Activity tracker events for IBM Power Virtual Server
IBM Power Virtual Server located in IBM data centers: Off-premises
IBM Power Virtual Server Private Cloud: On-premises
Power Virtual Server Activity Tracker Events migrated to the CADF Event standard on 29 January, 2024. With the implementation of this change, some of the event fields are not sent or replaced by the new format.
IBM Cloud services, such as IBM® Power® Virtual Server, generate activity tracking events.
Activity tracking events report on activities that change the state of a service in IBM Cloud. You can use the events to investigate abnormal activity and critical actions and to comply with regulatory audit requirements.
You can use IBM Cloud Activity Tracker Event Routing, a platform service, to route auditing events in your account to destinations of your choice by configuring targets and routes that define where activity tracking events are sent. For more information, see About IBM Cloud Activity Tracker Event Routing.
You can use IBM Cloud Logs to visualize and alert on events that are generated in your account and routed by IBM Cloud Activity Tracker Event Routing to an IBM Cloud Logs instance.
As of 28 March 2024, the IBM Cloud Activity Tracker service is deprecated and will no longer be supported as of 30 March 2025. Customers will need to migrate to IBM Cloud Logs before 30 March 2025. During
the migration period, customers can use IBM Cloud Activity Tracker along with IBM Cloud Logs. Activity tracking events are the same for both services. For information about migrating from IBM Cloud Activity Tracker to IBM Cloud Logs and running
the services in parallel, see migration planning.
Activity Tracker Event Routing records user-initiated activities that change the state of a service in IBM Cloud. You can use this service to investigate abnormal activity and critical actions and to comply with regulatory audit requirements. In addition, you can be alerted about actions as they happen. The events that are collected comply with the Cloud Auditing Data Federation (CADF) standard. For more information, see the Getting started tutorial for Activity Tracker Event Routing.
IBM® Power® Virtual Server automatically generates events so that you can track activity on your service.
Management events
Instance events
The following event is used to read the Power Virtual Server instance.
| Action | Description |
|---|---|
| power-iaas.event.list | Lists all the Power Virtual Server instances |
| power-iaas.event.read | Reads a Power Virtual Server instance |
Images events
The following events are to work with images in your Power Virtual Server instance.
| Action | Description |
|---|---|
| power-iaas.image.list | Lists all the images |
| power-iaas.image.read | Reads an image |
| power-iaas.image.create | Creates an image |
| power-iaas.image.update | Updates an image |
| power-iaas.image.delete | Deletes an image |
| power-iaas.image.capture | Exports an image |
Network events
The following events are to work with networks in your Power Virtual Server instance.
| Action | Description |
|---|---|
| power-iaas.network.list | Lists all the networks |
| power-iaas.network.read | Reads a network |
| power-iaas.network.create | Creates a network (Public or Private) |
| power-iaas.network.update | Updates a network |
| power-iaas.network.delete | Deletes a network |
Power Virtual Server events
The following events are to work with each Power Virtual Server instance.
| Action | Description |
|---|---|
| power-iaas.pvm-instance.list | Lists all the Power Virtual Server instances |
| power-iaas.pvm-instance.read | Reads a Power Virtual Server instance |
| power-iaas.pvm-instance.create | Creates a Power Virtual Server instance |
| power-iaas.pvm-instance.update | Updates a Power Virtual Server instance |
| power-iaas.pvm-instance.delete | Deletes a Power Virtual Server instance |
| power-iaas.pvm-instance.start | Start a Power Virtual Server instance |
| power-iaas.pvm-instance.stop | Stop a Power Virtual Server instance |
| power-iaas.pvm-instance.renew | Restart a Power Virtual Server instance |
| power-iaas.pvm-instance.unknown | Unknown action on a Power Virtual Server instance |
| power-iaas.pvm-instance.monitor | Console access to a Power Virtual Server instance |
| power-iaas.pvm-instance.capture | Capture a Power Virtual Server instance into an image |
| power-iaas.pvm-instance.immediate-shutdown | Shut down a Power Virtual Server instance immediately |
| power-iaas.pvm-instance.clone | Clone a Power Virtual Server instance |
| power-iaas.pvm-instance.snapshot | Creates a Power Virtual Server instance snapshot |
| power-iaas.pvm-instance-network.read | Reads a Power Virtual Server instance network |
| power-iaas.pvm-instance-network.create | Creates a Power Virtual Server instance network |
| power-iaas.pvm-instance-network.delete | Deletes a Power Virtual Server instance network |
SSH keys events
The following events are to work with your account and SSH keys in your Power Virtual Server instance.
