IBM Cloud Docs
Configuring IBM Cloud Activity Tracker Event Routing in the account for an IBM Cloud Logs instance that was created without using the migration tool

Configuring IBM Cloud Activity Tracker Event Routing in the account for an IBM Cloud Logs instance that was created without using the migration tool

Use this topic to configure the IBM Cloud Activity Tracker Event Routing service to route activity tracking events to a Cloud Logs instance in the account without running the migration tool.

Migrating IBM Cloud® Activity Tracker instances to IBM Cloud Logs in IBM Cloud requires the configuration of the IBM Cloud Activity Tracker Event Routing service in the account to define where events are routed and the provisioning of 1 or more IBM Cloud Logs instances. A migration tool is provided to help you migrate. However, you might find that you do not want to migrate and prefer to start fresh in Cloud Logs. If this is your scenario, complete these steps to create 1 Cloud Logs instance in the account where you collect activity tracking events that are generated in the account by configuring the Activity Tracker Event Routing service.

Prereqs

Complete these steps before you begin:

  1. Make sure you use an ID that has permissions for migrating your instance.

    See Required permissions for running the Migration tool.

    If you have the IAM permission to create policies and authorizations, you can grant only the level of access that you have as a user of the target service. For example, if you have viewer access for the target service, you can assign only the viewer role for the authorization. If you attempt to assign a higher permission such as administrator, it might appear that permission is granted, however, only the highest level permission you have for the target service, that is viewer, will be assigned.

  2. If you plan to use terraform, generate an API key to use when you apply your Terraform scripts to create resources. Must have these permissions.

  3. If you plan to use terraform, install the Terraform CLI. Complete the steps in Geting started with Terraform.

  4. To send alerts to your destinations, you must provision an instance of the Event Notifications service in the account.

Provision a Cloud Logs instance

  1. Provision a Cloud Logs instance.

  2. Configure two IBM Cloud Object Storage buckets for your IBM Cloud Logs instance. One is used for logs, the other is used for metrics. For mroe information, see Creating buckets.

    Review the bucket restrictions.

  3. Create a service to service (S2S) authorization between the Cloud Logs instance and the data bucket.

  4. Create a service to service (S2S) authorization between the Cloud Logs instance and the metrics bucket.

  5. Configure the buckets with your Cloud Logs instance. For more informations, see Configuring buckets.

Configure Activity Tracker Event Routing

Configure Activity Tracker Event Routing to continue receiving auditing events in the Activity Tracker instance and the new Cloud Logs instance. Then verify the Activity Tracker Event Routing configuration.

Checklist to verify the Activity Tracker Event Routing configuration.

Configure the Event Notifications service for alerting

Cloud Logs integrates with the Event Notifications service to send events to your destinations.

In Activity Tracker, a view and an alert are tightly coupled. You define the triggering condition (query) in the view and configure an alert to indicate when and to how many notification channels to send the event.

In Cloud Logs, Views (known as Logs) and Alerts are resources that you manage separately. You create a view and an alert as independent resources. The query is the same in both cases if the view and the alert are related. You can also add an integration to the Event Notifications service when you configure an alert so when the alert triggers in Cloud Logs, an event is sent to your destinations through the Event Notifications service.

  1. Provision an instance of Event notifications.

  2. Define a service to service authorization between Cloud Logs and the Event Notifications service

  3. Define an outbound integration in your Cloud Logs instance to integrate both services.

  4. Verify you integration.

Configure IAM policies

You must configure IAM policies to grant access to work with the Cloud Logs service. For more information, see Geting started with IAM.

Create resources in Cloud Logs

You might want to configure some views and alerts that you currently have in your Activity Tracker instances.

Remove Activity Tracker instances in the account

After you have completed the migration and verification process, remove your Activity Tracker instance and related resources by following the instructions in Removing deprecated IBM Cloud Activity Tracker instances.