Versions Compared

Old Version 2

changes.mady.by.user Juan Tomás Alonso Nieto

Saved on

compared with

New Version 3

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents
maxLevel2
typeflat

...

Valid tags and data tables

The full tag must have four levels. The first three are fixed as gateway.okta.oag. The fourth level indicates the event subtype.

Technology

Brand

Type

Subtype

gateway

okta

oag

  • access

  • audit

  • monitor

These are the valid tags and corresponding data tables that will receive the parsers' data:

Tag

Data table

gateway.okta.oag.access

gateway.okta.oag.access

gateway.okta.oag.audit

gateway.okta.oag.audit

gateway.okta.oag.monitor

gateway.okta.oag.monitor

How is the data sent to Devo?

Logs generated by okta must be sent to the Devo platform via the Devo Relay to secure communication. See the required relay rules below:

Rw ui tabs macro
Rw tab
title gateway.okta.oag.access

Relay rule 1 - OAG05 Access log

  • Source Port → Any, excluding the reserved ports.

  • Source Message → ^(\S+\s+\S+\s+\w+\s+\S+\s+\S+\s+-\s+-\s+.*)

  • Target Tag → gateway.okta.oag.access

  • Target Message \m0

  • Select the Stop Processing checkbox.

Image RemovedImage Added

Rw tab
title gateway.okta.oag.audit

Relay rule 1 - OAG02 Check Host Check Connection

  • Source Port → Any, excluding the reserved ports.

  • Source Message → ^(\S+\s+\S+)\s+(CHECK_HOST|CHECK_CONNECTION)\s+(\S+)\s+(\S+)\s+(.*)

  • Target Tag → gateway.okta.oag.audit

  • Target Message \m1 ACCESS_GATEWAY \m2 \m3 - \m4 \m5

  • Select the Stop Processing checkbox.

Image RemovedImage Added

Relay rule 2- OAG02 Check Host Check Connection

  • Source Port → Any, excluding the reserved ports.

  • Source Message → ^(\S+\s+\S+)\s+(CHECK_HOST|CHECK_CONNECTION)\s+(\S+)\s+(\S+)\s+(.*)

  • Target Tag → gateway.okta.oag.audit

  • Target Message \m1 ACCESS_GATEWAY \m2 \m3 - \m4 \m5

  • Select the Stop Processing checkbox.

Image RemovedImage Added

Relay rule 3- OAG03 Log Download Status/ Log Prepare Operation admin console

  • Source Port → Any, excluding the reserved ports.

  • Source Message → ^(\S+\s+\S+)\s+(LOG_DOWNLOAD_STATUS|LOG_PREPARE_OPERATION|ADMIN_CONSOLE)\s+(\S+)\s+(\S+)\s+(.*)

  • Target Tag → gateway.okta.oag.audit

  • Target Message \m1 ACCESS_GATEWAY \m2 \m3 \m4 \m5

  • Select the Stop Processing checkbox.

Image RemovedImage Added

Relay rule 4- OAG04 Script

  • Source Port → Any, excluding the reserved ports.

  • Source Message → ^(\S+\s+\S+)\s+(SCRIPT)\s+(\S+)\s+(.*)

  • Target Tag → gateway.okta.oag.audit

  • Target Message \m1 ACCESS_GATEWAY \m2 - - \m3 \m4

  • Select the Stop Processing checkbox.

Image RemovedImage Added
Rw tab
title gateway.okta.oag.audit

Relay rule 1 - OAG00 OAG Monitor

  • Source Port → Any, excluding the reserved ports.

  • Source Message → ^(\S+\s+\S+\s+OAG_MONITOR\s+MONITOR\s+.*)

  • Target Tag → gateway.okta.oag.monitor

  • Target Message → \m0

  • Select the Stop Processing checkbox.

Image RemovedImage Added