IBM Cloud Docs
Configuring a logdna target

Configuring a logdna target

A target is an IBM Cloud resource where you can collect auditing events. Use this tutorial to learn how to configure an Activity Tracker Event Routing hosted event search target in the account.

Scenarios

You can define an Activity Tracker event search target in any of the following situations:

  • You need a solution to monitor the activity in your account through the UI.
  • You want to collect and store auditing events in an Activity Tracker hosted event search instance. You also want to choose the instance or instances where to collect and manage those events.

Prerequisites

  • You need a user ID that is a member, or an owner of, an IBM Cloud account. To get an IBM Cloud user ID, go to: Create an account.

  • Your user ID needs administrator platform permissions to manage the IBM Cloud Activity Tracker service. Contact the account owner. The account owner can grant another user access to the account for the purposes of managing user access, and managing account resources. Learn more.

  • Learn about Activity Tracker Event Routing. For more information, see About.

  • Install the IBM Cloud CLI. For more information, see Installing the IBM Cloud CLI.

  • Install the latest Activity Tracker Event Routing CLI V2 plugin in your local system. See Installing the Activity Tracker Event Routing CLI.

Manage the type of endpoints

Manage the type of endpoints that are allowed to configure Activity Tracker Event Routing resources. You can use the Activity Tracker Event Routing CLI, the Activity Tracker Event Routing REST API, or a terraform script to define the type of endpoints that are allowed to configure Activity Tracker Event Routing resources in the account.

If you plan to use public endpoints to manage Activity Tracker Event Routing resources in your account, this step is not required.

To disable the use of public endpoints to configure Activity Tracker Event Routing resources, see Enforcing private endpoints to configure Activity Tracker Event Routing resources.

Check your IAM permissions

Check your IAM permissions to work with Activity Tracker Event Routing.

Every user that manages Activity Tracker Event Routing configurations in your account must be assigned an access policy. The policy determines what actions the user can perform. The allowable actions are customized and defined by Activity Tracker Event Routing as operations that are allowed to be performed on the service. The actions are then mapped to IAM user roles. Learn more.

Your user ID needs account management permissions to manage Activity Tracker Event Routing configurations in the account.

Users must have the following IAM roles to manage the Activity Tracker Event Routing account settings.

Required IAM roles to manage the Activity Tracker Event Routing account settings.
Role Minimum scope Minimum required roles Action
atracker.setting.get Account Administrator
Editor
Viewer
Operator
Get setting information
atracker.setting.update Account Administrator Update settings

Users must have the following IBM Cloud® Activity Tracker Event Routing IAM roles to work with targets. Users with regional IAM scope will be limited to access targets in their authorized region.

Required IAM roles
Role Minimum scope Minimum required roles Action
atracker.target.read Region Administrator
Editor
Viewer
Operator
Read (view) information about a target
atracker.target.create Region Administrator
Editor
Create a target
atracker.target.update Region Administrator
Editor
Update a target
atracker.target.delete Region Administrator
Editor
Delete a target
atracker.target.list Account Administrator
Editor
Viewer
Operator
List all targets

Choose one of the following options to grant your user permissions:

Provision an Activity Tracker hosted event search instance

Complete the following steps:

  1. Provision an Activity Tracker event search instance. See Provisioning an instance.
  2. Copy the ingestion key.

Define a target

After you create the instance, you can configure a target in a region. The target defines where auditing events in that region are collected.

Complete the following steps to create a target in the US-South region in your account:

  1. Get an access token.

    You need an IAM access token to authenticate in IBM Cloud.

    To generate an IAM access token, run the following command:

    export ACCESS_TOKEN=`ibmcloud iam oauth-tokens | grep IAM | cut -d \: -f 2 | sed 's/^ *//'`
    

    The access token is only valid for 1 hour.

  2. Create a target. Run the following cURL command:

    curl -X POST  <ENDPOINT>/api/v2/targets   -H "Authorization:  $ACCESS_TOKEN"   -H "content-type: application/json"   -d '{
        "name": "TARGET_NAME",
        "target_type": "TARGET_TYPE",
        "logdna_endpoint": {
          "target_crn": "INSTANCE_CRN",
          "ingestion_key": "API_KEY"
        }
      }'
    

    Where

    • TARGET_NAME is the name of the target. The maximum length of the name is 256 characters.

    • TARGET_TYPE is the type of the target. Set this field to logdna.

Target endpoint fields
Field Description
target_crn Indicates the CRN of the Activity Tracker Event Routing instance.
ingestion_key Contains the API key that has permissions to send events to an Activity Tracker Event Routing instance.

For example, to create a target in the US-South region, you can run the following cURL command:

curl -X POST https://private.us-south.atracker.cloud.ibm.com/api/v2/targets
  -H "Authorization: Bearer IAM_TOKEN"
  -H 'content-type: application/json'
  -d '{
       "name": "TARGET_NAME",
       "target_type": "TARGET_TYPE",
       "logdna_endpoint": {
         "target_crn": "TARGET_CRN",
         "ingestion_key": "TARGET_KEY"
        }
      }

To get the target definition in a region, see Viewing a target.

Next

Define 1 or more routes in the account. For more information, see Configuring a route.

When you configure a route, you associate a target with the route and define which type of auditing events are collected. The route defines the rules that determine where auditing events are collected in your account. For example, you can define a route that collects auditing events from 2 different regions, and also collects global events.

You can collect global events and location-based events.

  • Global events report on activity in your account that relate to data and resources that are generally synchronized across all regions.
  • Location-based events report on activity in your account that is generated by IBM Cloud services that are hosted within an IBM data center location, such as US-South or US-East.