To keep track of "who did what, where, and when?" within GCP projects, the administrator should

focus on Admin Activity logs and Data Access logs. Here’s a detailed explanation of why these two

log streams are essential:

Admin Activity Logs:

These logs capture administrative actions performed in your Google Cloud resources. This includes

actions like creating, modifying, or deleting resources.

Admin Activity logs provide detailed information about the user who performed the action, the

resource that was affected, the action performed, and the timestamp.

Data Access Logs:

These logs capture read and write operations on data within your Google Cloud services. This

includes actions like accessing or modifying data stored in databases, storage buckets, etc.

Data Access logs help track the access patterns of users and services to sensitive data, providing

insights into who accessed which data and when.

Steps to Enable and Access Logs:

Navigate to the Google Cloud Console.

Go to Logging in the left-hand menu.

Enable Admin Activity and Data Access logs if not already enabled.

Use Logs Explorer to filter and view specific logs based on your requirements.

By monitoring both Admin Activity and Data Access logs, administrators can gain comprehensive

visibility into the actions performed on their GCP resources and data, ensuring robust security and

compliance tracking.

Reference::

Google Cloud Logging Documentation

Audit Logs Overview