This page describes how to find and use Cloud Logging to view and query logs for your Cloud SQL instance.
Cloud SQL uses Cloud Logging. See the cloud logging documentation for complete information and review the Cloud SQL sample queries.
Viewing logs
To view logs for your Cloud SQL instance log entries:
Console
- Go to the Logs Viewer
- Select an existing Cloud SQL project at the top of the page.
- In the Query builder, add the following:
- Resource: select Cloud SQL Database. In the dialog, select a Cloud SQL instance.
- Log names: scroll to the Cloud SQL section and select
appropriate log files for your instance. For example:
- cloudsql.googleapis.com/sqlagent.out
- cloudsql.googleapis.com/sqlserver.err
- Severity: select a log level.
- Time range: select a preset or create a custom range.
gcloud
Use the gcloud logging
command to view log entries. In the example below, replace PROJECT_ID.
The limit
flag is an optional parameter that indicates the maximum number of entries to
return.
gcloud logging read "projects/[PROJECT_ID]/logs/cloudsql.googleapis.com/sqlagent.out" --limit=10
Troubleshooting
Click the links in the table for details:
| For this problem... | The issue might be... | Try this... |
|---|---|---|
| Logging is using a lot of CPU and memory. | Logging needs to be tuned. | Try tuning logging resource usage. |
| Audit logs are not found. | User authentication. | Check user roles and permissions. |
| Operations information not found in logs. | Audit logs are not enabled. | Enable audit logging. |
Logging is using a lot of CPU and memory
Logging is using a lot of CPU and memory.
The issue might be
Logging usage needs to be tuned.
Things to try
The log_statement flag can be set to none and the
logging_collector flag can be set to off. If logging is still
occurring, there may be other log-related flags that can be tuned. You can
edit the instance to modify these flags.
Audit logging
You turned on audit logging for Cloud SQL but are unable to find any audit logs in Cloud Logging
The issue might be
Data-Access logs are only written if the operation is an authenticated user-driven API call that creates, modifies, or reads user-created data, or if the operation accesses configuration files or metadata of resources.
Things to try
Check the roles and permissions of the user performing the operations.
Operation information not found in logs
You want to find more information about an operation. For example, a user was deleted but you can't find out who did it. The logs show the operation started but do not provide any more information.
The issue might be
You must enable audit logging for detailed and personal identifying information (PII) like this to be logged.
Things to try
Enable audit logging in your project.