Your architecture calls for the centralized collection of all admin activity and VM system logs within your project.
How should you collect these logs from both VMs and services?
Click on the arrows to vote for the correct answer
A. B. C. D.B.
To centralize the collection of all admin activity and VM system logs within your GCP project, you have several options.
Option A suggests that Stackdriver automatically collects all admin and VM system logs. This is partially true, as Stackdriver Logging does automatically collect admin activity logs for most services. However, to collect system logs, the Stackdriver Logging agent must be installed on each instance. Therefore, option B is the more accurate answer.
Option B states that the Stackdriver Logging agent must be installed on each instance to collect system logs. This is true. The Stackdriver Logging agent is a service that runs on each VM instance and sends log data to Stackdriver Logging. The agent is responsible for collecting system and application logs from VM instances and forwarding them to Stackdriver Logging.
To collect admin activity logs for most services, Stackdriver Logging automatically collects them. This means that you do not need to install any agents or perform any additional configuration to collect these logs.
Option C suggests launching a custom syslogd compute instance and configuring your GCP project and VMs to forward all logs to it. This is a possible solution, but it is not the best one. This solution requires additional configuration and maintenance, and it does not leverage GCP's built-in logging and monitoring services.
Option D suggests installing the Stackdriver Logging agent on a single compute instance and letting it collect all audit and access logs for your environment. This is not the best solution because it does not collect system logs from all VM instances. Also, having a single instance responsible for collecting all logs is not scalable and may become a bottleneck in the future.
In summary, option B is the best answer. To collect all admin activity and VM system logs within your GCP project, you should install the Stackdriver Logging agent on each instance to collect system logs. For admin activity logs, Stackdriver Logging automatically collects them for most services.