IBM Cloud Logs events for IBM Power Virtual Server
IBM Power Virtual Server in IBM data center
IBM Power Virtual Server Private Cloud in Client location
IBM® Cloud Logs is a scalable logging service that persists logs and provides users with capabilities for querying, tailing, and visualizing logs.
Logs are comprised of events that are typically human-readable and have different formats, for example, unstructured text, JSON, delimiter-separated values, and key-value pairs. You can use the events to investigate abnormal activity and critical actions and to comply with regulatory audit requirements. IBM® Power® Virtual Server automatically generates events so that you can track activity on your service.
For more information, see Getting started with IBM Cloud Logs.
Management events
Instance events
The following events are used to read the Power Virtual Server instance.
| Action | Description |
|---|---|
| power-iaas.event.list | Lists all the Power Virtual Server instances |
| power-iaas.event.read | Reads a Power Virtual Server instance |
Images events
The following events are to work with images in your Power Virtual Server instance.
| Action | Description |
|---|---|
| power-iaas.image.list | Lists all the images |
| power-iaas.image.read | Reads an image |
| power-iaas.image.create | Creates an image |
| power-iaas.image.update | Updates an image |
| power-iaas.image.delete | Deletes an image |
| power-iaas.image.capture | Exports an image |
Network events
The following events are to work with networks in your Power Virtual Server instance.
| Action | Description |
|---|---|
| power-iaas.network.list | Lists all the networks |
| power-iaas.network.read | Reads a network |
| power-iaas.network.create | Creates a network (Public or Private) |
| power-iaas.network.update | Updates a network |
| power-iaas.network.delete | Deletes a network |
Power Virtual Server events
The following events are to work with each Power Virtual Server instance.
| Action | Description |
|---|---|
| power-iaas.pvm-instance.list | Lists all the Power Virtual Server instances |
| power-iaas.pvm-instance.read | Reads a Power Virtual Server instance |
| power-iaas.pvm-instance.create | Creates a Power Virtual Server instance |
| power-iaas.pvm-instance.update | Updates a Power Virtual Server instance |
| power-iaas.pvm-instance.delete | Deletes a Power Virtual Server instance |
| power-iaas.pvm-instance.start | Start a Power Virtual Server instance |
| power-iaas.pvm-instance.stop | Stop a Power Virtual Server instance |
| power-iaas.pvm-instance.renew | Restart a Power Virtual Server instance |
| power-iaas.pvm-instance.unknown | Unknown action on a Power Virtual Server instance |
| power-iaas.pvm-instance.monitor | Console access to a Power Virtual Server instance |
| power-iaas.pvm-instance.capture | Capture a Power Virtual Server instance into an image |
| power-iaas.pvm-instance.immediate-shutdown | Shut down a Power Virtual Server instance immediately |
| power-iaas.pvm-instance.clone | Clone a Power Virtual Server instance |
| power-iaas.pvm-instance.snapshot | Creates a Power Virtual Server instance snapshot |
| power-iaas.pvm-instance-network.read | Reads a Power Virtual Server instance network |
| power-iaas.pvm-instance-network.create | Creates a Power Virtual Server instance network |
| power-iaas.pvm-instance-network.delete | Deletes a Power Virtual Server instance network |
SSH keys events
The following events are to work with your account and SSH keys in your Power Virtual Server instance.
| Action | Description |
|---|---|
| power-iaas.ssh-key.list | Lists all the SSH keys |
| power-iaas.ssh-key.read | Reads an SSH key |
| power-iaas.ssh-key.create | Creates an SSH key |
| power-iaas.ssh-key.update | Updates an SSH key |
| power-iaas.ssh-key.delete | Deletes an SSH key |
Data volumes events
The following events are to work with data volumes in your Power Virtual Server instance.
| Action | Description |
|---|---|
| power-iaas.volume.list | Lists all the volumes |
| power-iaas.volume.read | Reads a volume |
| power-iaas.volume.create | Creates a volume |
| power-iaas.volume.update | Updates a volume |
| power-iaas.volume.delete | Deletes a volume |
| power-iaas.volume.configure | Attaches or Detaches a volume |
Storage capacity events
The following events are to work with storage capacity in your Power Virtual Server instance.
