Document toolboxDocument toolbox

gateway.okta

Introduction

The tags beginning with gateway.okta identify events generated by Okta Access Gateway logs.

Valid tags and data tables

The full tag must have four levels. The first three are fixed as gateway.okta.oag. The fourth level indicates the event subtype.

These are the valid tags and corresponding data tables that will receive the parsers' data:

Product / Service

Tags

Data tables

Product / Service

Tags

Data tables

Okta Access Gateway

gateway.okta.oag.access

gateway.okta.oag.access

gateway.okta.oag.audit

gateway.okta.oag.audit

gateway.okta.oag.monitor

gateway.okta.oag.monitor

For more information, read more about Devo tags.

Table structure

These are the fields displayed in these tables:

gateway.okta.oag.access

Field

Type

Extra field

Source field name

Field

Type

Extra field

Source field name

eventdate

timestamp

 

 

rawHostName

str

✓

 

rawHostIp

str

✓

 

rawMessage

str

✓

message

hostchain

str

✓

 

tag

str

✓

 

TIMESTAMP

timestamp

✓

 

HOSTNAME

str

✓

 

label

str

✓

 

App_Hostname

str

✓

 

Client_IP

ip4

✓

 

Request

str

✓

 

URL

str

✓

 

HTTP_Status_Code

int8

✓

 

Request_size

int8

✓

 

HTTP_Referrer

str

✓

 

User_Agent

str

✓

 

X_Forwarded_For

str

✓

 

Request_Time

float8

✓

 

Response_Time

float8

✓

 

gateway.okta.oag.audit

Field

Type

Extra field

Source field name

Field

Type

Extra field

Source field name

eventdate

timestamp

 

 

rawHostName

str

✓

 

rawHostIp

str

✓

 

rawMessage

str

✓

message

hostchain

str

✓

 

tag

str

✓

 

TIMESTAMP

timestamp

✓

 

HOSTNAME

str

✓

 

APPLICATION

str

✓

 

SUB_PROCESS

str

✓

 

COMPONENT

str

✓

 

SUB_COMPONENT

str

✓

 

LOG_LEVEL

str

✓

 

EVENT

str

✓

 

STRUCTURED_DATA

str

✓

 

NAME

str

✓

 

DOMAIN

str

✓

 

TYPE

str

✓

 

RESULT

str

✓

 

REASON

str

✓

 

SESSION_ID

str

✓

 

RESOURCE

str

✓

 

METHOD

str

✓

 

POLICY

str

✓

 

POLICY_TYPE

str

✓

 

DURATION

str

✓

 

APP

str

✓

 

APP_TYPE

str

✓

 

APP_DOMAIN

str

✓

 

REMOTE_IP

str

✓

 

USER_AGENT

str

✓

 

USERNAME

str

✓

 

USER

str

✓

 

SOURCE

str

✓

 

ACTION

str

✓

 

REALM

str

✓

 

SUBJECT

str

✓

 

STATUS

str

✓

 

MESSAGE

str

✓

 

gateway.okta.oag.monitor

Field

Type

Extra field

Source field name

Field

Type

Extra field

Source field name

eventdate

timestamp

 

 

rawHostName

str

✓

 

rawHostIp

str

✓

 

rawMessage

str

✓

message

hostchain

str

✓

 

tag

str

✓

 

TIMESTAMP

timestamp

✓

 

HOSTNAME

str

✓

 

APPLICATION

str

✓

 

SUB_PROCESS

str

✓

 

COMPONENT

str

✓

 

LOG_LEVEL

str

✓

 

EVENT

str

✓

 

STRUCTURED_DATA

str

✓

 

STATUS

str

✓

 

DU_HOSTNAME

str

✓

 

FILESYSTEM

str

✓

 

MOUNT

str

✓

 

USAGE

str

✓

 

CACHE_SIZE

int8

✓

 

CURRENT_USAGE

int8

✓

 

USAGE_PERCENT

str

✓

 

USER

str

✓

 

EXPIRY

str

✓

 

SERVICE

str

✓

 

NAME

str

✓

 

UUID

str

✓

 

MESSAGE

str

✓

Â