Google Cloud provides you the possibility to create, handle, modify, and secure a custom network infrastructure following the latest security requirements. You can create subnets, define a firewall to protect incoming and outgoing traffic, and many other operations to keep your resources safe. One of the potential features is logging every event and operation that occurs inside the network infrastructure. Following this idea, Google offers features to log firewall rules usage (Firewall Rules Logging). These logs created are available under Cloud Logging and allow you to monitor traffic patterns within your network and overall infrastructure.
In this lab, you will create a firewall rule with firewall rule logging enabled, to block HTTP traffic directed to a VM that Cloud Academy has deployed into your environment. Finally, you will switch to Cloud Logging to view the logs created.
Learning Objectives
Upon completion of this lab, you will be able to:
- Define a firewall rule with firewall rule logging enabled
- Use Cloud Logging to view the generated logs
Intended Audience
This lab is intended for:
- Google Cloud Network Engineer (NE) certification candidates
- Network engineers who want to improve logging for their network infrastructure
- Individuals who want to better understand how to set up a logging solution for a network infrastructure
Prerequisites
Basic knowledge of Google Networking is preferred, but it's not required. You can follow the Google Networking lab following this link.
Updates
May 19th, 2025 - Updated lab environment and screenshots to reflect the latest console UI
May 29th, 2024 - Updated lab to use Debian 12
October 6th, 2022 - Updated the lab to include flow logs of the default subnet
December 15th, 2021 - Updated instructions and screenshot to reflect updated VPC and Logging console interface