It looks like there is a service for logging all read/write operations in Firestore: https://cloud.google.com/firestore/docs/audit-logging
I have billing enabled, as well as the Cloud Storage for Firebase API with read/write data access. (the api keys are also ip restricted, so that the db won't be abused)
In cloud logs, I perform this query:
logName=("projects/{my-project}/logs/cloudaudit.googleapis.com%2Fdata_access" OR "projects/{my-project}/logs/cloudaudit.googleapis.com%2Factivity")
But I still can't see any of the read/write operations. Are the queries wrong? Anything else?
For Firestore, enable the Audit Logs under Firestore/Datastore API in the IAM -> Audit Logs page.
Cloud Storage for Firebase API does not apply to Firestore.