Auditing events for VCF as a Service

Use the IBM Cloud® Activity Tracker service to track how users and applications interact with IBM Cloud® for VMware Cloud Foundation as a Service in IBM Cloud.

IBM Cloud Activity Tracker records user-initiated activities that change the state of a service in IBM Cloud. You can use this service to investigate for abnormal activity and critical actions, and comply with regulatory audit requirements. In addition, you can be alerted on actions as they happen. The events that are collected comply with the Cloud Auditing Data Federation (CADF) standard. For more information, see Getting started with Activity Tracker.

Events that are related to virtual data centers

Events are generated to track how users and applications interact with virtual data centers. The following table lists the actions that generate and send events to Activity Tracker.

Table 1. Description of actions that generate events related to virtual data centers
Action	Description
`vmware.vdc.create`	An event is generated when a virtual data center instance is created.
`vmware.vdc.delete`	An event is generated when a virtual data center instance is deleted.
`vmware.vdc.update`	An event is generated when a virtual data center instance is modified.

Events that are related to director site management

Events are generated when you access VMware Cloud Director™ in VMware Cloud Foundation (VCF) as a Service. The following table provides the actions that generate and send events to Activity Tracker.

Table 2. Description of actions that generate events related to VMware Cloud Director site management
Action	Description
`vmware.directorsite.create`	An event is generated when a VMware Cloud Director site is created.
`vmware.directorsite.delete`	An event is generated when a VMware Cloud Director site is deleted.
`vmware.directorsite-pvdc.create`	An event is generated when a VMware Cloud Director site resource pool is created.
`vmware.directorsite-pvdc.delete`	An event is generated when a VMware Cloud Director site resource pool is deleted.
`vmware.directorsite-cluster.create`	An event is generated when a VMware Cloud Director site cluster is created.
`vmware.directorsite-cluster.delete`	An event is generated when a VMware Cloud Director site cluster is deleted.
`vmware.directorsite-host.add`	An event is generated when a host is added to a VMware Cloud Director site.
`vmware.directorsite-host.remove`	An event is generated when a host is removed from a VMware Cloud Director site.
`vmware.directorsite-nfs-storage.add`	An event is generated when NFS storage is added to a VMware Cloud Director site.
`vmware.directorsite-nfs-storage.remove`	An event is generated when NFS storage is removed from a VMware Cloud Director site.
`vmware.directorsite.password-reset`	An event is generated when the user password for a VMware Cloud Director site is reset.
`vmware.directorsite-iam.config`	An event is generated when the OpenID Connect (OIDC) for a VMware Cloud Director site is configured.
`vmware.directorsite-iam.read`	An event is generated when the OIDC for a VMware Cloud Director site is checked. Monitoring is not enabled yet.

Viewing events

VCF as a Service events are global events. For more information, see Monitoring global and location-based events.

IBM Cloud Activity Tracker can have only one instance per location. To view events, you must access the web UI of the IBM Cloud Activity Tracker service in the same location where your service instance is available. For more information, see Navigating to the UI.