Versions Compared

Old Version 4

changes.mady.by.user Anthony Shevlin

Saved on

compared with

New Version 5

changes.mady.by.user Anthony Shevlin

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents
maxLevel2
typeflat

...

Valid tags and data tables

The full tag must have four levels. The first three are fixed asgateway.okta.oag. The fourth level indicates the event subtype.

These are the valid tags and corresponding data tables that will receive the parsers' data:

Product / Service

Tags

Data tables

Okta Access Gateway

gateway.okta.oag.access

gateway.okta.oag.access

gateway.okta.oag.audit

gateway.okta.oag.audit

gateway.okta.oag.monitor

gateway.okta.oag.monitor

...

These are the fields displayed in these tables:

Anchor
tag1
tag1
gateway.okta.oag.access

Field

Type

Extra field

Source field name

eventdate

timestamp

rawHostName

str

rawHostIp

str

rawMessage

str

message

hostchain

str

tag

str

TIMESTAMP

timestamp

HOSTNAME

str

label

str

App_Hostname

str

Client_IP

ip4

Request

str

URL

str

HTTP_Status_Code

int8

Request_size

int8

HTTP_Referrer

str

User_Agent

str

X_Forwarded_For

str

Request_Time

float8

Response_Time

float8

Anchor
tag2
tag2
gateway.okta.oag.audit

Field

Type

Extra field

Source field name

eventdate

timestamp

rawHostName

str

rawHostIp

str

rawMessage

str

message

hostchain

str

tag

str

TIMESTAMP

timestamp

HOSTNAME

str

APPLICATION

str

SUB_PROCESS

str

COMPONENT

str

SUB_COMPONENT

str

LOG_LEVEL

str

EVENT

str

STRUCTURED_DATA

str

NAME

str

DOMAIN

str

TYPE

str

RESULT

str

REASON

str

SESSION_ID

str

RESOURCE

str

METHOD

str

POLICY

str

POLICY_TYPE

str

DURATION

str

APP

str

APP_TYPE

str

APP_DOMAIN

str

REMOTE_IP

str

USER_AGENT

str

USERNAME

str

USER

str

SOURCE

str

ACTION

str

REALM

str

SUBJECT

str

STATUS

str

MESSAGE

str

Anchor
tag3
tag3
gateway.okta.oag.monitor

Field

Type

Extra field

Source field name

eventdate

timestamp

rawHostName

str

rawHostIp

str

rawMessage

str

message

hostchain

str

tag

str

TIMESTAMP

timestamp

HOSTNAME

str

APPLICATION

str

SUB_PROCESS

str

COMPONENT

str

LOG_LEVEL

str

EVENT

str

STRUCTURED_DATA

str

STATUS

str

DU_HOSTNAME

str

FILESYSTEM

str

MOUNT

str

USAGE

str

CACHE_SIZE

int8

CURRENT_USAGE

int8

USAGE_PERCENT

str

USER

str

EXPIRY

str

SERVICE

str

NAME

str

UUID

str

MESSAGE

str