| Action | Description |
|---|---|
| power-iaas.ssh-key.list | Lists all the SSH keys |
| power-iaas.ssh-key.read | Reads an SSH key |
| power-iaas.ssh-key.create | Creates an SSH key |
| power-iaas.ssh-key.update | Updates an SSH key |
| power-iaas.ssh-key.delete | Deletes an SSH key |
Data volumes events
The following events are to work with data volumes in your Power Virtual Server instance.
| Action | Description |
|---|---|
| power-iaas.volume.list | Lists all the volumes |
| power-iaas.volume.read | Reads a volume |
| power-iaas.volume.create | Creates a volume |
| power-iaas.volume.update | Updates a volume |
| power-iaas.volume.delete | Deletes a volume |
| power-iaas.volume.configure | Attaches or Detaches a volume |
Storage capacity events
The following events are to work with storage capacity in your Power Virtual Server instance.
| Action | Description |
|---|---|
| power-iaas.storage-capacity.list | Lists all the storage capacity |
| power-iaas.storage-capacity.read | Reads a storage capacity |
| power-iaas.pod-capacity.list On-premises | Lists system and storage capacity for an On-premises pod |
Storage pools events
The following events are to work with storage pools in your Power Virtual Server instance.
| Action | Description |
|---|---|
| power-iaas.system-pools.list | Lists all the system pool information |
| power-iaas.system-pools.read | Reads a system pool information |
Tenant events
The following events are to work with tenants in your Power Virtual Server instance.
| Action | Description |
|---|---|
| power-iaas.tenant.read | Reads a tenant |
| power-iaas.tenant-sshkey.read | Reads a tenant SSH Key |
| power-iaas.tenant-sshkey.create | Creates a tenant SSH Key |
| power-iaas.tenant-sshkey.update | Updates a tenant SSH Key |
| power-iaas.tenant-sshkey.delete | Deletes a tenant SSH Key |
List of events: Job
The following events are to work with jobs in your Power Virtual Server instance.
| Action | Description |
|---|---|
| power-iaas.job.list | Lists all the jobs |
| power-iaas.job.read | Reads a job |
| power-iaas.job.create | Creates a job |
| power-iaas.job.delete | Deletes a job |
List of events: Network ports
The following events are to work with network ports in your Power Virtual Server instance.
| Action | Description |
|---|---|
| power-iaas.port.list | Lists all the network ports |
| power-iaas.port.read | Reads a network port |
| power-iaas.port.create | Creates a network port |
| power-iaas.port.update | Updates a network port |
| power-iaas.port.delete | Deletes a network port |
List of events: SAP
The following events are to work with SAP in your Power Virtual Server instance.
| Action | Description |
|---|---|
| power-iaas.sap.list | Lists all the SAP information |
| power-iaas.sap.read | Reads a SAP information |
| power-iaas.sap.create | Creates a SAP PVM instance |
List of events: Cloud connections
The following events are to work with Cloud connections in your Power Virtual Server instance.
| Action | Description |
|---|---|
| power-iaas.cloud-connection.list | Lists all the cloud connections |
| power-iaas.cloud-connection.read | Reads a cloud connection |
| power-iaas.cloud-connection.create | Creates a cloud connection |
| power-iaas.cloud-connection.update | Updates a cloud connection |
| power-iaas.cloud-connection.delete | Deletes a cloud connection |
List of events: Placement groups
The following events are to work with placement groups in your Power Virtual Server instance.
