Secure Solution for Accessing Application Logs on Google Cloud Platform (GCP)

Implementing a Secure Solution for Accessing Application Logs on GCP

Prev Question Next Question

Question

You have a pool of application servers running on Compute Engine.

You need to provide a secure solution that requires the least amount of configuration and allows developers to easily access application logs for troubleshooting.

How would you implement the solution on GCP?

Answers

A. ¢ Deploy the Stackdriver logging agent to the application servers. ¢ Give the developers the IAM Logs Viewer role to access Stackdriver and view logs.

B. ¢ Deploy the Stackdriver logging agent to the application servers. ¢ Give the developers the IAM Logs Private Logs Viewer role to access Stackdriver and view logs.

C. ¢ Deploy the Stackdriver monitoring agent to the application servers. ¢ Give the developers the IAM Monitoring Viewer role to access Stackdriver and view metrics.

D. ¢ Install the gsutil command line tool on your application servers. ¢ Write a script using gsutil to upload your application log to a Cloud Storage bucket, and then schedule it to run via cron every 5 minutes. ¢ Give the developers the IAM Object Viewer access to view the logs in the specified bucket.

Show Answer

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

The correct answer is A:

A. Deploy the Stackdriver logging agent to the application servers. Give the developers the IAM Logs Viewer role to access Stackdriver and view logs.

Explanation:

To provide a secure solution that requires the least amount of configuration and allows developers to easily access application logs for troubleshooting on GCP, the Stackdriver logging agent can be used. Stackdriver logging is a fully-managed, scalable log management system that enables you to store, search, analyze, monitor, and alert on log data and events from Google Cloud and other sources. Stackdriver Logging allows developers to easily view logs and troubleshoot application issues.

To implement this solution, the Stackdriver logging agent should be deployed to the application servers. The Stackdriver logging agent is a small, efficient program that runs on a VM instance and sends logs from the instance to Stackdriver Logging. This agent can be installed on any Compute Engine VM instances running Linux or Windows. Once the agent is deployed and configured, it will start streaming logs to Stackdriver Logging.

Next, developers should be given the IAM Logs Viewer role to access Stackdriver and view logs. The IAM Logs Viewer role allows developers to view logs, but not modify or delete them. This role provides read-only access to all logs in the project. By granting this role to developers, they will have access to the logs they need to troubleshoot application issues, while still maintaining a secure environment.

Option B is incorrect because the IAM Logs Private Logs Viewer role is not a valid role.

Option C is incorrect because the Stackdriver monitoring agent is used for collecting and monitoring system and application metrics, not logs.

Option D is incorrect because using a script to upload logs to a Cloud Storage bucket is a more complicated solution that requires more configuration and maintenance compared to using Stackdriver Logging. Additionally, this solution does not provide real-time log analysis and does not provide developers with easy access to logs for troubleshooting.

Prev Question Next Question