Activity tracking events for IBM Cloud Transit Gateway
IBM Cloud services, such as IBM Cloud Transit Gateway, generate activity tracking events.
Activity tracking events report on activities that change the state of a service in IBM Cloud. You can use the events to investigate abnormal activity and critical actions and to comply with regulatory audit requirements.
You can use IBM Cloud Activity Tracker Event Routing, a platform service, to route auditing events in your account to destinations of your choice by configuring targets and routes that define where activity tracking events are sent. For more information, see About IBM Cloud Activity Tracker Event Routing.
You can use IBM Cloud Logs to visualize and alert on events that are generated in your account and routed by IBM Cloud Activity Tracker Event Routing to an IBM Cloud Logs instance.
As of 28 March 2024, the IBM Cloud Activity Tracker service is deprecated and will no longer be supported as of 30 March 2025. Customers will need to migrate to IBM Cloud Logs before 30 March 2025. During the migration period, customers can use IBM Cloud Activity Tracker along with IBM Cloud Logs. Activity tracking events are the same for both services. For information about migrating from IBM Cloud Activity Tracker to IBM Cloud Logs and running the services in parallel, see migration planning.
Activity tracker events are captured for all locations, even if recorded in eu-de. Because Transit Gateway is a global control plan, if you perform an action to a resource in us-south, it's handled by that control plane
and logged in the us-south activity tracker location (by default).
Locations where activity tracking events are generated
Dallas (us-south) |
Washington (us-east) |
Toronto (ca-tor) |
Sao Paulo (br-sao) |
|---|---|---|---|
| No | No | No | No |
Tokyo (jp-tok) |
Sydney (au-syd) |
Osaka (jp-osa) |
Chennai (in-che) |
|---|---|---|---|
| No | No | No | No |
Frankfurt (eu-de) |
London (eu-gb) |
Madrid (eu-es) |
|---|---|---|
| Yes | No | No |
Locations where activity tracking events are sent to IBM Cloud Activity Tracker hosted event search
IBM Cloud Transit Gateway sends activity tracking events to IBM Cloud Activity Tracker hosted event search in the regions that are indicated in the following table.
Dallas (us-south) |
Washington (us-east) |
Toronto (ca-tor) |
Sao Paulo (br-sao) |
|---|---|---|---|
| No | No | No | No |
Tokyo (jp-tok) |
Sydney (au-syd) |
Osaka (jp-osa) |
Chennai (in-che) |
|---|---|---|---|
| No | No | No | No |
Frankfurt (eu-de) |
London (eu-gb) |
Madrid (eu-es) |
|---|---|---|
| Yes | No | No |
Locations where activity tracking events are sent by IBM Cloud Activity Tracker Event Routing
IBM Cloud Transit Gateway sends activity tracking events by IBM Cloud Activity Tracker Event Routing in the regions that are indicated in the following table.
Dallas (us-south) |
Washington (us-east) |
Toronto (ca-tor) |
Sao Paulo (br-sao) |
|---|---|---|---|
| No | No | No | No |
Tokyo (jp-tok) |
Sydney (au-syd) |
Osaka (jp-osa) |
Chennai (in-che) |
|---|---|---|---|
| No | No | No | No |
Frankfurt (eu-de) |
London (eu-gb) |
Madrid (eu-es) |
|---|---|---|
| Yes | No | No |
Viewing activity tracking events for IBM Cloud VPC
You can use IBM Cloud Logs to visualize and alert on events that are generated in your account and routed by IBM Cloud Activity Tracker Event Routing to an IBM Cloud Logs instance.
Launching IBM Cloud Logs from the Observability page
For information on launching the IBM Cloud Logs UI, see Launching the UI in the IBM Cloud Logs documentation.
List of management events
The following table lists actions that generate management events.
| Action | Description |
|---|---|
transit.gateway.create |
Create a transit gateway |
transit.gateway.delete |
Delete a transit gateway |
transit.gateway.update |
Update a transit gateway |
transit.connection.create |
Create a transit gateway connection |
transit.connection.delete |
Delete a transit gateway connection |
transit.connection-request.delete |
Delete a transit gateway cross account connection |
transit.connection.update |
Update a transit gateway connection |
transit.connection-request.create |
Create a request for a cross account transit gateway connection |
transit.connection-request.approve |
Approve request for a cross account transit gateway connection |
transit.connection-request.reject |
Reject request for a cross account transit gateway connection |
List of data events
The following table lists actions that generate data events.
| Action | Description |
|---|---|
transit.gateway.read |
Retrieve a transit gateway |
transit.gateway.list |
List transit gateways |
transit.connection.list |
List transit gateway connections |
transit.location.read |
Retrieve a transit gateway location |
transit.location.list |
List transit gateway locations |
Analyzing IBM Cloud Transit Gateway activity tracking events
Refer to the following information when analyzing events:
-
Filter for the
transitaction to see all transit gateway events in your account. Filter fortransit.connectionto see events related to your transit gateway connections. -
Each event's target field identifies which transit gateway is associated with the event.
When the gateway exists in a different account or there is no associated gateway, the target is set as
crn:v1:bluemix:public:transit:global:a/<your account ID>:::. Events that don't correspond to a gateway will not have resource group information. -
Events that are associated with a specific connection will include the connection's id in
target.connectionId. -
Events that report update actions do not include information about the delta of the change.
-
The event's initiator field contains information about who initiated each request. In authorized cross account scenarios,
IBMwill be identified as the initiator.