Activity tracking events for IBM Cloud Logs Routing
IBM Cloud® services, such as IBM Cloud Logs Routing, generate activity tracking events.
Activity tracking events report on activities that change the state of a service in IBM Cloud. You can use the events to investigate abnormal activity and critical actions and to comply with regulatory audit requirements.
You can use IBM Cloud Activity Tracker Event Routing, a platform service, to route auditing events in your account to destinations of your choice by configuring targets and routes that define where activity tracking events are sent. For more information, see About IBM Cloud Activity Tracker Event Routing.
You can use IBM Cloud Logs to visualize and alert on events that are generated in your account and routed by IBM Cloud Activity Tracker Event Routing to an IBM Cloud Logs instance.
Locations where activity tracking events are generated
IBM Cloud Logs Routing sends activity tracking events by IBM Cloud Activity Tracker Event Routing in the regions that are indicated in the following table.
Dallas (us-south) |
Washington (us-east) |
Toronto (ca-tor) |
Sao Paulo (br-sao) |
|---|---|---|---|
| Yes | Yes | Yes | Yes |
Tokyo (jp-tok) |
Sydney (au-syd) |
Osaka (jp-osa) |
Chennai (in-che) |
|---|---|---|---|
| Yes | Yes | Yes | No |
Frankfurt (eu-de) |
London (eu-gb) |
Madrid (eu-es) |
|---|---|---|
| Yes | Yes | Yes |
Viewing activity tracking events for IBM Cloud Logs Routing
You can use IBM Cloud Logs to visualize and alert on events that are generated in your account and routed by IBM Cloud Activity Tracker Event Routing to an IBM Cloud Logs instance.
Launching IBM Cloud Logs from the Observability page
For information on launching the IBM Cloud Logs UI, see Launching the UI in the IBM Cloud Logs documentation.
Management events
| Action | Description |
|---|---|
logs-router.tenant.create |
This event is generated whenever a new tenant is created (onboarded). |
logs-router.tenant.delete |
This event is generated whenever a tenant is deleted (offboarded). |
logs-router.tenant.read |
This event is generated whenever data about an existing tenant is viewed. |
logs-router.tenant.update |
This event is generated whenever the target data for a target of the tenant is edited (updated). |
Analyzing events
Depending on the action, the event includes additional information in the requestData or responseData field. The following table lists custom fields that are included in these events:
| Custom fields | Valid values | Description | Actions |
|---|---|---|---|
requestData.region |
For example, eu-gb |
Defines the region where the tenant is located. | create, read, update, delete, send |
requestData.targetType |
For example, logs |
Defines the target type requested. | create, update |
requestData.targetHost |
For example, logs.eu-gb.logging.cloud.ibm.com |
Defines the host where logs are sent. | create, update |
requestData.targetPort |
For example, 443 |
Defines the port where logs are sent. | create, update |
requestData.targetCRN |
A valid CRN | Defines the CRN of the target. | create, update |
requestData.tenantID |
For example, XXXXXXXX-XXXX-XXXX-XXXXXXXXXXXX |
Defines the tenant ID. For example, the tenant ID to delete (offboard). | read, delete, update |
responseData.tenantCRN |
For example, crn:v1:staging:public:logs-router:eu-gb:a/XXXXXXXX-XXXX-XXXX-XXXXXXXXXXXX:XXXXXXXX-XXXX-XXXX-XXXXXXXXXXXX:: |
Defines the CRN of the onboarded tenant. | create, read, update |