'Is it possible to create log based alert for Constraints in GCP using python at organization level?

Is it possible to create log based (stackdriver) alerts for GCP constraints at org level??? Creating alerts at project level is possible, but want to know if we can create alerts at Organization level, if so, how to do that..

pythongoogle-cloud-platform


Solution 1:[1]

Currently, the log-based alerts can only be created at project level.

I think that this could be a workaround for your case:

1. Create an aggregated sink to route audit log entries for your Google Cloud organization.

To create a sink, use the logging sinks create command.

Supply the sink name, sink destination, filter, and the ID of the folder or organization from which you're routing logs:

gcloud logging sinks create SINK_NAME
SINK_DESTINATION  --include-children \
--folder=FOLDER_ID filter

For example, if you're creating an aggregated sink at the folder level and whose destination is a BigQuery dataset, your command might look like the following:

gcloud logging sinks create SINK_NAME \
bigquery.googleapis.com/projects/PROJECT_ID/datasets/DATASET_ID --include-children \
--folder=FOLDER_ID --log-filter="logName:activity"

Notes:

To create a sink at the organization level, replace --folder=FOLDER_ID with --organization=ORGANIZATION_ID.

  • For the sink to include all resources within the organization, the --include-children flag must be set, even when the --organization flag is passed to create. When set to false (the default), a sink will only route logs from the host resource.
  • Retrieve the service account name used to create the sink from the command output.
  • Give that service account permission to write to your sink destination.
  • If you don't have permission to make that change to the sink destination, then send the service account name to someone who can
    make that change for you.

For more information about granting service accounts permissions for resources, see the set destination permissions section.

2. You can set the destination of the sink to Pub/Sub so that you can trigger an email alert whenever the sink routes the audit log.

Logs routed to Pub/Sub are generally available within seconds, with 99% of logs available in less than 60 seconds.

To view your routed logs as they are streamed through Pub/Sub, do the following:

  • Go to the Pub/Sub page in the Cloud Console.
  • Find or create a subscription to the topic used in the log sink, and pull a log entry from it. You might have to wait for a new log entry to be published.

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 Ismael Clemente Aguirre

Related Questions

Selenium-Python: How do I make my WebDriverWait a few seconds before reloading a page?

Selenium-Python: How do I make my WebDriverWait a few seconds before reloading a page?

pip issue installing almost any library

pip issue installing almost any library

pip issue installing almost any library

Selenium-Python: How do I make my WebDriverWait a few seconds before reloading a page?

Selenium-Python: How do I make my WebDriverWait a few seconds before reloading a page?

A simple SMTP server (in Python)

How to specify which pytorch to import, if I have two different versions installed?

How to specify which pytorch to import, if I have two different versions installed?

A simple SMTP server (in Python)

Python: get all months in range?

Python: get all months in range?

Python: get all months in range?

How to specify which pytorch to import, if I have two different versions installed?