| copyright | lastupdated | keywords | subcollection | ||
|---|---|---|---|---|---|
|
2024-10-09 |
logs-router |
{{site.data.keyword.attribute-definition-list}}
{: #activity-tracker}
As a security officer, auditor, or manager, you can use the {{site.data.keyword.at_full}} service to track how users and applications interact with the {{site.data.keyword.logs_routing_full}} service in {{site.data.keyword.cloud_notm}}. {: shortdesc}
{{site.data.keyword.at_full_notm}} records user-initiated activities that change the state of a service in {{site.data.keyword.cloud_notm}}. You can use this service to investigate abnormal activity and critical actions and to comply with regulatory audit requirements. In addition, you can be alerted about actions as they happen. The events that are collected comply with the Cloud Auditing Data Federation (CADF) standard. For more information, see {{site.data.keyword.at_full_notm}} Getting Started.
{: #at_actions}
| Action | Description |
|---|---|
logs-router.tenant.create |
This event is generated whenever a new tenant is created (onboarded). |
logs-router.tenant.delete |
This event is generated whenever a tenant is deleted (offboarded). |
logs-router.tenant.read |
This event is generated whenever data about an existing tenant is viewed. |
logs-router.tenant.update |
This event is generated whenever the target data for a target of the tenant is edited (updated). |
| {: caption="Actions that generate management events" caption-side="bottom"} |
{: #at_actions_data}
| Action | Description |
|---|---|
logs-router.event.send |
This event is generated whenever the ingester receives a new connection request from an agent. |
| {: caption="Actions that generate data events" caption-side="bottom"} |
{: #at_ui}
Events that are generated by a {{site.data.keyword.logs_routing_full_notm}} tenant are automatically forwarded to the {{site.data.keyword.at_full_notm}} service instance that is available in the same location.
{{site.data.keyword.at_full_notm}} can have only one instance per location. To view events, you must access the web UI of the {{site.data.keyword.at_full_notm}} service in the same location where your service instance is available. For more information, see Navigating to the UI.
{: #at_events_iam_analyze}
Depending on the action, the event includes additional information in the requestData or responseData field.
The following table lists custom fields that are included in these events:
| Custom fields | Valid values | Description | Actions |
|---|---|---|---|
requestData.region |
For example, eu-gb |
Defines the region where the tenant is located. | create, read, update, delete, send |
requestData.targetType |
For example, logdna |
Defines the target type requested. | create, update |
requestData.targetHost |
For example, logs.eu-gb.logging.cloud.ibm.com |
Defines the host where logs are sent. | create, update |
requestData.targetPort |
For example, 443 |
Defines the port where logs are sent. | create, update |
requestData.targetCRN |
A valid CRN | Defines the CRN of the target. | create, update |
requestData.tenantID |
For example, XXXXXXXX-XXXX-XXXX-XXXXXXXXXXXX |
Defines the tenant ID. For example, the tenant ID to delete (offboard). | read, delete, update |
responseData.tenantCRN |
For example, crn:v1:staging:public:logs-router:eu-gb:a/XXXXXXXX-XXXX-XXXX-XXXXXXXXXXXX:XXXXXXXX-XXXX-XXXX-XXXXXXXXXXXX:: |
Defines the CRN of the onboarded tenant. | create, read, update |
| {: caption="Custom fields for events" caption-side="bottom"} |