Activity tracking events for VMware Solutions
IBM Cloud® services, such as IBM Cloud® for VMware Solutions, generate activity tracking events.
Activity tracking events report on activities that change the state of a service in IBM Cloud. You can use the events to investigate abnormal activity and critical actions and to comply with regulatory audit requirements.
You can use IBM Cloud Activity Tracker Event Routing, a platform service to route auditing events in your account to destinations of your choice by configuring targets and routes that define where activity tracking events are sent. For more information, see About IBM Cloud Activity Tracker Event Routing.
You can use IBM Cloud Logs to visualize and alert on events that are generated in your account and routed by IBM Cloud Activity Tracker Event Routing to an IBM Cloud Logs instance.
Locations where activity tracking events are generated
IBM Cloud for VMware Solutions generates activity tracking events in the regions that are indicated in the following table.
Dallas (us-south) |
Washington (us-east) |
Toronto (ca-tor) |
Sao Paulo (br-sao) |
|---|---|---|---|
| Yes | Yes | Yes | No |
Tokyo (jp-tok) |
Sydney (au-syd) |
Osaka (jp-osa) |
Chennai (in-che) |
|---|---|---|---|
| Yes | No | No | No |
Frankfurt (eu-de) |
London (eu-gb) |
Madrid (eu-es) |
|---|---|---|
| Yes | No | No |
Events for VCF for Classic instance management
When you manage user accounts, instances, clusters, and services in VMware Solutions, an event is generated.
The following table provides the actions that generate and send management events to Activity Tracker.
| Action | Description |
|---|---|
vmware-solutions.account-apikey.update |
The infrastructure API key for an account is updated. |
vmware-solutions.account-notification.update |
The notification setting for an account is updated. |
vmware-solutions.instance-secure-data.wipe |
The instance-secure data is wiped. |
vmware-solutions.instance-bss-account.migrate |
An instance is migrated to a BSS account. |
vmware-solutions.vcs.create |
A VMware Cloud Foundation for Classic instance is created. |
vmware-solutions.vcs.delete |
A VCF for Classic instance is deleted. |
vmware-solutions.vcs-host.add |
A host is added to a VCF for Classic instance. |
vmware-solutions.vcs-host.remove |
A host is removed from a VCF for Classic instance. |
vmware-solutions.vcs.update |
A VCF for Classic instance is updated. |
vmware-solutions.vcs-cluster.create |
A cluster is created for a VCF for Classic instance. |
vmware-solutions.vcs-cluster.delete |
A cluster is deleted for a VCF for Classic instance. |
vmware-solutions.vcs-nsx-license.update |
The VMware NSX® license is updated for a VCF for Classic instance. |
vmware-solutions.vcs-nfs-storage.add |
NFS storage is added to a VCF for Classic instance. |
vmware-solutions.vcs-nfs-storage.remove |
NFS storage is removed from a VCF for Classic instance. |
vmware-solutions.vcs-plan.update |
A VCF for Classic instance's plan is updated. |
vmware-solutions.vss.create |
A VMware Cloud Foundation for Classic - Flexible instance is created. |
vmware-solutions.vss.update |
A VCF for Classic - Flexible instance is updated. |
vmware-solutions.vss-template.remove |
A VCF for Classic - Flexible template is removed. |
vmware-solutions.service.create |
A service is created. |
vmware-solutions.service.delete |
A service is deleted. |
Events for KMIP for VMware
When you manage keys for the KMIP™ for VMware® service, an event is generated.
The following table provides the actions that generate and send events for KMIP for VMware. The initiator completes these actions from vCenter Server and they do not include the initiator's IP address. The requests for these actions run from within the IBM Cloud private network.
The initiator ID is derived from the TLS (Transport Layer Security) certificate of the vCenter Server that is used to authenticate the connection to the KMIP server. The initiator ID is in the format CertificateID-<value>,
where the value matches the fingerprint of the corresponding TLS certificate. Using the fingerprint, you can identify the vCenter Server that triggered the action.
| Action | Description |
|---|---|
vmware-solutions.kmip-key.create |
A KMIP key is created. |
vmware-solutions.kmip-key.read |
A KMIP key is retrieved. |
vmware-solutions.kmip-key-attributes.retrieve |
A KMIP key's attributes are retrieved. |
vmware-solutions.kmip-key.activate |
A KMIP key is activated. |
vmware-solutions.kmip-key.revoke |
A KMIP key is revoked. |
vmware-solutions.kmip-key.destroy |
A KMIP key is destroyed. |