...
Valid tags and data tables
The full tag must have four levels. The first three are fixed as gateway.okta.oag. The fourth level indicates the event subtype.
Technology | Brand | Type | Subtype |
---|
gateway | okta | oag | |
These are the valid tags and corresponding data tables that will receive the parsers' data:
Tag | Data table |
---|
gateway.okta.oag.access | gateway.okta.oag.access |
gateway.okta.oag.audit | gateway.okta.oag.audit |
gateway.okta.oag.monitor | gateway.okta.oag.monitor |
How is the data sent to Devo?
Logs generated by okta must be sent to the Devo platform via the Devo Relay to secure communication. See the required relay rules below:
Rw ui tabs macro |
---|
Rw tab |
---|
title | gateway.okta.oag.access |
---|
|
Relay rule 1 - OAG05 Access logSource Port → Any, excluding the reserved ports. Source Message → ^(\S+\s+\S+\s+\w+\s+\S+\s+\S+\s+-\s+-\s+.*) Target Tag → gateway.okta.oag.access Target Message → \m0 Select the Stop Processing checkbox. Image RemovedImage Added Rw tab |
---|
title | gateway.okta.oag.audit |
---|
|
Relay rule 1 - OAG02 Check Host Check ConnectionSource Port → Any, excluding the reserved ports. Source Message → ^(\S+\s+\S+)\s+(CHECK_HOST|CHECK_CONNECTION)\s+(\S+)\s+(\S+)\s+(.*) Target Tag → gateway.okta.oag.audit Target Message → \m1 ACCESS_GATEWAY \m2 \m3 - \m4 \m5 Select the Stop Processing checkbox. Image RemovedImage AddedRelay rule 2- OAG02 Check Host Check ConnectionSource Port → Any, excluding the reserved ports. Source Message → ^(\S+\s+\S+)\s+(CHECK_HOST|CHECK_CONNECTION)\s+(\S+)\s+(\S+)\s+(.*) Target Tag → gateway.okta.oag.audit Target Message → \m1 ACCESS_GATEWAY \m2 \m3 - \m4 \m5 Select the Stop Processing checkbox. Image RemovedImage AddedRelay rule 3- OAG03 Log Download Status/ Log Prepare Operation admin consoleSource Port → Any, excluding the reserved ports. Source Message → ^(\S+\s+\S+)\s+(LOG_DOWNLOAD_STATUS|LOG_PREPARE_OPERATION|ADMIN_CONSOLE)\s+(\S+)\s+(\S+)\s+(.*) Target Tag → gateway.okta.oag.audit Target Message → \m1 ACCESS_GATEWAY \m2 \m3 \m4 \m5 Select the Stop Processing checkbox. Image RemovedImage AddedRelay rule 4- OAG04 ScriptSource Port → Any, excluding the reserved ports. Source Message → ^(\S+\s+\S+)\s+(SCRIPT)\s+(\S+)\s+(.*) Target Tag → gateway.okta.oag.audit Target Message → \m1 ACCESS_GATEWAY \m2 - - \m3 \m4 Select the Stop Processing checkbox. Image RemovedImage Added Rw tab |
---|
title | gateway.okta.oag.audit |
---|
|
Relay rule 1 - OAG00 OAG MonitorSource Port → Any, excluding the reserved ports. Source Message → ^(\S+\s+\S+\s+OAG_MONITOR\s+MONITOR\s+.*) Target Tag → gateway.okta.oag.monitor Target Message → \m0 Select the Stop Processing checkbox. Image RemovedImage Added |