How do to enable data access log and audit log for Firebase. In GCP Platform, I am able to see audit log and data access log for cloud datastore. How do we enable the same in firebase?
I have few tables in firebase, client is complaining of few calls not being serviced and has got the error in connecting. 3 requests failed out of 821 requests.
This feature is available for firebase firestore now.
https://cloud.google.com/firestore/docs/audit-logging
Need to enable IAM audit log for Firebase API and that helps in tracking the firebase activities.
There is no accessible data access log for the Firebase Realtime Database. If you can reproduce the problem, you might want to reach out to Firebase support to see if they can find the missing client calls in their logs.
Related
I have a real time database and having multiple listeners on it. I would like to see a log entry in my audit logs when a read happens.(my listeners are reading out the database when some changes occur).
Google Cloud Audit logs are the best candidate for that so I have enabled all the entries related to Firebase Realtime Database API:
I am the owner of the project so I am not lacking of any permissions. I would like to see who has read my database. My listeners have read for sure but I can not see those events in the logs. I can see the following log entries but none of them are the ones I would like to see:
Could you please tell me how could I see the actual reading of my database?
Thanks Sai for the pointers on Data Access Logs (or Cloud Audit Logs) enablement.
Just want to chime in from Firebase Realtime Database's perspective.
You have already found our documentation page: https://firebase.google.com/support/guides/cloud-audit-logging/firebase-realtime-database#enabling_audit_logging
Note that there can be up to 1h of delay between audit logs IAM configs change and your databases picks up the change.
Also keep in mind that RTDB cloud audit logs only include listen registration event, update broadcast are omitted.
For more details, see compare audit logs with profiler documentation.
It looks like there is a service for logging all read/write operations in Firestore:
https://cloud.google.com/firestore/docs/audit-logging
I have billing enabled, as well as the Cloud Storage for Firebase API with read/write data access. (the api keys are also ip restricted, so that the db won't be abused)
IAM -> Audit Logs
In cloud logs, I perform this query:
logName=("projects/{my-project}/logs/cloudaudit.googleapis.com%2Fdata_access" OR "projects/{my-project}/logs/cloudaudit.googleapis.com%2Factivity")
But I still can't see any of the read/write operations.
Are the queries wrong? Anything else?
For Firestore, enable the Audit Logs under Firestore/Datastore API in the IAM -> Audit Logs page.
Cloud Storage for Firebase API does not apply to Firestore.
I received an e-mail from firebase-noreply #google.com to the tune of:
[Firebase] Your unused Realtime Database ‘my secret’ will be deactivated in 14 day(s)
We've detected the following issue(s) with your security rules:
any logged-in user can read your entire database
any logged-in user can write to your entire database
I have an app on my Raspberry Pi which is available by web, that will send a firebase message to my mobile phone. It will enable a user (any friend of mine that I chose to tell the url to) to track my position. The webpage on my Rpi contains the API key.
Following this e-mail, should I still expect my app to work?
It's a while since I wrote the app but I do find it occasionally useful. The link that firebase sent me to edit my security settings doesn't work. I think I only had an entry in the firebase realtime database to enable me to get an API key. Please forgive me if I am asking a daft question but it has been years since I worked on this.
firebaser here
The email is specific to the Firebase Realtime Database of your project, and won't affect Firebase Cloud Messaging in any way. If calls to FCM succeed before the database is disabled, they will continue to succeed after the database is disabled.
Of course, if your app needs to interact with the database to do its work, that will stop to function when the database is disabled.
I just deleted my flutter app from firebase console , but it is still working and changing data in the realtime database.
Can anyone tell me how its still connected with the firebase?
Thanks
According to Firebase documentation, when you delete an app:
Corresponding API keys or OAuth clients are NOT deleted. You can clean
up the API keys or OAuth clients in the Google APIs console
credentials page. Deleting these resources will break installed
applications: your users will no longer be able to authenticate or
sign in.
Access to the realtime database is not limited to apps that are registered in the Firebase console. Any code that has the proper configuration for your database, can try to access that database. If you want to be more selective in who can access the database, you will need to do this with Firebase's server-side security rules, typically in combination with Firebase Authentication.
Where are the Firebase database rules "Access Denied" messages logged on the Firebase server?
We are using the JavaScript web version of Firebase client libraries. The answer below is referring to Android or iOS but can we get automatic logging / analytics on the Web version?
For example, one of our customers sees:
firebase issue Error: permission_denied at
/companydata/Global/eJztlD9PwzAQxb8K8pyBVqJDtkIpCtA/IpQFMRzJtbXq2NHlUhRV/e6ck4LKQioQagc23z3n+efn2Bs1JUx1AoyFCp83KmLM7rBSoZq7OVZWBWryWiCtgbWzjSK9JzAlynDs/IQcCdiRCs8DFRUTGczBFBioK2cZtEWK0lqcAqHlz64KbWmM/+beLQTC7Ck7h2hhHWGMQMlyqNGID1OJ22AfNVtQG+jsMj4F0hbKv0L0IAcSyrHrHx97s04r6Okn8vtfEmiF3JbjLeRg/6P8Pkqu8k5bkCNnsTobrfjLJjvHueSpy5ZtwP2yYAKj4UjAL4GKHbFw+XdfqhtyZb4rD01/oAkT3xFy7/jg3obaMNLOc5J7UQqVlBTO4oH67HXrZSxk2KiirD+eaplX8zEQ97ne+COsROpeSATk0jJhH0ivF6hry5qrceMzNXKbtu/y+E4I:
Client doesn't have permission to access the desired data.(…)
I'd like to see these errors in a log somewhere on the Firebase console.
Is there a place to see data rules denials?
Thanks!
There is no server-side location where these error messages are captured that you have access to.
You will have to reproduce the client's behavior locally or use the Firebase Database rules simulator to reproduce it.
I think that you have to do it (logging denied access), manually.
Firebase analytics collects some events by default. Here you can find the list of those events. And here is an example of how to add log events in android.