Configuring IBM Cloud Activity Tracker Event Routing in the account for an IBM Cloud Logs instance that was created without using the migration tool
Use this topic to configure the IBM Cloud Activity Tracker Event Routing service to route activity tracking events to a Cloud Logs instance in the account without running the migration tool.
Migrating IBM Cloud® Activity Tracker instances to IBM Cloud Logs in IBM Cloud requires the configuration of the IBM Cloud Activity Tracker Event Routing service in the account to define where events are routed and the provisioning of 1 or more IBM Cloud Logs instances. A migration tool is provided to help you migrate. However, you might find that you do not want to migrate and prefer to start fresh in Cloud Logs. If this is your scenario, complete these steps to create 1 Cloud Logs instance in the account where you collect activity tracking events that are generated in the account by configuring the Activity Tracker Event Routing service.
Prereqs
Complete these steps before you begin:
-
Make sure you use an ID that has permissions for migrating your instance.
See Required permissions for running the Migration tool.
If you have the IAM permission to create policies and authorizations, you can grant only the level of access that you have as a user of the target service. For example, if you have viewer access for the target service, you can assign only the viewer role for the authorization. If you attempt to assign a higher permission such as administrator, it might appear that permission is granted, however, only the highest level permission you have for the target service, that is viewer, will be assigned.
-
If you plan to use terraform, generate an API key to use when you apply your Terraform scripts to create resources. Must have these permissions.
-
If you plan to use terraform, install the Terraform CLI. Complete the steps in Geting started with Terraform.
-
To send alerts to your destinations, you must provision an instance of the Event Notifications service in the account.
Provision a Cloud Logs instance
-
Configure two IBM Cloud Object Storage buckets for your IBM Cloud Logs instance. One is used for logs, the other is used for metrics. For mroe information, see Creating buckets.
-
Create a service to service (S2S) authorization between the Cloud Logs instance and the data bucket.
-
Create a service to service (S2S) authorization between the Cloud Logs instance and the metrics bucket.
-
Configure the buckets with your Cloud Logs instance. For more informations, see Configuring buckets.
Configure Activity Tracker Event Routing
Configure Activity Tracker Event Routing to continue receiving auditing events in the Activity Tracker instance and the new Cloud Logs instance. Then verify the Activity Tracker Event Routing configuration.
-
For eu-de: Select
eu-de
andglobal
events and as the target destination, choose the target you have configured for the eu-de region.For the rest of the supported regions, choose the same region. For example, for
us-south
events, choose the target you have configured for theus-south
region.For Chennai, select
in-che
events, and choose the target you have configured for thein-che
region. -
Choose
wildcard(*)
events and the Cloud Logs target that you have created.
Checklist to verify the Activity Tracker Event Routing configuration.
Configure the Event Notifications service for alerting
Cloud Logs integrates with the Event Notifications service to send events to your destinations.
In Activity Tracker, a view and an alert are tightly coupled. You define the triggering condition (query) in the view and configure an alert to indicate when and to how many notification channels to send the event.
In Cloud Logs, Views (known as Logs) and Alerts are resources that you manage separately. You create a view and an alert as independent resources. The query is the same in both cases if the view and the alert are related. You can also add an integration to the Event Notifications service when you configure an alert so when the alert triggers in Cloud Logs, an event is sent to your destinations through the Event Notifications service.
Configure IAM policies
You must configure IAM policies to grant access to work with the Cloud Logs service. For more information, see Geting started with IAM.
Create resources in Cloud Logs
You might want to configure some views and alerts that you currently have in your Activity Tracker instances.
- To create views, see Managing custom views.
- To create dashboards, see Managing dashboards.
- Deploy an extension. Extensions are pre-defined resources that you can easily deploy to start monitoring your data. See Managing extensions.
Remove Activity Tracker instances in the account
After you have completed the migration and verification process, remove your Activity Tracker instance and related resources by following the instructions in Removing deprecated IBM Cloud Activity Tracker instances.