To ship Okta logs, you'll deploy a Docker container to collect the logs and forward them to Logz.io using Logstash. You can send logs from multiple Okta tenants and any okta domain.
Before you begin, you'll need: Okta administrator privileges
In the Okta developer console, navigate to API > Tokens. Create a token and paste it in your text editor.
Click the Authorization Servers tab. Copy your Okta domain from the Issuer URI column, and paste it in your text editor. In the following example, you'd have copied "dev-123456.okta.com".
To create the file run the following command as root and then open the file in your text editor:
mkdir /etc/logzio-okta && touch /etc/logzio-okta/tenants-credentials.yml
tenants_credentials:
- okta_api_key: <<OKTA-API-KEY>
okta_domain: <<OKTA-DOMAIN>>
This shipper supports up to 50 tenants. For multiple tenants, add your Okta API key and domain for each tenant.
See the following example:
tenants_credentials:
- okta_api_key: 123456a
okta_domain: logzio-dev-123.okta.com
- okta_api_key: 123456b
okta_domain: logzio-dev-123.okta.com
- okta_api_key: 123456c
okta_domain: logzio-dev-123.oktapreview.com
** Note that YAML files are sensitive to spaces and tabs. We recommend using a YAML validator to make sure that the file structure is correct.
For every tenant replace the parameters by:
Parameter | Description |
---|---|
OKTA_API_KEY | The Okta API key you copied in step 1. |
OKTA_DOMAIN | Insert your Okta domain that you copied in step 1 from the issuer URI column. Supports these Okta domains: example.oktapreview.com, example.okta.com, example.okta-emea.com |
To filter by tenants the logs have the field 'tenant_name'.
Save the file on your working directory (where you're running the docker from).
Download the logzio/logzio-okta image.
docker pull logzio/logzio-okta
Replace the placeholders in the code sample below before running it. Then run:
docker run \
--restart always \
--name Okta \
--env LOGZIO_TOKEN=<<SHIPPING-TOKEN>> \
--env LOGZIO_LISTENER_HOST=<<LISTENER-HOST>> \
-v /etc/logzio-okta/tenants-credentials.yml:/usr/share/logstash/tenants-credentials.yml \
-t logzio/logzio-okta
For Mac users: To fix issues with mounting files from root directory please add the path ‘/etc/logzio-okta’ to your Docker File Sharing. Click here for a guide on how to fix this issue - using docker desktop or manually edit your Docker configuration file. For more information about mounting files from root directory click here.
Parameter | Description |
---|---|
LOGZIO_TOKEN | Your Logz.io account token. |
LOGZIO_LISTENER_HOST | Logz.io listener URL to ship the logs to (for example, listener.logz.io). |
LOG_LEVEL (Optional) | Logstash Log Level (deafult: info ) |
Give your logs some time to get from your system to ours, and then open Kibana.
- 0.5.0:
- Upgrade Logstash to 7.17.20 (logstash bug fix).
- 0.4.0:
- Upgrade Logstash connection via port 5006 add certicifate for conenction
- 0.3.0:
- Upgrade Logstash to 7.17.1 (logstash bug fix).
- 0.2.0:
- Changed logstash.conf routing.
- Upgraded Logstash version 7.16.1.
- Changed yaml handler from
ruamel.yaml
topyyaml
. - Added ARM support.
- Upgraded image to use python3.
- 0.1.1:
- Added 'tenant_name' field to the logs
- 0.1.0:
- Sending logs from multiple Okta tenants
- Sending logs with from every kind of okta domain (not limited to 'okta.com')
- Note that 'okta_api_key' and 'okta_domain' are now being set in 'tenants-credentials.yml' and no longer as environment parameters.
- 0.0.2:
- Sending logs from Okta tenants