okta-system-logs
Get system logs from Okta service.
okta-system-logs [profile=PROFILE] [filter=FILTER] [duration=NUM{mon|w|d|h|m|s}] [from=yyyyMMddHHmmss] [to=yyyyMMddHHmmss]
- profile=PROFILE
- Okta connect profile code
- filter=FILTER
- e.g. transaction.detail.requestApiTokenId eq "00T94e3cn9kSEO3c51s5"
- duration=NUM{mon|w|d|h|m|s}
- Scan only recent data. You should use s(second), m(minute), h(hour), d(day), mon(month) time unit.
- from=yyyyMMddHHmmss
- Start time of range. yyyyMMddHHmmss format.
- to=yyyyMMddHHmmss
- End time of range. yyyyMMddHHmmss format.
Output Fields
| Field | Type | Name | Description |
|---|---|---|---|
| _time | Date | Published time | |
| profile | String | Connect profile | Okta connect profile code |
| severity | String | Severity | e.g. DEBUG, INFO, WARN, ERROR |
| src_ip | IP address | Source ip | |
| actor_type | String | Actor type | e.g. User, PublicClientApp, SystemPrincipal |
| user | String | User | e.g. demo@logpresso.com |
| event_type | String | Event type | e.g. user.authentication.verify |
| msg | String | message | e.g. Verify user identity |
| target_names | String | Target names | e.g. Password, Okta Dashboard |
| result | String | Result | e.g. SUCCESS, FAILURE, SKIPPED, ALLOW, DENY, CHALLENGE |
| reason | String | Reason | e.g. INVALID_CREDENTIALS, VERIFICATION_ERROR |
| user_agent | String | User agent | e.g. Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko |
| os_name | String | OS name | e.g. Windows 10, Mac OS X, Mac OS X (iPhone), iOS, Android, Unknown |
| browser | String | Browser | e.g. IE11, CHROME, SAFARI, UNKNOWN |
| uuid | String | UUID | |
| actor | Map | Actor | The actor field value in REST API response. |
| target | Map | Target | The target field value in REST API response. |
| client | Map | Client | The client field value in REST API response. |
| request | Map | Request | The request field value in REST API response. |
| transaction | Map | Transaction | The transaction field value in REST API response. |
| debug_context | Map | Debug context | The debugContext field value in REST API response. |
| auth_context | Map | Authentication context | The authenticationContext field value in REST API response. |
| security_context | Map | Security context | The securityContext field value in REST API response. |