No Cloud Storage Audit Logs for Data Transfer Service

Question

I used data transfer service for transferring large amount of data from one bucket to another.

I have enabled cloud storage auditing for the project. I have enabled data access audit logs for cloud storage.

Admin Read
Data Read
Data Write

https://cloud.google.com/logging/docs/audit/configure-data-access#config-console

However when I ran the Data Transfer service for Cloud Storage, I can't see audit logs of buckets used in data transfer service in cloud logging.

I am sure it must be using cloud storage service agent behind the scenes.

How can we get audit logs of actions done by data transfer service ?

Answer 1

Cloud logging for storage transfer service now supports cloud logging. [1] https://cloud.google.com/storage-transfer/docs/audit-logging [2] https://cloud.google.com/storage-transfer/docs/audit-logging

Answer 2

It is a recognized limitation of the service that the audit logs for the Data Transfer Service in Cloud Storage are not now obtainable. Google is attempting to make the Data Transfer Service's audit logs better. You can receive a limited amount of information about the actions taken by the Data Transfer Service in the interim by looking at the logs of the source and destination buckets. The object versioning function of Cloud Storage can be used to track changes to items over time as well, however it may increase storage costs.

You may also file a feature request in this link but there is no ETA for it.