gce/BP/2024_002
Product: Compute Engine
Rule class: BP - Best practice, opinionated recommendation
Description
This rule checks that no GCE VMs in the GCP project use the legacy Logging Agent.
It leverages two public GCP APIs for detection:
- The OS Config API (to check installed packages).
- The Cloud Monitoring API (to examine agent uptime metrics).
The rule queries the OS Config API first, and uses Cloud Monitoring API as a fallback. If the agent is detected in either location, the rule fails. If neither API is enabled or both APIs return an empty result, the rule skips the VM as it cannot determine the legacy agent installation status.
It’s recommended to enable VM Manager which enables OS Config API automatically to guarantee the rule’s ability to detect the legacy logging agent.
We recommend transitioning to the Ops Agent, which consolidates logging and monitoring into a single, actively supported solution. It’s designed as the eventual replacement for the legacy Logging Agent.
Remediation
To resolve the rule violation, please uninstall the legacy Logging Agent from any affected VMs. Please also install the Ops Agent for continued logging.