IBM Cloud Docs
Configuring an IBM Cloud Logs target

Configuring an IBM Cloud Logs target

A target is an IBM Cloud resource where you can collect auditing events. Use this tutorial to learn how to configure a IBM Cloud Logs target in the account.

Scenarios

You can define a IBM Cloud Logs instance as a target in any of the following situations:

  • You want to collect and store auditing events in IBM Cloud Logs. You can have the instance in the account that generates the events or in a different account from the one that generates auditing events.

Prerequisites

  • You need a user ID that is a member, or an owner of, an IBM Cloud account. To get an IBM Cloud user ID, go to: Create an account.

  • Learn about Activity Tracker Event Routing. For more information, see About.

  • Install the IBM Cloud CLI. For more information, see Installing the IBM Cloud CLI.

  • Install the latest Activity Tracker Event Routing CLI V2 plugin in your local system. See Installing the Activity Tracker Event Routing CLI.

  • Every user that manages the Activity Tracker Event Routing configuration in your account must be assigned an access policy. The policy determines what actions the user can perform. The allowable actions are customized and defined by Activity Tracker Event Routing as operations that are allowed to be performed on the service. The actions are then mapped to IAM user roles. Learn more.

    Your user ID needs administrator platform permissions to manage the IBM Cloud Activity Tracker Event Routing service. Contact the account owner. The account owner can grant another user access to the account for the purposes of managing user access, and managing account resources. Learn more.

Provision a IBM Cloud Logs instance

Complete the following steps:

  1. Provision an IBM Cloud Logs instance. See Provisioning an instance.

Create a target

To create an IBM Cloud Logs target from the Observability dashboard in the IBM Cloud, complete the following steps:

  1. Log in to your IBM Cloud account.

    After you log in, the IBM Cloud UI opens.

  2. Click the Menu icon Menu icon > Observability.

  3. Click Activity Tracker > Routing.

  4. Click Create.

  5. Choose IBM Cloud Logs for the type.

  6. If you have not yet configured a service-to-service authorization policy, you will see: Service authorization required.

    • To grant access to Activity Tracker Event Routing to send to any IBM Cloud Logs instance in your account select Authorize now.
    • To have a more restrictive authorization policy configured to a specific IBM Cloud Logs instance, follow: TODO LINK

  7. Select the instance of IBM Cloud Logs under Choose the destination.

  8. Provide the name of the target for Target name.

  9. Select the Target region. This determines the IBM Cloud Activity Tracker Event Routing API endpoint for the request.

  10. Select Create target.

Next

Define 1 or more routes in the account. For more information, see Configuring a route.

When you configure a route, you associate a target with a route and define which type of auditing events are routed. The route defines the rules that determine where auditing events are routed in your account. For example, you can define a route that routes auditing events from 2 different regions, and also routes global events.

You can collect global events and location-based events.

  • Global events report on activity in your account that relate to data and resources that are generally synchronized across all regions.
  • Location-based events report on activity in your account that is generated by IBM Cloud services that are hosted within an IBM data center location, such as US-South or US-East.