audit_request_status - Linux

Overview

audit_request_status allows monitoring the status of multiple audit requests submitted to the Security Center service. It provides a snapshot of requests submitted within a user-provided timeframe, categorized by their status.

Syntax

audit_request_status [flags]

Options/Flags

• -from: Specify the starting time (UTC) from which to fetch requests. Format: YYYY-MM-DD HH:MM:SS
• -to: Specify the ending time (UTC) for fetching requests. Format: YYYY-MM-DD HH:MM:SS
• -org: (Optional) Organization to retrieve requests for. Defaults to current Google Cloud Organization.

Examples

Fetch requests from last 15 minutes

audit_request_status -from "$(date -u --date='15 mins ago')" -to "$(date -u)"

Fetch requests for a specific organization

audit_request_status -to "$(date -u)" -org "my-org"

Common Issues

No requests found

Check if the specified time range is correct and that it includes requests submitted.

Integration

Use in conjunction with gcloud audit logs:

gcloud audit logs read \
    --filter="protoPayload.methodName:system.publicstorage.google.com/CreateBucket" \
    --format="json" \
    --execute=audit_request_status -from "$(date -u --date='1 hour ago')" -to "$(date -u)"

Related Commands

• gcloud audit logs
• audit_read_request