IBM Cloud Docs
Audit logging

Audit logging

Audit logs are available for IBM® Cloudant® for IBM Cloud®. You can find more details on how to obtain audit logs depending on whether you use IBM Cloudant or outside IBM Cloud®.

IBM Cloudant for IBM Cloud

Users of IBM Cloudant can use IBM Cloud® Activity Tracker to access audit logs for the service. IBM Cloud Activity Tracker records user-initiated activities that change the state of a service in IBM Cloud. You can use this service to investigate abnormal activity and critical actions and to comply with regulatory audit requirements. You can also be alerted about actions as they happen. The events that are collected comply with the IBM Cloud Auditing Data Federation (CADF) standard. For more information, see IBM Cloud Activity Tracker events.

IBM Cloudant not in IBM Cloud

Users of IBM Cloudant outside of IBM Cloud, such as users of IBM Cloudant Enterprise dedicated clusters, can contact support to request audit logs for exceptional purposes. The process is described in the following section. Any user who requires frequent access to audit logs for purposes such as compliance audits must migrate to IBM Cloudant in IBM Cloud.

How to access audit logs for your account

Audit logging records the IBM Cloudant principals who accessed data that is stored in IBM Cloudant. For all HTTP API access to IBM Cloudant, the audit log function records the following information about each HTTP request:

Recorded audit information
Information Description
Principal Account credentials, API keys, or IBM Cloud IAM credentials, as identified by an HTTP request header.
Action The action carried out, for example, document read.
Resource Details about the account, database, and document accessed or query made.
Timestamp A record of the time and data of the event.

IBM Cloudant audit logs can be used to understand:

  • What and when databases and documents were accessed within an account, and by whom.
  • What and when queries were run, and by whom.
  • What a specific principal or user that is accessed, updated, or deleted, and when.
  • What and when replication documents were created or deleted.

To request access to the audit logs for your account, contact IBM Cloudant support. Support provides a copy of the audit logs that are of interest to you.

When you contact support, be sure to include the following information:

  • The IBM Cloudant account that the request relates to.
  • The time frame for audit logs (must not be more than one month per support request).
  • Any specific databases, documents, or principals of interest.