GCP Logging - Identify Unusual Traffic
I recently noticed some unusual traffic on my Google Cloud SQL instance.
Can you please help me identify the source of this traffic?(Attached image)
Interestingly, I get around 40 Hits(All 'password authentication failed') in a 15 minute span everyday and then nothing. The exact log does not contain any IP or other source information so I am curious if there was another way I could find info on the source.
P.S It is not due to anything I have scheduled/automated.
Have you configured Cloud SQL instance to have a public IPv4 address? if so the connection can be using:
- the public IP and coming from the adresses or the ranges you configured in
Cloud SQL Instances > Overview > Connections > Authorized networks - the Cloud SQL Auth Proxy but the it must has the at least the
cloudsql.instances.connectpermission
If only the private IP is configured on your instance, you can only connect from within the same network as your instance (so it's less worrying).
Unfortunately the audit logs for "cloudsql.instances.connect" that can show the ip address of the caller, shows only when the Cloud SQL Auth Proxy
- has the permission mentioned above and succeeds to autneticate
- dont have the permission and show the
Not authorized to access resourcelog message and it's not your case
- How to decorate console logger messages in Python?
- Why do multiple identical function calls have significant differences in execution time on Arduino?
- Logging not working in laravel queue job
- Embedded Tomcat using log4j for logging
- Making Python loggers output all messages to stdout in addition to log file
- Python Design Pattern Logger Class
- how to log a file in Django
- How does the `log` crate know which logger to use?
- How to see logs from npm installation?
- How can I subclass logging.Logger without breaking %(filename) in logging.Formatter's interpolation syntax
- How to see normal print output created during pytest run?
- log All response and request spring webflux
- How do I get logs from all pods of a Kubernetes replication controller?
- Exception Handling in a Java Web Application
- How to log first 10 commits in Git
- Rails 7.1, log to STDOUT and log/production.log
- Best practice to set up loggers with two different outputs in Databricks
- What is os.log for?
- Set specific logback.xml file with -Dlogback.configurationFile when logback.xml is just in .war package
- Fluent-bit - Splitting json log into structured fields in Elasticsearch
- log file as makefile target
- Multi-line logging in Python
- Is it worth to use slf4j with log4j2
- Write a message to the log
- How to easily make std::cout thread-safe?
- Reading Windows Logs efficiently and fast
- Reporting information during code execution: best design
- Python logging.setLoggerClass() isn't
- Log4j- difference between Configuration and Level
- ILogger does not write to console using serilog