Whether you are just starting your observability journey or already are an expert, our courses will help advance your knowledge and practical skills.
Expert insight, best practices and information on everything related to Observability issues, trends and solutions.
Explore our guides on a broad range of observability related topics.
Google Workspace audit logs provide detailed records of user activities, such as logins, file sharing, and administrative actions. These logs help you understand how Google Workspace applications are being used, track changes, and monitor for suspicious behavior, enabling you to maintain a secure and efficient workspace.
Send audit logs from Google Workspace applications to Coralogix to enhance visibility into performance and usage patterns. By utilizing the Google Workspace integration, you can proactively resolve issues and optimize your Google Workspace environment, ensuring improved reliability, security, and efficiency.
Users with the following permissions may view and/or manage integrations.
Resource | Action | Description | Explanation |
---|---|---|---|
integrations | ReadConfig | View Deployed Integrations | View deployed integration packages. |
integrations | Manage | Manage Integrations | Deploy, undeploy, and update integrations. |
Find out more about roles and permissions here.
STEP 1. Configure a Service Account and API Key to facilitate automated intermediation.
STEP 2. Set up Domain Wide Delegation, to authorize your Service Account to read user data and send it to Coralogix. The OAuth Scope permissions required are as follows:
https://www.googleapis.com/auth/admin.directory.user.readonly
https://www.googleapis.com/auth/admin.reports.audit.readonly
STEP 3. Navigate to API & Services > Library screen. Select Admin SDK API and ensure it’s enabled.
STEP 4. From your Coralogix toolbar, navigate to Data Flow > Integrations. Select Google Workspace Users.
STEP 5. Click + ADD NEW.
STEP 6. If you haven’t already done so in STEP 1, click GO TO GCP ACCOUNT and create a key file. Then, click NEXT.
STEP 7. Click SELECT FILE and upload the key file you previously created.
STEP 8. A confirmation will appear when the file is uploaded successfully. Click NEXT.
STEP 9. Fill in the settings:
STEP 10. Click COMPLETE to finish the setup. It will take several minutes for the integration to take effect and for user data to be available.
Explore these use cases for effectively monitoring Google Workspace logs in the Coralogix platform.
To view all activities performed by the user “john@bank.com” in Google Drive over the last 7 days, select the Application Name and Subsystem Name for Google Workspace integration. In the Explore Screen, apply the following query within the last 7-day timeframe:
<ActorEmail:"john@bank.com>" AND ApplicationName:"drive”
To detect if a user downloads an unusual amount of files from Google Drive, set an alert for when a user downloads more than 5 files within 10 minutes. Configure a standard alert with the following query:
ApplicationName:"drive” AND Event.Name:”download”
Set the threshold to at least 5 logs in 10 minutes and group by ActorEmail
.
To see statistics about the usage of your Google Workspace applications, create a horizontal bar chart widget in Custom Dashboards. Set the widget group-by parameter to Application.Name
to display the top applications in Google Workspace.
Need help?
Our world-class customer success team is available 24/7 to walk you through your setup and answer any questions that may come up.
Feel free to contact us via our in-app chat or by emailing support@coralogix.com.