| Action | Description |
|---|---|
| power-iaas.storage-capacity.list | Lists all the storage capacity |
| power-iaas.storage-capacity.read | Reads a storage capacity |
| power-iaas.pod-capacity.list Client location | Lists system and storage capacity for an Client location pod |
Storage pools events
The following events are to work with storage pools in your Power Virtual Server instance.
| Action | Description |
|---|---|
| power-iaas.system-pools.list | Lists all the system pool information |
| power-iaas.system-pools.read | Reads a system pool information |
Tenant events
The following events are to work with tenants in your Power Virtual Server instance.
| Action | Description |
|---|---|
| power-iaas.tenant.read | Reads a tenant |
| power-iaas.tenant-sshkey.read | Reads a tenant SSH Key |
| power-iaas.tenant-sshkey.create | Creates a tenant SSH Key |
| power-iaas.tenant-sshkey.update | Updates a tenant SSH Key |
| power-iaas.tenant-sshkey.delete | Deletes a tenant SSH Key |
List of events: Job
The following events are to work with jobs in your Power Virtual Server instance.
| Action | Description |
|---|---|
| power-iaas.job.list | Lists all the jobs |
| power-iaas.job.read | Reads a job |
| power-iaas.job.create | Creates a job |
| power-iaas.job.delete | Deletes a job |
List of events: Network ports
The following events are to work with network ports in your Power Virtual Server instance.
| Action | Description |
|---|---|
| power-iaas.port.list | Lists all the network ports |
| power-iaas.port.read | Reads a network port |
| power-iaas.port.create | Creates a network port |
| power-iaas.port.update | Updates a network port |
| power-iaas.port.delete | Deletes a network port |
List of events: SAP
The following events are to work with SAP in your Power Virtual Server instance.
| Action | Description |
|---|---|
| power-iaas.sap.list | Lists all the SAP information |
| power-iaas.sap.read | Reads a SAP information |
| power-iaas.sap.create | Creates a SAP PVM instance |
List of events: Cloud connections
The following events are to work with Cloud connections in your Power Virtual Server instance.
| Action | Description |
|---|---|
| power-iaas.cloud-connection.list | Lists all the cloud connections |
| power-iaas.cloud-connection.read | Reads a cloud connection |
| power-iaas.cloud-connection.create | Creates a cloud connection |
| power-iaas.cloud-connection.update | Updates a cloud connection |
| power-iaas.cloud-connection.delete | Deletes a cloud connection |
List of events: Placement groups
The following events are to work with placement groups in your Power Virtual Server instance.
| Action | Description |
|---|---|
| power-iaas.placement-groups.list | Lists all the placement groups |
| power-iaas.placement-groups.read | Reads a placement group |
| power-iaas.placement-groups.create | Creates a placement group |
| power-iaas.placement-groups.update | Updates a placement group |
| power-iaas.placement-groups.delete | Deletes a placement group |
List of events: IKE policy
The following events are to work with IKE policy in your Power Virtual Server instance.
| Action | Description |
|---|---|
| power-iaas.ike-policy.list | Lists all the IKE policies |
| power-iaas.ike-policy.read | Reads an IKE policy |
| power-iaas.ike-policy.create | Creates an IKE policy |
| power-iaas.ike-policy.update | Updates an IKE policy |
| power-iaas.ike-policy.delete | Deletes an IKE policy |
List of events: IPsec policy
The following events are to work with IPsec policy in your Power Virtual Server instance.
| Action | Description |
|---|---|
| power-iaas.ipsec-policy.list | Lists all the IPsec policies |
| power-iaas.ipsec-policy.read | Reads an IPsec policy |
| power-iaas.ipsec-policy.create | Creates an IPsec policy |
| power-iaas.ipsec-policy.update | Updates an IPsec policy |
| power-iaas.ipsec-policy.delete | Deletes an IPsec policy |
List of events: VPN connection
The following events are to work with VPN Connection in your Power Virtual Server instance.
| Action | Description |
|---|---|
| power-iaas.vpn-connection.list | Lists all the VPN connections |
| power-iaas.vpn-connection.read | Reads a VPN connection |
| power-iaas.vpn-connection.create | Creates a VPN connection |
| power-iaas.vpn-connection.update | Updates a VPN connection |
| power-iaas.vpn-connection.delete | Deletes a VPN connection |
Viewing events
Events are automatically forwarded to North America, Europe, Tokyo, or Sydney geographic locations. You can access the IBM Cloud Logs as follows:
- All North America and South America data centers from Dallas.
