Hi!

I’m new-ish to Looker and have some security/governance questions.

I was wondering if there was any way to export Looker audit logs (or just logs in general) to a GCS bucket or Cloud Logging.

I’ve found Logs documentation but I can only view that from within Looker and it’s the last 500 lines.  What happens if I need to keep logs for, say...7 years? Or if I want to alert off of it?  I found GCS Looker Actions but it’s more for exporting a Look or explore to GCS periodically, which says to me that there’s either going to be a lot of overlap in logs/data or that I will have gaps in my logs/data.

I also found this Looker Blog Archive with some feature:
 

In the event of needing to investigate who has accessed what data, Looker provides a robust audit trail. Administrators can provide transparency to internal and external stakeholders and reveal who has accessed what data and when. The ‘in-database’ architecture means every query and viewed report creates a database event, which Looker logs. Looker has monitoring tools built into the platform. This unique ‘in-database’ architecture can also enable real-time alerting if a predefined event of interest takes place.

Additional considerations: Stricter Service Level and GDPR Data Protection Agreements between organizations are promising as fast as 24-hour alerts about data compromises. This is because GDPR requires that data breaches are reported within 72 hours to a regulator.

Except it doesn’t go on to say or provide documentation links to *how* I can do all this.  When I google for “Looker audit trail”, I just get pretty much the same results as “Looker logs” and there’s nothing obvious that says how I can see logs on data access or where the radio button is to enable alerting.

Maybe my Google-fu just isn’t that good when it comes to Looker stuff, but could someone point me in the right direction?


Thanks,
GY