IBM Cloud Activity Tracker Event Routing
Activity Tracker Event Routing is a platform service, which manages the auditing events at the account-level by configuring targets and routes that define where auditing data is routed.
The Activity Tracker instances are not supported as this feature has been deprecated and replaced by IBM Cloud Logs.
Two target types are supported as part of Activity Tracker Event Routing:
- Cloud Object Storage(COS) bucket
- IBM® Cloud Logs
By default, observability_atracker_target_type is set to cloudlogs as a target type, which creates the Cloud Logs instance and configures it for Activity Tracker Event Routing. Even if the observability_logs_enable_for_management or observability_logs_enable_for_compute variable is not set to true, a IBM® Cloud Logs instance is still created for Activity Tracker.
When observability_logs_enable_for_management or observability_logs_enable_for_compute is set to true, the same IBM® Cloud Logs instance can be used as a target, enabling the filtering of management, compute, and Activity
Tracker logs within a unified dashboard.
For Cloud Object Storage bucket as a target, you can provide an existing COS instance as well. Under this instance, automation creates a COS bucket that acts as a target for Activity Tracker Event Routing.
If you do not provide any existing COS instance, then the solution creates the new one by default.
Two variables are required to configure the Activity Tracker Event Routing:
-
observability_atracker_enable-
Purpose: Configures Activity Tracker Event Routing to determine how audit events routed.
-
Usage: While multiple Activity Tracker Event Routing can be created, only one is needed to capture all events. If an existing Activity Tracker is already integrated with a COS bucket or IBM Cloud Logs instance, set this value to "false" to avoid creating redundant trackers. All events can then be monitored and accessed through the existing tracker.
-
-
observability_atracker_target_type-
Purpose: Determines where all events can be stored based on user input.
-
Options: cloudlogs or cos
-
Usage: Select the desired target type to retrieve or capture events into your system.
-
Validating Activity Tracker Event Routing
To validate the Activity Tracker event routing by using the CLI, first install the atracker plug-in:
ibmcloud plugin install atracker
Checking an Activity Tracker Route
Run the following command to retrieve details about an Activity Tracker Event Routing route:
ibmcloud atracker route get --route ROUTE [--output FORMAT]
For example:
ibmcloud atracker route get --route nproba-atracker-route
Sample Output:
OK
Route
Name: <cluster_prefix>-atracker-route
ID: 5ba1ea49-3b93-4b48-a3e1-17da64ca81f1
CRN: crn:v1:bluemix:public:atracker:global:a/ ec1b082b25144a52bb1a269c883d5a00::route:5ba1ea49-3b93-4b48-a3e1-17da64ca81f1
Version: 0
Rules: [[ceada6af-7381-4297-9a9d-ce4b9aac8cb2],[*,global]]
CreatedAt: 2025-01-29T07:40:42.854Z
UpdatedAt: 2025-01-29T07:40:42.854Z
API version: 2
Validating an Activity Tracker Target
Run the following command to check whether a target is correctly configured for an IBM Cloud Activity Tracker Event Routing region:
ibmcloud atracker target validate --target TARGET [--region REGION] [--output FORMAT]
For example:
ibmcloud atracker target validate --target ceada6af-7381-4297-9a9d-ce4b9aac8cb2
Sample Output:
OK
Target
Name: nproba-atracker-target
ID: ceada6af-7381-4297-9a9d-ce4b9aac8cb2
CRN: crn:v1:bluemix:public:atracker:us-east:a/ec1b082b25144a52bb1a269c883d5a00::target:ceada6af-7381-4297-9a9d-ce4b9aac8cb2
Region: us-east
Type: cloud_logs
Cloud Logs Target CRN: crn:v1:bluemix:public:logs:us-east:a/ec1b082b25144a52bb1a269c883d5a00:12ebd90f-f9d6-4c94-a8db-1e0965f4637d::
Write Status: success
CreatedAt: 2025-01-29T07:40:38.091Z
UpdatedAt: 2025-01-29T07:40:38.091Z
If you set observability_atracker_target_type to cloudlogs, then the output includes a Cloud Logs Target CRN. If the observability_atracker_target_type is set to cos, then the output contains a Cloud Object Storage
Target CRN instead.