Cloud Platform as a Service

Cloud Platform as a Service

Join us to learn more from a community of collaborative experts and IBM Cloud product users to share advice and best practices with peers and stay up to date regarding product enhancements, regional user group meetings, webinars, how-to blogs, and other helpful materials.

 View Only

Migrating your Activity Tracker instances to Cloud Logs

By Marisa Lopez de Silanes posted Wed March 05, 2025 03:52 PM

  

As of 28 March 2024, the IBM Cloud Activity Tracker service is deprecated and will no longer be supported as of 30 March 2025. Customers will need to migrate to IBM Cloud Logs before 30 March 2025 to keep receiving activity tracking data. In this blog post, we'll explore how to migrate your Activity Tracker instances to IBM Cloud Logs quickly by using a central model, where all activity tracking events in your account are collected in 1 Cloud Logs instance.

Important information before you start

With IBM Cloud Logs, you are no longer limited to provisioning instances for each region where you operate. You can now have all activity tracking events, including the global ones, in a single IBM Cloud Logs instance that can be in any of the regions supported by IBM Cloud Logs. If this central model is not what you want, you can continue to have IBM Cloud Logs instances in each region where you operate.

In addition to provisioning IBM Cloud Logs instances, you must also configure IBM Cloud Activity Tracker Event Routing to take control in your account and define where activity tracking global and location-based events are routed. Activity tracking events are auditing events and are critical data for security operations and a key element for meeting compliance requirements.

IBM Cloud Activity Tracker Event Routing, a platform service, is used to manage auditing events at the account-level. For each account, you must configure targets and routes that define where auditing data is sent. Activity Tracker Event Routing routes events that are generated in supported regions. For more information about IBM Cloud Activity Tracker Event Routing, see About Activity Tracker Event Routing.

You might have compliance requirements that require you to keep activity tracking events for a period of time. The days or years that you must keep the data might be regulated by the industry, market, or by your company. To archive the data for the long-term, you must configure an IBM Cloud Object Storage bucket and attach it to your IBM Cloud Logs instance.  Control of the storage location of this data is critical to building enterprise-grade solutions on the IBM Cloud. For example, you might need to maintain this data in a specific region or location for regulatory reasons.

While you can store other log data with activity tracking events in the same IBM Cloud Logs instance, it is recommended to separate log and event data into different IBM Cloud Logs instances and have dedicated IBM Cloud Logs instances for activity tracking events. Why? Activity tracking events are auditing security events that can have different storage and access requirements. For example, you might need to keep audit events for a year, but regular operational logs for 3 months. If you put both types of data into the same IBM Cloud Logs instance, you would need to keep your operational logs for a year too.

Steps to migrate

Before you start

Make sure you have the IBM Cloud Identity and Access Management (IAM) permissions that are required to successfully migrate your IBM Cloud Activity Tracker instances configuration to IBM Cloud Logs.

You must have permissions in the resource groups where you plan to create resources with the Migration tool.

If you have the IAM permission to create policies and authorizations, you can grant only the level of access that you have as a user of the target service. For example, if you have viewer access for the target service, you can assign only the viewer role for the authorization. If you attempt to assign a higher permission such as administrator, it might appear that permission is granted, however, only the highest level permission you have for the target service, that is viewer, will be assigned.

Step 1: Provision an IBM Cloud Logs instance

    1.  Log in to your IBM Cloud account. After you log in, the IBM Cloud UI opens.
    2. Click the Menu icon > Observability to access the Observability dashboard.
    3. Click Logging > Instances. You might need to click the Cloud Logs tab to see your IBM Cloud Logs instances.
    4. Click Create.
    5. Select the required service for your instance.
    6. Select the location where you plan to provision the instance.
    7. Enter a name for the service instance.
    8. Select a resource group.
      • By default, the default resource group is set.
      • Note: If you are not able to select a resource group, check that you have editing permissions on the resource group where you want to provision the instance.
    9. Select the Standard service plan. Choose a retention plan. Valid values are 7 days, 14 days, 30 days, 60 days or 90 days. 
      • By default, the Standard plan is set.
    10. Click Create. After you provision an instance, the UI opens.

