Logging for Security and Compliance Center
You can view and analyze Security and Compliance Center logs by using the IBM® Log Analysis service and enabling platform logs in each region where you operate in IBM Cloud. IBM Log Analysis adds log management capabilities to your IBM Cloud® architecture.
Use the IBM Cloud Activity Tracker service to audit and track how users and applications interact with the Security and Compliance Center service.
Platform logs
Platform logs are logs that are exposed by logging-enabled services and the platform in IBM Cloud.
-
Platform logs are regional.
You can monitor logs from enabled services on the IBM Cloud in the region where the service is available.
-
You can configure one instance only of the Log Analysis service per region to collect platform logs in that location.
You can have multiple Log Analysis instances in a location. However, only one instance in a location (region) can be configured to receive logs from enabled services in that IBM Cloud location.
-
To configure a Log Analysis instance, you must set on the
platform logs
configuration setting. Also, you must have the platform roleeditor
or higher for the Log Analysis service in your account.To enable platform logs, see:
For more information about platform logs, see Configuring IBM Cloud platform logs.
Viewing logs
If a Log Analysis instance in a region is already enabled to collect platform logs, logs from the Security and Compliance Center service in that region are collected automatically and available for analysis through this instance.
To view and analyze platform logs for a Security and Compliance Center instance, check that the Log Analysis instance is provisioned in the same region where the Security and Compliance Center instance that you want to monitor is available.
To start the Log Analysis web UI to view logs, see Navigating to the web UI.
Fields per log type
Table 4 outlines the fields that are included in each log record:
Field | Type | Description |
---|---|---|
logSourceCRN |
Required | Defines the Security and Compliance Center instance where the log is published. |
resourceGroupId |
Required | Defines the resource group that is associated with the Security and Compliance Center instance. |
message |
Required | Description of the log that is generated. |
msgTimestamp |
Required | UTC timestamp of the message. |
messageId |
Required | ID of the log that is generated. |
correlationId |
Required | Unique identifier used to correlate multiple log entries associated with a single API request. |
level |
Required | Type of log. Valid values are info , warn , error . |
requestId |
Optional | Identifier of the associated request. |
resolution |
Optional | Guidance on how to proceed if you receive this log record. |
documentUrls |
Optional | More information on how to proceed if you receive this log record. |
Log messages
The following table lists the message IDs that are generated by the Security and Compliance Center service:
Message ID | Log type | Description | Additional fields | Resolution |
---|---|---|---|---|
compliance.00001E |
ERROR | Provider integration missing. | scanID , providerType |
Please create an integration between Workload Protection and Security and Compliance. |
compliance.00002E |
ERROR | Unable to retrieve results from the provider. | scanID , providerType |
Please review the workload protection configuration. Additionally, please reach out to the Security and Compliance team and provide them with the correlationID. |
compliance.00003I |
INFO | Scheduled scan started. | scanID , attachmentID , scanType |
N/A |
compliance.00004I |
INFO | On-demand scan started. | scanID , attachmentID , scanType |
N/A |
compliance.00005E |
ERROR | One scan is already running for the attachment, hence could not initiate a new scan. | attachmentID |
One scan is already in progress for this attachment, you can run only one scan per attachment at a time. Please wait until the current running scan to complete and then initiate a new scan. |
compliance.00006E |
ERROR | Cloud Object Storage configuration not valid. | attachmentID , scanType |
Missing storage configuration. Before you can evaluate your resources you must connect a Cloud Object Storage bucket that can be used to store results. |
compliance.00007E |
ERROR | Billing plan validation failed. | attachmentID , scanType |
Most likely your trial-period has ended, please check and upgrade your plan. To continue to work with the service. |
compliance.00008E |
ERROR | Scan failed. | scanID |
Scan failed due to an unexpected error, please create support case with the necessary information like correlationId. |
compliance.00009E |
ERROR | Unable to store report in Cloud Object Storage bucket. | scanID |
Validate the configuration of your Cloud Object Storage bucket associated with this Security and Compliance instance. |