Activity tracking events for IBM Cloud Monitoring

IBM Cloud services, such as IBM Cloud Monitoring, generate activity tracking events.

Activity tracking events report on activities that change the state of a service in IBM Cloud. You can use the events to investigate abnormal activity and critical actions and to comply with regulatory audit requirements.

You can use IBM Cloud Activity Tracker Event Routing, a platform service, to route auditing events in your account to destinations of your choice by configuring targets and routes that define where activity tracking events are sent. For more information, see About IBM Cloud Activity Tracker Event Routing.

You can use IBM Cloud Logs to visualize and alert on events that are generated in your account and routed by IBM Cloud Activity Tracker Event Routing to an IBM Cloud Logs instance.

As of 28 March 2024, the IBM Cloud Activity Tracker service is deprecated and will no longer be supported as of 30 March 2025. Customers will need to migrate to IBM Cloud Logs before 30 March 2025. During the migration period, customers can use IBM Cloud Activity Tracker along with IBM Cloud Logs. Activity tracking events are the same for both services. For information about migrating from IBM Cloud Activity Tracker to IBM Cloud Logs and running the services in parallel, see migration planning.

Locations where activity tracking events are generated

Locations where activity tracking events are sent to IBM Cloud Activity Tracker hosted event search

IBM Cloud Monitoring sends activity tracking events to IBM Cloud Activity Tracker hosted event search in the regions that are indicated in the following table.

Regions where activity tracking events are sent in Americas locations
Dallas (`us-south`)	Washington (`us-east`)	Toronto (`ca-tor`)	Sao Paulo (`br-sao`)
Yes	Yes	Yes	Yes

Regions where activity tracking events are sent in Asia Pacific locations
Tokyo (`jp-tok`)	Sydney (`au-syd`)	Osaka (`jp-osa`)	Chennai (`in-che`)
Yes	Yes	Yes	No

Regions where activity tracking events are sent in Europe locations
Frankfurt (`eu-de`)	London (`eu-gb`)	Madrid (`eu-es`)
Yes	Yes	Yes

Locations where activity tracking events are sent by IBM Cloud Activity Tracker Event Routing

IBM Cloud Monitoring sends activity tracking events by IBM Cloud Activity Tracker Event Routing in the regions that are indicated in the following table.

Regions where activity tracking events are sent in Americas locations
Dallas (`us-south`)	Washington (`us-east`)	Toronto (`ca-tor`)	Sao Paulo (`br-sao`)
Yes	Yes	Yes	Yes

Regions where activity tracking events are sent in Asia Pacific locations
Tokyo (`jp-tok`)	Sydney (`au-syd`)	Osaka (`jp-osa`)	Chennai (`in-che`)
Yes	Yes	Yes	No

Regions where activity tracking events are sent in Europe locations
Frankfurt (`eu-de`)	London (`eu-gb`)	Madrid (`eu-es`)
Yes	Yes	Yes

Viewing activity tracking events for IBM Cloud Monitoring

You can use IBM Cloud Logs to visualize and alert on events that are generated in your account and routed by IBM Cloud Activity Tracker Event Routing to an IBM Cloud Logs instance.

Launching IBM Cloud Logs from the Observability page

For information on launching the IBM Cloud Logs UI, see Launching the UI in the IBM Cloud Logs documentation.

Alerts: List of management events

Alerts: List of activity tracking actions
Action	Description
`sysdig-monitor.alert.create`	An event is created when you create an alert definition
`sysdig-monitor.alert.read`	An event is created when you read an alert definition
`sysdig-monitor.alert.update`	An event is created when you update an alert definition
`sysdig-monitor.alert.delete`	An event is created when you delete an alert definition
`sysdig-monitor.alert.list`	An event is created when you view the alerts in the monitoring instance

Captures: List of management events

Captures: List of activity tracking actions
Action	Description
`sysdig-monitor.capture.create`	An event is created when you create a Monitoring capture
`sysdig-monitor.capture.read`	An event is created when you load a Monitoring capture in the dashboard
`sysdig-monitor.capture.update`	An event is created when you update a Monitoring capture
`sysdig-monitor.capture.delete`	An event is created when you delete a Monitoring capture

Dashboards: List of management events

Dashboards: List of activity tracking actions
Action	Description
`sysdig-monitor.dashboard.create`	An event is created when you create a dashboard
`sysdig-monitor.dashboard.read`	An event is created when you load a dashboard
`sysdig-monitor.dashboard.update`	An event is created when you update a dashboard
`sysdig-monitor.dashboard.delete`	An event is created when you delete a dashboard
`sysdig-monitor.dashboard.list`	An event is created when you view the dashboards in the monitoring instance

Teams: List of management events

Teams: List of activity tracking actions
Action	Description
`sysdig-monitor.team.create`	An event is created when you create a Monitoring team
`sysdig-monitor.team.read`	An event is created when you view a Monitoring team definition
`sysdig-monitor.team.update`	An event is created when you update a Monitoring team definition
`sysdig-monitor.team.delete`	An event is created when you delete a Monitoring team
`sysdig-monitor.team.list`	An event is created when you view the Monitoring teams