Logging for VPC

IBM Cloud services, such as IBM Cloud VPC, generate platform logs that you can use to investigate abnormal activity and critical actions in your account, and troubleshoot problems.

You can use IBM Cloud Logs Routing, a platform service, to route platform logs in your account to a destination of your choice by configuring a tenant that defines where platform logs are sent. For more information, see About Logs Routing.

You can use IBM Cloud Logs to visualize and alert on platform logs that are generated in your account and routed by IBM Cloud Logs Routing to an IBM Cloud Logs instance.

As of 28 March 2024, the IBM Log Analysis service is deprecated and will no longer be supported as of 30 March 2025. Customers need to migrate to IBM Cloud Logs before 30 March 2025. During the migration period, customers can use IBM Log Analysis along with IBM Cloud Logs. Logging is the same for both services. For information about migrating from IBM Log Analysis to IBM Cloud Logs and running the services in parallel, see migration planning.

Locations where platform logs are generated

Locations where logs are sent to IBM Log Analysis

IBM Cloud VPC sends platform logs to IBM Log Analysis in the regions indicated in the following table.

Regions where platform logs are sent in Americas locations
Dallas (`us-south`)	Washington (`us-east`)	Toronto (`ca-tor`)	Sao Paulo (`br-sao`)
Yes	Yes	Yes	Yes

Regions where platform logs are sent in Asia Pacific locations
Tokyo (`jp-tok`)	Sydney (`au-syd`)	Osaka (`jp-osa`)
Yes	Yes	Yes

Regions where platform logs are sent in Europe locations
Frankfurt (`eu-de`)	London (`eu-gb`)	Madrid (`eu-es`)
Yes	Yes	Yes

Locations where logs are sent by IBM Cloud Logs Routing

IBM Cloud VPC sends logs by IBM Cloud Logs Routing in the regions that are indicated in the following table.

Regions where platform logs are sent in Americas locations
Dallas (`us-south`)	Washington (`us-east`)	Toronto (`ca-tor`)	Sao Paulo (`br-sao`)
Yes	Yes	Yes	Yes

Regions where platform logs are sent in Asia Pacific locations
Tokyo (`jp-tok`)	Sydney (`au-syd`)	Osaka (`jp-osa`)
Yes	Yes	Yes

Regions where platform logs are sent in Europe locations
Frankfurt (`eu-de`)	London (`eu-gb`)	Madrid (`eu-es`)
Yes	Yes	Yes

Viewing logs

Launching IBM Cloud Logs from the Observability page

For more information about launching the IBM Cloud Logs UI, see Launching the UI in the IBM Cloud Logs documentation.

Fields per log type

Table 1 outlines the fields that are included in each log record:

Table 1. Log record fields
Field	Type	Description
`logSourceCRN`	Required	Defines the account and flow log instance where the log is published.
`saveServiceCopy`	Required	Defines whether IBM saves a copy of the record for operational purposes.
`message`	Required	Description of the log that is generated.
`messageID`	Required	ID of the log that is generated.
`msg_timestamp`	Required	The timestamps when the log is generated.
`resolution`	Optional	Guidance on how to proceed if you receive this log record.
`documentsURL`	Optional	More information on how to proceed if you receive this log record.
`generation`	Required	Defines the VPC source of the log. Valid options are `1` for VPC Classic, and `2` for `VPC Gen 2`.

Log messages

The following tables list the message IDs that are generated by VPC services:

Flow log collector

Table 2 outlines the message IDs that are generated by the flow log collector service:

Table 2. Message IDs that are generated by Flow Log Collector
Message ID	Type	Learn More
`is.flow-log-collector.00001E`	`err`	`Failed to write Flow Log file for the past 24 hours. Dropping flow log for Virtual Server <ServerName>`
`is.flow-log-collector.00002E`	`err`	`Unauthorized access to Cloud Object Storage bucket <BucketName>`
`is.flow-log-collector.00003E`	`err`	`Cloud Object Storage bucket <BucketName> was not found`

Flow log collector generates hourly logs.

