Activity tracking events for DNS Services

IBM Cloud services, such as DNS Services, generate activity tracking events.

Activity tracking events report on activities that change the state of a service in IBM Cloud. You can use the events to investigate abnormal activity and critical actions and to comply with regulatory audit requirements.

You can use IBM Cloud Activity Tracker Event Routing, a platform service, to route auditing events in your account to destinations of your choice by configuring targets and routes that define where activity tracking events are sent. For more information, see About IBM Cloud Activity Tracker Event Routing.

You can use IBM Cloud Logs to visualize and alert on events that are generated in your account and routed by IBM Cloud Activity Tracker Event Routing to an IBM Cloud Logs instance.

As of 28 March 2024, the IBM Cloud Activity Tracker service is deprecated and will no longer be supported as of 30 March 2025. Customers will need to migrate to IBM Cloud Logs before 30 March 2025. During the migration period, customers can use IBM Cloud Activity Tracker along with IBM Cloud Logs. Activity tracking events are the same for both services. For information about migrating from IBM Cloud Activity Tracker to IBM Cloud Logs and running the services in parallel, see migration planning.

Locations where activity tracking events are generated

Regions where activity tracking events are sent in Americas locations
Dallas (`us-south`)	Washington (`us-east`)	Toronto (`ca-tor`)	Sao Paulo (`br-sao`)
No	No	No	No

Regions where activity tracking events are sent in Asia Pacific locations
Tokyo (`jp-tok`)	Sydney (`au-syd`)	Osaka (`jp-osa`)	Chennai (`in-che`)
No	No	No	No

Regions where activity tracking events are sent in Europe locations
Frankfurt (`eu-de`)	London (`eu-gb`)	Madrid (`eu-es`)
Yes	No	No

Locations where activity tracking events are sent to IBM Cloud Activity Tracker hosted event search

DNS Services sends activity tracking events to IBM Cloud Activity Tracker hosted event search in the regions that are indicated in the following table.

Regions where activity tracking events are sent in Americas locations
Dallas (`us-south`)	Washington (`us-east`)	Toronto (`ca-tor`)	Sao Paulo (`br-sao`)
No	No	No	No

Regions where activity tracking events are sent in Asia Pacific locations
Tokyo (`jp-tok`)	Sydney (`au-syd`)	Osaka (`jp-osa`)	Chennai (`in-che`)
No	No	No	No

Regions where activity tracking events are sent in Europe locations
Frankfurt (`eu-de`)	London (`eu-gb`)	Madrid (`eu-es`)
Yes	No	No

Locations where activity tracking events are sent by IBM Cloud Activity Tracker Event Routing

DNS Services sends activity tracking events by IBM Cloud Activity Tracker Event Routing in the regions that are indicated in the following table.

Regions where activity tracking events are sent in Americas locations
Dallas (`us-south`)	Washington (`us-east`)	Toronto (`ca-tor`)	Sao Paulo (`br-sao`)
No	No	No	No

Regions where activity tracking events are sent in Asia Pacific locations
Tokyo (`jp-tok`)	Sydney (`au-syd`)	Osaka (`jp-osa`)	Chennai (`in-che`)
No	No	No	No

Regions where activity tracking events are sent in Europe locations
Frankfurt (`eu-de`)	London (`eu-gb`)	Madrid (`eu-es`)
Yes	No	No

Viewing activity tracking events for DNS Services

You can use IBM Cloud Logs to visualize and alert on events that are generated in your account and routed by IBM Cloud Activity Tracker Event Routing to an IBM Cloud Logs instance.

Launching IBM Cloud Logs from the Observability page

For information on launching the IBM Cloud Logs UI, see Launching the UI in the IBM Cloud Logs documentation.

List of platform events

The following table lists the activity tracking event actions that the IBM Cloud platform generates DNS Services instances are processed.

Actions that generate platform events
Action	Description
`DNS Services.instance.create`	An event is generated when you provision a service instance.
`DNS Services.instance.update`	An event is generated when you rename a service instance or when you change the service plan.
`DNS Services.instance.delete`	An event is generated when a service instance is deleted.
`DNS Services.instance.schedule_reclaim`	An event is generated when a service instance is pending_reclamation.
`DNS Services.instance.restore`	An event is generated when a service instance is restored.

Events for DNS zones

The following table lists the actions that are related to DNS zones and generate an event.

DNS zones events
Action	Description
`dns-svcs.zones.read`	Get or list DNS zones.
`dns-svcs.zones.create`	Create a DNS zone.
`dns-svcs.zones.update`	Update a DNS zone.
`dns-svcs.zones.delete`	Delete a DNS zone.

