A database administrator has detected malicious activity in their Cloud SQL instance and needs to monitor API calls that read resource configurations or metadata. Which logging type should they examine?