Collecting events in your account
In IBM Cloud® Activity Tracker Event Routing, events are collected automatically for most Activity Tracker Event Routing-enabled services. However, some services might require an upgrade of the service plan, a configuration setting, or both, for you to be able to collect and route their events.
To collect and monitor activity in your account by using Activity Tracker Event Routing, you can choose any of the following methods:
-
You can configure Activity Tracker Event Routing to manage auditing events in your account while maintaining Financial Services Validated status.
The target resource must be an IBM Cloud® Object Storage bucket that is available in the same account where the auditing events are generated.
You can also use a bucket that is available in a different account from where auditing events are generated.
You must follow and comply with the Financial Services Validated requirements for buckets to maintain Financial Services Validated status.
Activity Tracker Event Routing can only route events that are generated in supported regions. Other regions, where Activity Tracker Event Routing is not available, continue to manage events by using Activity Tracker hosted event search.
-
You can configure the Activity Tracker hosted event search to manage events that are not routed through Activity Tracker Event Routing. By using this option, you can manage these auditing events through the UI. This option also offers PCI, SOC2, Privacy Shield or HIPAA compliance.
-
You can configure Activity Tracker Event Routing to route all events to Activity Tracker hosted event search instances to manage auditing events through the UI.
The Activity Tracker hosted event search instances can be located in the same account where auditing events are generated or in a different account.
In Activity Tracker Event Routing, you can differentiate events by scope as global or location-based events, and by operational impact as either management or data events.
-
The scope is determined from where an event is collected.
-
Collection of management events is automatic for Activity Tracker Event Routing-enabled services, except for Watson services which require a paid plan.
-
Collection of data events is also automatic with the exception of some services where you must opt-in to collect those events. To opt-in, you might need to configure the service, upgrade the service plan, or both. For more information, see Data events.
Collecting global events
You can collect global events in your account by configuring Activity Tracker Event Routing to manage routing of global events to the destination of your choice. Learn more.
Routing can be to 1 or more supported targets such as an Activity Tracker hosted event search instance so that you can monitor events through the UI or to an IBM Cloud Object Storage bucket for archival purposes. Learn more.
Routing can be done to a target resource within the account that generates the auditing events, or to a target resource in another IBM Cloud account.
Collecting location-based events
You can choose 1 of the following options to collect location-based events in your account:
-
Configure Activity Tracker Event Routing: You can choose the region where location-based events are collected. Learn more.
Activity Tracker Event Routing routes events based on the location that is specified in the
logSourceCRN
field included in the event. You can define a target, the resource where events are routed to, in any Activity Tracker Event Routing supported region. However, the target resource can be located in any region where that type of target is supported, in the same account or in a different account. You can define rules to determine where auditing events are to be routed by configuring 1 or more routes in the account. You can define rules for managing global events and location-based events that are generated in regions where Activity Tracker Event Routing is supported.Routing can be to 1 or more supported targets such as an Activity Tracker hosted event search instance so that you can monitor events through the UI or to an IBM Cloud Object Storage bucket for archival purposes. Learn more.
Routing can be done to a target resource within the account that generates the auditing events, or to a target resource in another IBM Cloud account.
Routing of location-based events from a given region is only supported for the regions where Activity Tracker Event Routing is supported. For more information about supported regions, see Locations.
-
Configure Activity Tracker hosted event search for events that are not routed by Activity Tracker Event Routing: Location-based events are available through the Activity Tracker instance that is available in the same region as the service. For a list of services, see IBM Cloud services that generate events that are managed through Activity Tracker hosted event search.
Activity Tracker hosted event search routes location-based auditing events to an Activity Tracker instance in the region where they are generated.