audit_request_status - Linux
Overview
audit_request_status
allows monitoring the status of multiple audit requests submitted to the Security Center service. It provides a snapshot of requests submitted within a user-provided timeframe, categorized by their status.
Syntax
audit_request_status [flags]
Options/Flags
- -from: Specify the starting time (UTC) from which to fetch requests. Format:
YYYY-MM-DD HH:MM:SS
- -to: Specify the ending time (UTC) for fetching requests. Format:
YYYY-MM-DD HH:MM:SS
- -org: (Optional) Organization to retrieve requests for. Defaults to current Google Cloud Organization.
Examples
Fetch requests from last 15 minutes
audit_request_status -from "$(date -u --date='15 mins ago')" -to "$(date -u)"
Fetch requests for a specific organization
audit_request_status -to "$(date -u)" -org "my-org"
Common Issues
No requests found
Check if the specified time range is correct and that it includes requests submitted.
Integration
Use in conjunction with gcloud audit logs
:
gcloud audit logs read \
--filter="protoPayload.methodName:system.publicstorage.google.com/CreateBucket" \
--format="json" \
--execute=audit_request_status -from "$(date -u --date='1 hour ago')" -to "$(date -u)"