| Action | Description |
|---|---|
| power-iaas.placement-groups.list | Lists all the placement groups |
| power-iaas.placement-groups.read | Reads a placement group |
| power-iaas.placement-groups.create | Creates a placement group |
| power-iaas.placement-groups.update | Updates a placement group |
| power-iaas.placement-groups.delete | Deletes a placement group |
List of events: IKE policy
The following events are to work with IKE policy in your Power Virtual Server instance.
| Action | Description |
|---|---|
| power-iaas.ike-policy.list | Lists all the IKE policies |
| power-iaas.ike-policy.read | Reads an IKE policy |
| power-iaas.ike-policy.create | Creates an IKE policy |
| power-iaas.ike-policy.update | Updates an IKE policy |
| power-iaas.ike-policy.delete | Deletes an IKE policy |
List of events: IPsec policy
The following events are to work with IPsec policy in your Power Virtual Server instance.
| Action | Description |
|---|---|
| power-iaas.ipsec-policy.list | Lists all the IPsec policies |
| power-iaas.ipsec-policy.read | Reads an IPsec policy |
| power-iaas.ipsec-policy.create | Creates an IPsec policy |
| power-iaas.ipsec-policy.update | Updates an IPsec policy |
| power-iaas.ipsec-policy.delete | Deletes an IPsec policy |
List of events: VPN connection
The following events are to work with VPN Connection in your Power Virtual Server instance.
| Action | Description |
|---|---|
| power-iaas.vpn-connection.list | Lists all the VPN connections |
| power-iaas.vpn-connection.read | Reads a VPN connection |
| power-iaas.vpn-connection.create | Creates a VPN connection |
| power-iaas.vpn-connection.update | Updates a VPN connection |
| power-iaas.vpn-connection.delete | Deletes a VPN connection |
Viewing events
Events are automatically forwarded to North America, Europe, Tokyo, or Sydney geographic locations. You can access the activity tracker logs as follows:
- All North America and South America data centers from Dallas.
- All Europe data centers from Frankfurt.
- All Sydney data center from Sydney, and
- All Japan data center from Tokyo.
For a list of locations where Power Virtual Server services are enabled to send events to IBM Cloud Logs, see IBM Cloud services that generate Activity Tracker events.
Activity Tracker can have only one instance per location. To view events, you must access the web UI of the Activity Tracker service in the same location where your service instance is available. For more information, see Launching the web UI through the IBM Cloud UI.
Activity tracker sample response format
The new response format that is used in activity tracking adheres to the CADF (Cloud Auditing Data Federation) standard. Hence, auditing events can be collected and routed in a standardized format, ensuring consistency and interoperability across different cloud platforms.
The CADF standard is significant in auditing security in cloud environments. It defines a comprehensive event model that includes the necessary information for certifying, managing, and auditing the security of applications and services in the cloud.
The following code snippets show the differences between the old and new activity tracker response format.
New response format
{
"logSourceCRN": "crn:v1:bluemix:public:power-iaas:us-east:a/xxxxxxxxxxxxxxxxxxxx:yyyyyyyyyyyyyyyyyyyyyy::",
"saveServiceCopy": true,
"dataEvent": false,
"outcome": "success",
"eventTime": "2022-06-30T03:12:49.63+0000",
"action": "power-iaas.tenant.read",
"correlationId": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
"severity": "normal",
"initiator": {
"id": "IBMid-xxxxxxxxxx",