Step 2: Define an authorization between IBM Cloud Activity Tracker Event Routing and the Cloud Logs instance that you just created

    1. In the IBM Cloud console, click Manage > Access (IAM), and select Authorizations.
    2. Click Create.
    3. Select This account as the source account.
    4. Select Activity Tracker Event Routing as the source service. Then, set the scope of the access to All resources.
    5. Select Cloud Logs as the target service. Then, set the scope of the access. To grant access to a specific instance, select single instance by configuring Resources based on selected attributes > Service Instance
    6. In the Service Access section, select Sender to assign IBM Cloud Activity Tracker Event Routing access to the bucket. 
    7. Click Authorize

Step 3: Configure IBM Cloud Activity Tracking to continue receiving events in your Activity Tracker instances

OBSERVATION: You can skip this step is you just want to collect activity tracking events in the new Cloud Logs instance.

To continue receiving activity tracking events in your existing Activity Tracker instances in parallel to your IBM Cloud Logs instances, you must configure IBM Cloud Activity Tracker Event Routing targets and rules referencing your existing Activity Tracker instances.

Configure 1 Activity Tracker target for each Activity Tracker instance in the account

  1. In the Observability UI, select  Activity Tracker > Routing.
  2. Select Targets.
  3. Click Create to open the create panel. Then, choose type. Select Activity Tracker.
  4. Choose destination: Pick Search by instance and select an IBM Cloud Activity Tracker instance from the table.
  5. Select the ingestion key for the targeted IBM Cloud Activity Tracker instance.
  6. Enter a meaningful name for the target.
  7. Click Create target.

After you configure targets for each region where you have an Activity Tracker instance, you should see something like:

Configure a route for Activity Tracker instances

You must configure 1 route that includes the rules that describe how events are routed in each region. For more information, see Create the route with rules that map your current Activity Tracker instance location.
  1. In the Observability UI, select  Activity Tracker > Routing.
  2. Select Routes.
  3. Click Create to open the create page.
  4. In Routing rules, modify Rule 1:
    • For an Activity Tracker instance in eu-de: select eu-de and global
    • For the rest of the supported regions, choose the same region.
    • For an Activity Tracker instance in Chennai, choose in-che.
  5. Click Next and enter a route name, for example, activity-tracking-account-route
  6. Click Create.

After you create the route, you will see:

For each region, you must launch the Activity Tracker dashboard and verify that events continue to be ingested.

Step 4: Configure IBM Cloud Activity Tracking to route data to Cloud Logs

Complete these steps to route activity tracking events to the Cloud Logs instance that you have provisioned.

Configure 1 target for the Cloud Logs instance

Configure the IBM Cloud Logs instance that you created as the destination target for activity tracking events.

  1. In the Observability UI, select  Activity Tracker > Routing.
  2. Select Targets.
  3. Click Create to open the create panel. Then, choose type. Select Cloud Logs.
  4. Choose destination: Pick Search by instance and select an IBM Cloud Logs instance from the table.
  5. Enter a meaningful name for the target.
  6. Click Create target.

After you configure targets for each region where you have an Activity Tracker instance, you should see something like:

Configure the route to define the rule that describes how events are routed in the account

  1. In the Observability UI, select  Activity Tracker > Routing.
  2. Select Routes.
  3. Click Create to open the create page.
  4. In Routing rules, modify Rule 1:
    • Send audit events from: Select All sources (wildcard) to collect all activity tracking events that are generated in the account.
    • To targets: Select a target that defines the IBM Cloud Logs instance that you created earlier.
  5. Click Next and enter a route name, for example, activity-tracking-account-route
  6. Click Create.

After you create the route, you will see:

2.    Verify that activity tracking events are ingested into your IBM Cloud Logs instance. Launch the Cloud Logs dashboard and check that you see events.

  F   For example, go to the Logs page.

       Select as Application ibm-audit-event.

 

    You should see in the Logs page something similar to:

    Step 4: Configure the IAM permissions

    You must configure the IAM permissions to allow users to work with the IBM Cloud Logs instance.

    See Getting started with IAM

    Summary

    You have provisioned an IBM Cloud Logs instance to collect all activity tracking events that are generated in the account. You have also configured the IBM Cloud Activity Tracker Event Routing to define the rules that define how to route events that are generated in the account.

    0 comments
    41 views

    Permalink

    https://community.ibm.com/community/user/blogs/marisa-lopez-de-silanes/2025/03/03/migrating-your-activity-tracker-instances-to-cloud