Okta

Download 12
Last updated Oct 12, 2024

okta-system-logs

Get system logs from Okta service.

okta-system-logs [profile=PROFILE] [filter=FILTER] [duration=NUM{mon|w|d|h|m|s}] [from=yyyyMMddHHmmss] [to=yyyyMMddHHmmss]
profile=PROFILE
Okta connect profile code
filter=FILTER
e.g. transaction.detail.requestApiTokenId eq "00T94e3cn9kSEO3c51s5"
duration=NUM{mon|w|d|h|m|s}
Scan only recent data. You should use s(second), m(minute), h(hour), d(day), mon(month) time unit.
from=yyyyMMddHHmmss
Start time of range. yyyyMMddHHmmss format.
to=yyyyMMddHHmmss
End time of range. yyyyMMddHHmmss format.

Output Fields

FieldTypeNameDescription
_timeDatePublished time
profileStringConnect profileOkta connect profile code
severityStringSeveritye.g. DEBUG, INFO, WARN, ERROR
src_ipIP addressSource ip
actor_typeStringActor typee.g. User, PublicClientApp, SystemPrincipal
userStringUsere.g. demo@logpresso.com
event_typeStringEvent typee.g. user.authentication.verify
msgStringmessagee.g. Verify user identity
target_namesStringTarget namese.g. Password, Okta Dashboard
resultStringResulte.g. SUCCESS, FAILURE, SKIPPED, ALLOW, DENY, CHALLENGE
reasonStringReasone.g. INVALID_CREDENTIALS, VERIFICATION_ERROR
user_agentStringUser agente.g. Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
os_nameStringOS namee.g. Windows 10, Mac OS X, Mac OS X (iPhone), iOS, Android, Unknown
browserStringBrowsere.g. IE11, CHROME, SAFARI, UNKNOWN
uuidStringUUID
actorMapActorThe actor field value in REST API response.
targetMapTargetThe target field value in REST API response.
clientMapClientThe client field value in REST API response.
requestMapRequestThe request field value in REST API response.
transactionMapTransactionThe transaction field value in REST API response.
debug_contextMapDebug contextThe debugContext field value in REST API response.
auth_contextMapAuthentication contextThe authenticationContext field value in REST API response.
security_contextMapSecurity contextThe securityContext field value in REST API response.