"name": "xxxxm@us.ibm.com",
"typeURI": "service/security/account/user",
"authnId": "",
"authnName": "",
"host": {
"agent": "PostmanRuntime/7.28.4",
"address": "127.0.0.1",
"addressType": "IPv4"
},
"credential": {
"type": "user"
}
},
"target": {
"id": "crn:v1:bluemix:public:power-iaas:us-east:a/xxxxxxxxxxxxxxxxxxxx:yyyyyyyyyyyyyyyyyyyyyy::",
"name": "testName",
"typeURI": "power-iaas/tenant",
"resourceGroupId": "crn:v1:bluemix:public:resource-controller::a/xxxxxxxxxxxxxxxxxxxx::resource-group:zzzzzzzzzzzzzzzzzzzzzzz"
},
"reason": {
"reasonCode": 200,
"reasonType": "OK"
},
"requestData": null,
"responseData": {
"cloudInstances": [
{
"capabilities": [],
"cloudInstanceID": "yyyyyyyyyyyyyyyyyyyyyy",
"enabled": true,
"href": "/pcloud/v1/cloud-instances/yyyyyyyyyyyyyyyyyyyyyy",
"initialized": false,
"name": "testName",
"region": "us-east"
}
],
"creationDate": "2019-05-21T21:32:00.746Z",
"enabled": true,
"sshKeys": [],
"tenantID": "xxxxxxxxxxxxxxxxxxxx"
},
"message": "{{site.data.keyword.powerSys_notm}}: read tenant xxxxxxxxxxxxxxxxxxxx ",
"observer": {
"name": "ActivityTracker"
}
}
Old response format
{
"payload": {
"outcome": "success",
"eventTime": "2019-05-31T19:33:02.97+0000",
"action": "pcloud.tenant.read",
"severity": "normal",
"initiator": {
"id": "IBMid-xxxxxxxxxx",
"name": "xxxxm@us.ibm.com",
"typeURI": "service/security/account/user",
"host": {
"agent": "PostmanRuntime/7.13.0",
"address": "127.0.0.1"
},
"credential": {
"type": "user"
}
},
"target": {
"id": "crn:v1:bluemix:public:power-iaas:us-east:a/xxxxxxxxxxxxxxxxxxxx:yyyyyyyyyyyyyyyyyyyyyy::",
"name": "testName",
"typeURI": "pcloud/tenant/read",
"host": {
"address": "100.64.24.72"
}
},
"reason": {
"reasonCode": 200
},
"responseData": "{\"cloudInstances\":[{\"cloudInstanceID\":\"yyyyyyyyyyyyyyyyyyyyyy\",\"enabled\":true,\"href\":\"/pcloud/v1/cloud-instances/yyyyyyyyyyyyyyyyyyyyyy\",\"initialized\":false,\"name\":\"testName\",\"region\":\"us-east\"}],\"creationDate\":\"2019-05-21T21:32:00.746Z\",\"enabled\":true,\"sshKeys\":[{\"creationDate\":\"2019-05-21T22:13:49.806Z\",\"name\":\"Test\",\"sshKey\":\"Foo\"}],\"tenantID\":\"xxxxxxxxxxxxxxxxxxxx\"}",
"message": "pcloud: read tenant 9cdad2e857d442d49853e484e9b91d24 success"
},
"logSourceCRN": "crn:v1:bluemix:public:power-iaas:us-east:a/xxxxxxxxxxxxxxxxxxxx:yyyyyyyyyyyyyyyyyyyyyy::",
"saveServiceCopy": true,
"meta": {
"serviceProviderName": "power-iaas",
"serviceProviderRegion": "ng",
"serviceProviderProjectId": "power-iaas",
"userAccountIds": [
"a/xxxxxxxxxxxxxxxxxxxx"
],
"userSpaceRegion": "ng"
}
}
Activity tracker regions
You can create an activity tracker instance and provision it in the same region where your data center is located.
The Power Virtual Server workspaces that runs in various regions or data centers will send events to activity tracker instances in their respective regions effective from 29 January 2024. You must create and provision instances of activity tracker in the respective regions where your workspaces reside for continued access to Power Virtual Server activity tracker events. If you want to export activity Tracker events, see Exporting Activity Tracker events.
The following table shows the data center and its corresponding regions where you can deploy an activity tracker instance:
| Datacenter | Current activity tracker region | New activity tracker region |
|---|---|---|
WDC04 |
us-south | us-east |
WDC06 |
us-south | us-east |
WDC07 |
us-south | us-east |
MON01 |
us-south | ca-tor |
TOR04 |
us-south | ca-tor |
SAO01 |
us-south | br-sao |
SAO04 |
us-south | br-sao |
LON04 |
eu-de | eu-gb |
LON06 |
eu-de | eu-gb |
OSA21 |
jp-tok | jp-osa |