Activity Tracker Integration
IBM Cloud Databases instances are integrated with Activity Tracker events in IBM Cloud® Activity Tracker, so you can view service-level events.
Currently, Activity Tracker integration is available for Cloud Databases instances according to the following table.
| Deployment Region | Activity Tracker Region |
|---|---|
us-south |
us-south |
jp-tok |
jp-tok |
jp-osa |
jp-tok |
eu-gb |
eu-gb |
che01 |
che01 |
eu-de |
eu-de |
au-syd |
au-syd |
us-east |
us-east |
ca-tor |
ca-tor |
par01 |
eu-de |
eu-es |
eu-de |
Events from your instances appear in an Activity Tracker instance in the same region, except for jp-osa and eu-es. Events for instances in jp-osa are forwarded to jp-tok and events for eu-es are forwarded to eu-de. If you have instances in multiple regions, you must set up the Activity Tracker in multiple regions.
Activity Tracker
When you provision the service, events are automatically forwarded from all your Cloud Databases instances in the same region.
The service can be provisioned from its catalog page or from an existing Observability Dashboard.
The Activity Tracker service has a lite plan that is free to use, but it only offers streaming events. To take advantage of the tagging, export, retention, and other features, you need to use one of the paid plans.
Using the Activity Tracker
You can access Activity Tracker through the Observability tab of your instance's Manage page. The Manage Activity Tracker button links to the main list of all Activity Tracker instances in your IBM Cloud account. Select the instance where you set your database logs to be forwarded. Click View Activity Tracker to view the events.
After event activity is being forwarded to the service, each event can be expanded to a detailed view by clicking the arrow to the left of the timestamp.
When reviewing Activity Tracker logs, you see denies that include the dry_run tag. These denies are marked with a true or false value.
- Events with
dry_run: falseindicate an attempt to run an action. - Events with
dry_run: trueindicate an attempt to determine support for an action without triggering that action to occur. Suchdry_runattempts can occur as the service instance management console determines the features to which a logged-in user has access.
The Activity Tracker service offers searching, filtering, and export of events so you can customize retention for your use-case. You can also use it to configure alerts.
We recommend alerting on database lifecycle events, such as failed backups. For example, you can create that Activity Tracker alert by filtering audit events to outcome:failure action:"<service_id>.deployment-backup-scheduled.create" and then following the alert configuration instructions.
Event Fields
A description of the common fields for an Activity Tracker event is on the event fields page.
List of Events
The table lists the events that are sent to Activity Tracker from Cloud Databases instances.
A new auditing message format has been released and the legacy format for events that are submitted to your Activity Tracker instances will be deprecated. Deprecated events, and their analogous new events, are listed in the table. You should update any alerting or tools that rely on the text strings of the deprecated events to the new event format.
| Action Name | Legacy Action name | Description |
|---|---|---|
<service_id>.deployment-backup.create |
<service_id>.backup-ondemand.create |
An on-demand backup of your instance was created. If the backup failed, a "-failure" flag is included in the message. |
<service_id>.deployment-backup-scheduled.create |
<service_id>.backup-scheduled.create |
A scheduled backup of your instance was created. If the backup failed, a "-failure" flag is included in the message. |
<service_id>.deployment-user.update |
<service_id>.user-password.update |
A user's password was updated. A "-failure" flag is included in the message if the attempt to update a user's password failed. |
<service_id>.deployment-user.create |
<service_id>.user.create |
A user was created. A "-failure" flag is included in the message if the attempt to create a user failed. |
<service_id>.deployment-user.delete |
<service_id>.user.delete |
A user was deleted. A "-failure" flag is included in the message if the attempt to delete a user failed. |
| No Longer Sent (see below for more information) | <service_id>.backup.restore |
A restore from backup was created. If the attempted restore failed, a "-failure" flag is included in the message. |
<service_id>.deployment-group.update |
<service_id>.resources.scale |
A scaling operation was performed. If the scaling operation failed, a "-failure" flag is included in the message. |
<service_id>.deployment-allowlist-ip-addresses.update |
<service_id>.whitelisted-ips-list.update |
The allowlist was modified. A "-failure" flag is included in the message if the attempt to modify the allowlist failed. |
<service_id>.deployment.update |
<service_id>.serviceendpoints.update |
A change was made to the service endpoints configuration. If the operation failed, a "-failure" flag is included in the message. |
<service_id>.deployment-group-autoscaling.update |
<service_id>.autoscaling.update |
An autoscaling configuration change or an autoscaling operation was performed. If an autoscaling operation was performed the message includes autoscale resources for instance <deployment-id>. If the autoscaling operation
or the configuration change failed, a "-failure" flag is included in the message. |
<service_id>.deployment-volumes.update |
<service_id>.volumes.update |
An activity was performed on the encryption key that is used by the database, such as rotation or shredding. Details of the action are in the event. |
The service_id field indicates the type of Cloud Databases instance. For example, databases-for-postgresql or messages-for-rabbitmq.
The <service_id>.backup.restore auditing message is no longer sent because this action is already covered by the <service_name>.instance.create IBM Cloud global event. For more resource-related global events,
you can review the IBM Cloud® Activity Tracker documentation. IBM Cloud global events include generation of events such as provisioning, deprovisioning, service
plan changes, and tagging of resources. To view these events, you must provision an instance of the IBM Cloud® Activity Tracker service in the Frankfurt
(eu-de) region.