NAME

gcloud logging settings update - update the settings for the Cloud Logging Logs Router

SYNOPSIS

gcloud logging settings update (--folder=FOLDER_ID | --organization=ORGANIZATION_ID) [--disable-default-sink] [--storage-location=STORAGE_LOCATION] [--clear-kms-key | [--kms-key-name=KMS_KEY_NAME : --kms-keyring=KMS_KEYRING --kms-location=KMS_LOCATION --kms-project=KMS_PROJECT]] [GCLOUD_WIDE_FLAG ...]

DESCRIPTION

Use this command to update the --kms-key-name, --storage-location and --disable-default-sink associated with the Cloud Logging Logs Router.

The Cloud KMS key must already exist and Cloud Logging must have permission to access it.

The storage location must be allowed by Org Policy.

Customer-managed encryption keys (CMEK) for the Logs Router can currently only be configured at the organization-level and will apply to all projects in the organization.

EXAMPLES

To enable CMEK for the Logs Router for an organization, run:

$ gcloud logging settings update --organization=[ORGANIZATION_ID] \ --kms-key-name='projects/my-project/locations/my-location/keyRin\ gs/my-keyring/cryptoKeys/key'

To disable CMEK for the Logs Router for an organization, run:

$ gcloud logging settings update --organization=[ORGANIZATION_ID] \ --clear-kms-key

To update storage location for the Logs Router for an organization, run:

$ gcloud logging settings update --organization=[ORGANIZATION_ID] \ --storage-location=[LOCATION_ID]

To update storage location for the Logs Router for a folder, run:

$ gcloud logging settings update --folder=[FOLDER_ID] \ --storage-location=[LOCATION_ID]

To disable default sink for the Logs Router for an organization, run:

$ gcloud logging settings update --organization=[ORGANIZATION_ID] \ --disable-default-sink=true

To enable default sink for the Logs Router for an organization, run:

$ gcloud logging settings update --organization=[ORGANIZATION_ID] \ --disable-default-sink=false

REQUIRED FLAGS

Exactly one of these must be specified:
--folder=FOLDER_ID

Folder to update Logs Router settings for.

--organization=ORGANIZATION_ID

Organization to update Logs Router settings for.

OPTIONAL FLAGS

--disable-default-sink

Enable or disable _Default sink for the _Default bucket. Specify --no-disable-default-sink to enable a disabled _Default sink. Note: It only applies to the newly created projects and will not affect the projects created before.

--storage-location=STORAGE_LOCATION

Update the storage location for _Default bucket and _Required bucket. Note: It only applies to the newly created projects and will not affect the projects created before.

At most one of these can be specified:
--clear-kms-key

Disable CMEK for the Logs Router by clearing out Cloud KMS cryptokey in the organization's CMEK settings.

Key resource - The Cloud KMS (Key Management Service) cryptokey that will be

used to protect the logs being processed by the Cloud Logging Logs Router. The Cloud KMS CryptoKey Encrypter/Decryper role must be assigned to the Cloud Logging Logs Router service account. The arguments in this group can be used to specify the attributes of this resource.

--kms-key-name=KMS_KEY_NAME

ID of the key or fully qualified identifier for the key. To set the kms-key attribute:

provide the argument --kms-key-name on the command line.

This flag argument must be specified if any of the other arguments in this group are specified.

--kms-keyring=KMS_KEYRING

The KMS keyring of the key. To set the kms-keyring attribute:

provide the argument --kms-key-name on the command line with a fully specified name;

provide the argument --kms-keyring on the command line.

--kms-location=KMS_LOCATION

The Cloud location for the key. To set the kms-location attribute:

provide the argument --kms-key-name on the command line with a fully specified name;

provide the argument --kms-location on the command line.

--kms-project=KMS_PROJECT

The Cloud project for the key. To set the kms-project attribute:

provide the argument --kms-key-name on the command line with a fully specified name;

provide the argument --kms-project on the command line;

set the property core/project.

GCLOUD WIDE FLAGS

These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, --help, --impersonate-service-account, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity.

Run $ gcloud help for details.

NOTES

These variants are also available:

$ gcloud alpha logging settings update

$ gcloud beta logging settings update