- All Europe data centers from Frankfurt.
- All Sydney data center from Sydney, and
- All Japan data center from Tokyo.
IBM Cloud Logs sample response format
The response format that is used in IBM Cloud Logs adheres to the CADF (Cloud Auditing Data Federation) standard. Hence, auditing events can be collected and routed in a standardized format, ensuring consistency and interoperability across different cloud platforms.
The CADF standard is significant in auditing security in cloud environments. It defines a comprehensive event model that includes the necessary information for certifying, managing, and auditing the security of applications and services in the cloud.
The following code snippet shows the response format.
{
"logSourceCRN": "crn:v1:bluemix:public:power-iaas:us-east:a/xxxxxxxxxxxxxxxxxxxx:yyyyyyyyyyyyyyyyyyyyyy::",
"saveServiceCopy": true,
"dataEvent": false,
"outcome": "success",
"eventTime": "2022-06-30T03:12:49.63+0000",
"action": "power-iaas.tenant.read",
"correlationId": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
"severity": "normal",
"initiator": {
"id": "IBMid-xxxxxxxxxx",
"name": "xxxxm@us.ibm.com",
"typeURI": "service/security/account/user",
"authnId": "",
"authnName": "",
"host": {
"agent": "PostmanRuntime/7.28.4",
"address": "127.0.0.1",
"addressType": "IPv4"
},
"credential": {
"type": "user"
}
},
"target": {
"id": "crn:v1:bluemix:public:power-iaas:us-east:a/xxxxxxxxxxxxxxxxxxxx:yyyyyyyyyyyyyyyyyyyyyy::",
"name": "testName",
"typeURI": "power-iaas/tenant",
"resourceGroupId": "crn:v1:bluemix:public:resource-controller::a/xxxxxxxxxxxxxxxxxxxx::resource-group:zzzzzzzzzzzzzzzzzzzzzzz"
},
"reason": {
"reasonCode": 200,
"reasonType": "OK"
},
"requestData": null,
"responseData": {
"cloudInstances": [
{
"capabilities": [],
"cloudInstanceID": "yyyyyyyyyyyyyyyyyyyyyy",
"enabled": true,
"href": "/pcloud/v1/cloud-instances/yyyyyyyyyyyyyyyyyyyyyy",
"initialized": false,
"name": "testName",
"region": "us-east"
}
],
"creationDate": "2019-05-21T21:32:00.746Z",
"enabled": true,
"sshKeys": [],
"tenantID": "xxxxxxxxxxxxxxxxxxxx"
},
"message": "Power Virtual Server: read tenant xxxxxxxxxxxxxxxxxxxx ",
"observer": {
"name": "IBM Cloud Logs"
}
}
IBM Cloud Logs regions
You can create an IBM Cloud Logs instance and provision it in the same region where your data center is located.
The Power Virtual Server workspaces that runs in various regions or data centers sends events to IBM Cloud Logs instances in their respective regions. You must create and provision instances of IBM Cloud Logs in the respective regions where your workspaces reside for continued access to Power Virtual Server IBM Cloud Logs events. If you want to export IBM Cloud Logs data, see Exporting data.
The following table shows the data center and its corresponding regions where you can deploy an IBM Cloud Logs instance:
| Datacenter | Current IBM Cloud Logs region | New IBM Cloud Logs region |
|---|---|---|
WDC04 |
us-south | us-east |
WDC06 |
us-south | us-east |
WDC07 |
us-south | us-east |
MON01 |
us-south | ca-tor |
TOR04 |
us-south | ca-tor |
SAO01 |
us-south | br-sao |
SAO04 |
us-south | br-sao |
LON04 |
eu-de | eu-gb |
LON06 |
eu-de | eu-gb |
OSA21 |
jp-tok | jp-osa |