Assigned
Status Update
No update yet.
Comments
ka...@google.com
ma...@google.com
I have forwarded this request to the engineering team. We will update this issue with any progress updates and a resolution.
Best Regards,
Josh Moyer
Google Cloud Platform Support
Best Regards,
Josh Moyer
Google Cloud Platform Support
Description
Please provide as much information as possible. At least, this should include a description of your issue and steps to reproduce the problem. If possible please provide a summary of what steps or workarounds you have already tried, and any docs or articles you found (un)helpful.
Problem you have encountered:
When audit logs which originated in a folder or organization resource are routed by an aggregated sink to a project destination, those logs will not trigger log-based alerts in the destination project.
What you expected to happen:
Routed logs which originated in a folder or organization resource would trigger log-based alerts in the destination project.
Steps to reproduce:
- From a folder or an organization, create a log sink and route the audit logs to a project by an aggregated sink to a project destination.
- In the project, create a log sink with a filter that accepts the audit logs from folder/organization (by default, these logs won't be accepted by the _Default sink, because it excludes audit logs). Also create a new bucket to receive the audit logs from this newly created log sink.
- In the project, configure log based alert for logs routed by above sinks.