IBM Cloud Docs
Logging for Secrets Manager

Logging for Secrets Manager

IBM Cloud services, such as Secrets Manager, generate platform logs that you can use to investigate abnormal activity and critical actions in your account, and troubleshoot problems.

You can use IBM Cloud Logs Routing, a platform service, to route platform logs in your account to a destination of your choice by configuring a tenant that defines where platform logs are sent. For more information, see About Logs Routing.

You can use IBM Cloud Logs to visualize and alert on platform logs that are generated in your account and routed by IBM Cloud Logs Routing to an IBM Cloud Logs instance.

Before you begin

If you're working with IBM Cloud Logs for the first time, be sure that you create an instance in the same location as your Secrets Manager instance. For more information, see Configuring platform logs through the Observability dashboard.

For more information about regions where Secrets Manager supports logging, check out Regions and endpoints.

Viewing logs

Logs that are generated by a Secrets Manager service instance are forwarded automatically to the IBM Cloud Logs instance that is available in the same location.

Only the following logs are being forwarded: All logs with the ERROR log level, and the INFO-level log for Secrets Manager event notifications.

To view Secrets Manager logs, complete the following steps:

  1. Log in to the IBM Cloud console.

  2. Go to IBM Cloud > Observability to access your Observability dashboard.

  3. From the navigation menu, click Logging.

  4. Select an IBM Cloud Logs instance, and click Open Dashboard.

    Don't have an IBM Cloud Logs instance? Provision an instance in the same location as your Secrets Manager instance. Then, click Configure platform logs to receive logs from supported services in your account.

  5. In the logging UI, filter by secrets-manager to view logs that are generated by Secrets Manager.

    For more information about searching and filtering logs, check out the IBM Cloud Logs documentation.

Analyzing logs

You can create views and alerts from all of your Secrets Manager instances, or from a specific instance. To target a specific instance, replace host:secrets-manager with app:{INSTANCE_CRN}.

Query for finding all errors from all instances

Run the following query to find all errors from all of your instances.

host:secrets-manager

Query for finding all errors from a specific instance

Run the following query to find all errors from a specific instance.

app:crn:v1:bluemix:public:secrets-manager:au-syd:a/9add8f16c5a24a6ea8ce5d8b89b15b28:ee536f33-48ce-4125-ae4a-37b46cdc802d::

To learn more about creating Managing custom views, see the IBM Cloud Logs documentation.