| Plugin Title | Bucket Logging |
| Cloud | |
| Category | Storage |
| Description | Ensures object logging is enabled on storage buckets |
| More Info | Storage bucket logging helps maintain an audit trail of access that can be used in the event of a security incident. |
| GOOGLE Link | https://cloud.google.com/storage/docs/access-logs |
| Recommended Action | Bucket Logging can only be enabled by using the Command Line Interface and the log bucket must already be created. Use this command to enable Logging: gsutil logging set on -b gs://[LOG_BUCKET_NAME] -o AccessLog gs://[BUCKET_NAME] |
- Log into the Google Cloud Platform Console.
- Scroll down the left navigation panel and choose "Cloud Storage" to select the "Buckets" option.
- On the "Buckets" page, create the log bucket if you dont have one.
- Click on the 'cloud shell' icon on the top left of navigation bar ,as bucket logging can only be enabled by using the Command Line Interface.
- Enter the command gsutil logging set on -b gs://[LOG_BUCKET_NAME] -o AccessLog gs://[BUCKET_NAME]
- Repeat steps number 4-5 to enable logging to all other buckets in the project.
