Logging for Security and Compliance Center
As of 16 June 2025, you cannot create new instances in this version of this product. All of the functionality is now available in the updated experience of Security and Compliance Center Workload Protection. For more information, see the transition documentation.
IBM Cloud services, such as Security and Compliance Center, generate platform logs that you can use to investigate abnormal activity and critical actions in your account, and troubleshoot problems.
You can use IBM Cloud Logs Routing, a platform service, to route platform logs in your account to a destination of your choice by configuring a tenant that defines where platform logs are sent. For more information, see About Logs Routing.
You can use IBM Cloud Logs to visualize and alert on platform logs that are generated in your account and routed by IBM Cloud Logs Routing to an IBM Cloud Logs instance.
Locations where logs are sent by IBM Cloud Logs Routing
Security and Compliance Center sends logs by IBM Cloud Logs Routing in the regions that are indicated in the following table.
Dallas (us-south) |
Washington (us-east) |
Toronto (ca-tor) |
Sao Paulo (br-sao) |
|---|---|---|---|
| Yes | No | Yes | No |
Tokyo (jp-tok) |
Sydney (au-syd) |
Osaka (jp-osa) |
Chennai (in-che) |
|---|---|---|---|
| No | No | No | No |
Frankfurt (eu-de) |
London (eu-gb) |
Madrid (eu-es) |
|---|---|---|
| Yes | No | Yes |
Platform logs that are generated
The Security and Compliance Center service generates platform logs related to the following cases:
- When a scan begins or when a scan cannot be initiated
- Any errors related to provider integrations
- Report generation or if an error associated with a report is found
- When there is an error in storing reports
Enabling logging
Platform logs are logs that are exposed by logging-enabled services and the platform in IBM Cloud. Platform logs are regional. You can monitor logs from enabled services on IBM Cloud in the region where the service is available. While you can configure multiple IBM Cloud Logs service in a location, only one instance of the logging service can be configured to receive logs from enabled services in that IBM Cloud location.
To configure your IBM Cloud instance, you must turn on the platform logs configuration setting. You must also have the platform role of editor or higher for the IBM Cloud Log service in your account. For more information about platform logs, see Configuring IBM Cloud platform logs.
Viewing logs
Launching IBM Cloud Logs from the Observability page
For more information about launching the IBM Cloud Logs UI, see Launching the UI in the IBM Cloud Logs documentation.
Fields by log type
For information about fields included in every platform log, see Fields for platform logs
| Field | Type | Description |
|---|---|---|
logSourceCRN |
Required | Defines the Security and Compliance Center instance where the log is published. |
resourceGroupId |
Required | Defines the resource group that is associated with the Security and Compliance Center instance. |
message |
Required | Description of the log that is generated. |
msgTimestamp |
Required | UTC timestamp of the message. |
messageId |
Required | ID of the log that is generated. |
correlationId |
Required | Unique identifier used to correlate multiple log entries associated with a single API request. |
level |
Required | Type of log. Valid values are info, warn, error. |
requestId |
Optional | Identifier of the associated request. |
resolution |
Optional | Guidance on how to proceed if you receive this log record. |
documentUrls |
Optional | More information on how to proceed if you receive this log record. |
Log messages
The following table lists the message IDs that are generated by the Security and Compliance Center service:
| Message ID | Log type | Description | Additional fields | Resolution |
|---|---|---|---|---|
compliance.00001E |
ERROR | Provider integration missing. | scanID, providerType |
Please create an integration between Workload Protection and Security and Compliance. |
compliance.00002E |
ERROR | Unable to retrieve results from the provider. | scanID, providerType |
Please review the workload protection configuration. Additionally, please reach out to the Security and Compliance team and provide them with the correlationID. |
compliance.00003I |
INFO | Scheduled scan started. | scanID, attachmentID, scanType |
N/A |
compliance.00004I |
INFO | On-demand scan started. | scanID, attachmentID, scanType |
N/A |
compliance.00005E |
ERROR | One scan is already running for the attachment, hence could not initiate a new scan. | attachmentID |
One scan is already in progress for this attachment, you can run only one scan per attachment at a time. Please wait until the current running scan to complete and then initiate a new scan. |
compliance.00006E |
ERROR | Cloud Object Storage configuration not valid. | attachmentID, scanType |
Missing storage configuration. Before you can evaluate your resources you must connect a Cloud Object Storage bucket that can be used to store results. |
compliance.00007E |
ERROR | Billing plan validation failed. | attachmentID, scanType |
Most likely your trial-period has ended, please check and upgrade your plan. To continue to work with the service. |
compliance.00008E |
ERROR | Scan failed. | scanID |
Scan failed due to an unexpected error, please create support case with the necessary information like correlationId. |
compliance.00009E |
ERROR | Unable to store report in Cloud Object Storage bucket. | scanID |
Validate the configuration of your Cloud Object Storage bucket associated with this Security and Compliance instance. |