Events for resource records

The following table lists the actions that are related to resource records and generate an event.

Resource records
Action	Description
`dns-svcs.resource-records.read`	Get or list resource records.
`dns-svcs.resource-records.create`	Create a resource record.
`dns-svcs.resource-records.update`	Update a resource record.
`dns-svcs.resource-records.delete`	Delete a resource record.

Events for permitted networks

The following table lists the actions that are related to permitted networks and generate an event.

Permitted networks
Action	Description
`dns-svcs.permitted-networks.read`	Get or list permitted networks from DNS zone.
`dns-svcs.permitted-networks.create`	Add a permitted network to DNS zone.
`dns-svcs.permitted-networks.delete`	Remove a permitted network from DNS zone.

Events for global balancers

The following table lists the actions that are related to global load balancers and generate an event.

Global load balancers
Action	Description
`dns-svcs.monitors.read`	Get or list health monitors.
`dns-svcs.monitors.create`	Create a health monitor.
`dns-svcs.monitors.update`	Update a health monitor.
`dns-svcs.monitors.delete`	Delete a health monitor.
`dns-svcs.pools.read`	Get or list origin pools.
`dns-svcs.pools.create`	Create an origin pool.
`dns-svcs.pools.update`	Update an origin pool.
`dns-svcs.pools.delete`	Delete an origin pool.
`dns-svcs.load-balancers.read`	Get or list load balancers.
`dns-svcs.load-balancers.create`	Create a load balancer.
`dns-svcs.load-balancers.update`	Update a load balancer.
`dns-svcs.load-balancers.delete`	Delete a load balancer.

Events for custom resolvers

The following table lists the actions that are related to custom resolvers and generate an event.

Custom resolvers
Action	Description
`dns-svcs.custom-resolvers.read`	Get or list custom resolvers.
`dns-svcs.custom-resolvers.create`	Create a custom resolver.
`dns-svcs.custom-resolvers.update`	Update a custom resolver.
`dns-svcs.custom-resolvers.delete`	Delete a custom resolver.
`dns-svcs.locations.create`	Add a custom resolver location.
`dns-svcs.locations.update`	Update a custom resolver location.
`dns-svcs.locations.delete`	Delete a custom resolver location.
`dns-svcs.forwarding-rules.read`	Get or list forwarding rules.
`dns-svcs.forwarding-rules.create`	Create a forwarding rule.
`dns-svcs.forwarding-rules.update`	Update a forwarding rule.
`dns-svcs.forwarding-rules.delete`	Delete a forwarding rule.
`dns-svcs.secondary-zones.read`	Get or list secondary zones.
`dns-svcs.secondary-zones.create`	Create a secondary zone.
`dns-svcs.secondary-zones.update`	Update a secondary zone.
`dns-svcs.secondary-zones.delete`	Delete a secondary zone.

Events for cross-account zone access

The following table lists the actions that are related to cross-account zone access and generate an event.

Cross-account zone access
Action	Description
`dns-svcs.linked-dnszone.create`	Requestor creates a linked zone.
`dns-svcs.linked-dnszone.update`	Requestor updates a linked zone.
`dns-svcs.linked-dnszone.delete`	Requestor deletes a linked zone.
`dns-svcs.linked-dnszone.read`	Requestor get or list linked zones.
`dns-svcs.linked-dnszone-access-request.approve`	Owner approves a access request.
`dns-svcs.linked-dnszone-access-request.reject`	Owner rejects a access request.
`dns-svcs.linked-dnszone-access-request.revoke`	Owner revokes a access request.
`dns-svcs.linked-dnszone-access-request.read`	Owner get or list access requests.
`dns-svcs.linked-dnszone-permitted-networks.create`	Requestor adds a permitted network in a linked zone.
`dns-svcs.linked-dnszone-permitted-networks.delete`	Requestor removes a permitted network from a linked zone.
`dns-svcs.linked-dnszone-permitted-networks.read`	Requestor get or list permitted networks in a linked zone.

Analyzing DNS Services activity tracking events

Refer to the following information when you are analyzing events:

Filter for the dns-svcs action to see all DNS Services events in your account.
Activity Tracker actions are set to read for both the GET and LIST calls, for example, dns-svcs.zones.read.
- LIST calls set the target.name field to empty.
- GET calls set the target.name field to the name of the resource.
The event's correlationId field contains a unique ID to identify the request transaction.
The event's initiator field contains information about the person who initiated each request.
All events that are issued for failed actions display failure in the outcome field, and provide more details as part of the reason field. Note that the reason.reasonForFailure field might be especially helpful, because it contains the details of the failure.
You can find the detailed information and fields included in the requestData and responseData for the DNS Services AT events in the API documentation.