Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Next »

Introduction

The tags beginning with gateway.okta identify events generated by Okta Access Gateway logs.

Valid tags and data tables

The full tag must have four levels. The first three are fixed as gateway.okta.oag. The fourth level indicates the event subtype.

These are the valid tags and corresponding data tables that will receive the parsers' data:

Product / Service

Tags

Data tables

gateway.okta.oag.access

gateway.okta.oag.access

gateway.okta.oag.audit

gateway.okta.oag.audit

gateway.okta.oag.monitor

gateway.okta.oag.monitor

For more information, read more about Devo tags.

Table structure

These are the fields displayed in these tables:

Field

Type

Extra field

Source field name

eventdate

timestamp

rawHostName

str

rawHostIp

str

rawMessage

str

message

hostchain

str

tag

str

TIMESTAMP

timestamp

HOSTNAME

str

label

str

App_Hostname

str

Client_IP

ip4

Request

str

URL

str

HTTP_Status_Code

int8

Request_size

int8

HTTP_Referrer

str

User_Agent

str

X_Forwarded_For

str

Request_Time

float8

Response_Time

float8

Field

Type

Extra field

Source field name

eventdate

timestamp

rawHostName

str

rawHostIp

str

rawMessage

str

message

hostchain

str

tag

str

TIMESTAMP

timestamp

HOSTNAME

str

APPLICATION

str

SUB_PROCESS

str

COMPONENT

str

SUB_COMPONENT

str

LOG_LEVEL

str

EVENT

str

STRUCTURED_DATA

str

NAME

str

DOMAIN

str

TYPE

str

RESULT

str

REASON

str

SESSION_ID

str

RESOURCE

str

METHOD

str

POLICY

str

POLICY_TYPE

str

DURATION

str

APP

str

APP_TYPE

str

APP_DOMAIN

str

REMOTE_IP

str

USER_AGENT

str

USERNAME

str

USER

str

SOURCE

str

ACTION

str

REALM

str

SUBJECT

str

STATUS

str

MESSAGE

str

Field

Type

Extra field

Source field name

eventdate

timestamp

rawHostName

str

rawHostIp

str

rawMessage

str

message

hostchain

str

tag

str

TIMESTAMP

timestamp

HOSTNAME

str

APPLICATION

str

SUB_PROCESS

str

COMPONENT

str

LOG_LEVEL

str

EVENT

str

STRUCTURED_DATA

str

STATUS

str

DU_HOSTNAME

str

FILESYSTEM

str

MOUNT

str

USAGE

str

CACHE_SIZE

int8

CURRENT_USAGE

int8

USAGE_PERCENT

str

USER

str

EXPIRY

str

SERVICE

str

NAME

str

UUID

str

MESSAGE

str

  • No labels