your cloud service
Error Reporting counts, analyzes, and aggregates the crashes in the running cloud services. These stack traces are visible to Glean employees and we use these reports to fix production issues in the system
Want to print your doc? This is not the way.
Try clicking the ⋯ next to your doc name or using a keyboard shortcut (