Dedicated Host

Table 3 outlines the message IDs that are generated for dedicated hosts:

Table 3. Message IDs that are generated for dedicated hosts
Message ID	Type	Learn More
`dedicated-host.00001`	`err`	`Failed to create dedicated host <Dedicated Host ID> due to insufficient capacity in zone.`
`dedicated-host.00002`	`info`	`Provisioned a virtual server instance on dedicated host <Dedicated Host ID>.`
`dedicated-host.00003`	`info`	`Removed a virtual server instance on dedicated host <Dedicated Host ID>.`

A log is generated when each Dedicated Host event occurs.

Resource Quota

Table 4 outlines the message IDs that are generated for resource quota events:

Table 4. Message IDs that are generated for resource quota events
Message ID	Type	Learn More
`quota-monitoring.00001`	`info`	`Successfully provisioned resource <Resource ID>.`
`quota-monitoring.00002`	`err`	`Failed to provision resource <Resource ID> due to resource quota limits.`
`quota-monitoring.00004`	`err`	`Failed to update resource <Resource ID> due to resource quota limits.`

A log is generated when a provision or update resource quota event succeeds or fails.

Snapshots for VPC

Table 5 outlines the message IDs that are generated by the Snapshots service:

Table 5. Message IDs that are generated for Snapshot events
Message ID	Type	Learn More
`snapshot.00001`	`info`	`Snapshot creation requested for volume <Volume ID>.`
`snapshot.00002`	`info`	`Snapshot <Snapshot ID> is successfully captured. Volume <Volume ID>`
`snapshot.00003`	`info`	`Snapshot <Snapshot ID> is an incremental snapshot. Volume <Volume ID>`
`snapshot.00004`	`info`	`Snapshot <Snapshot ID> is a full snapshot. Volume <Volume ID>`
`snapshot.00005`	`info`	`Snapshot <Snapshot ID> is available. Volume <Volume ID>`
`snapshot.00006`	`info`	`Snapshot <Snapshot ID> is uploaded. Volume <Volume ID>`
`snapshot.00007`	`info`	`Snapshot <Snapshot ID> deletion requested.`
`snapshot.00008`	`info`	`Snapshot <Snapshot ID> is successfully deleted. Volume <Volume ID> Region <Region>`
`snapshot.00009`	`info`	`All snapshots of volume <Volume ID> in the region <Region> are requested to be deleted.`
`snapshot.00010`	`info`	`Delete all snapshots request for volume <Volume ID> is completed successfully. Region <Region>`
`snapshot.00010`	`info`	`Snapshot copy creation in region <Region> requested for snapshot <Snapshot ID> from region <Source Region>. Volume <Volume ID>`

Table 6 outlines the message IDs that are generated for File Storage replication events:

Table 6. Message IDs that are generated for file share replication events
Message ID	Type	Description
`regional-file.00001I`	`info`	The replication status of `{{.shareID}}` is active.
`regional-file.00002W`	`warning`	The replication status of `{{.shareID}}` is degraded.
`regional-file.00003I`	`info`	Initiated by the cron schedule `{{.cronSpec}}`, `{{.dataTransferredInGiB}}` of data transferred from the source share `{{.shareID.}}` between `{{.startedAt.}}` and `{{.endedAt.}}` with a data transfer rate of `{{.transferRate}}`.

A log is generated when a replication event occurs.

Table 7 outlines the message IDs that are generated for File Storage related events:

Table 7. Message IDs that are generated for accessor file share events
Message ID	Type	Description
`is.share.00004I`	`info`	The lifecycle_state of accessor share `{{.shareID}}` is stable.
`is.share.00005I`	`info`	The lifecycle_state of accessor share `{{.shareID}}` is failed and the reason for failure is `{{.shareLifecycleReason}}`.
`is.share.00006I`	`info`	The lifecycle_state of share mount target `{{.targetID}}` for the `{{.shareID}}` at accessor account is stable.
`is.share.00007I`	`info`	The lifecycle_state of share mount target `{{.targetID}}` for the `{{.shareID}}` at accessor account is failed.