Access Gateway monitor log

Access Gateway monitor logs include information on the following events:

Before you begin

Event Fields

Field

Description

TIMESTAMP

The current system date and time.

HOSTNAME

The hostname of the node generating the event.

APPLICATION

OAG_MONITOR

SUB-PROCESS

MONITOR

COMPONENT

The component is one of the following:

  • CERT_CHECK
  • DISK_USAGE
  • KRB5
  • NGINX
  • SERVICE
  • SESSION_CACHE
  • STORE

LOG_LEVEL

The log level is one of the following:

  • TRACE
  • DEBUG
  • INFO
  • WARN
  • ERROR
  • FATAL

EVENT

The event is one of the following:

  • CONFIG_TEST
  • DISK_USAGE
  • MONITOR
  • SESSION_CACHE_USAGE
  • SSL_CERT_VALIDITY_CHECK
  • START
  • STOP
  • VALIDATE

STRUCTURED_DATA

Data related to the event that occurred is important for analysis and troubleshooting.

MESSAGE

The message that appears in the log.

CONFIG_TEST

The event is issued after testing the NGINX configuration.

Message

  • NGINX configuration is valid.

Example

  • 2020-04-02T08:02:01.348-05:00 example.myaccessgateway.com OAG_MONITOR MONITOR NGINX INFO CONFIG_TEST [STATUS="VALID"] NGINX configuration is valid.

Structured data

  • STATUS: VALID or INVALID.

DISK_USAGE

The event is issued after examining current disk usage and is checked once per hour per mount.

Message

  • Mount [device] is [x]% full.

Example

  • 2020-06-25T07:00:02.119-05:00 example.myaccessgateway.com OAG_MONITOR MONITOR DISK_USAGE INFO DISK_USAGE [FILESYSTEM="/dev/mapper/centos-root" MOUNT="/" USAGE="12%"] Mount / is 12% full

Structured data

  • FILESYSTEM: Filesystem of mount point.
  • MOUNT: Mount point.
  • USAGE: Mount point usage.

MONITOR KRB5

The event is issued after examining the Kerberos configuration and is checked once per hour.

Message

  • Kerberos not configured.
  • Kerberos is configured.

Example

  • 2020-04-02T08:00:02.043-05:00 example.myaccessgateway.com OAG_MONITOR MONITOR KRB5 INFO MONITOR [STATUS="VALID"] Kerberos not configured

Structured data

  • STATUS: File system of the mount point.

SESSION_CACHE_USAGE

The event is issued after examining session cache usage and is checked once per hour.

Message

  • Current session cache utilization is 0%.

Example

  • 2020-06-25T07:00:02.130-05:00 example.myaccessgateway.com OAG_MONITOR MONITOR SESSION_CACHE INFO SESSION_CACHE_USAGE [CACHE_SIZE="67108864" CURRENT_USAGE="17095" USAGE_PERCENT="0%"] Current session cache utilization is 0%.

Structured data

  • CACHE_SIZE: Total session cache size in MB.
  • CURRENT_USAGE: Session cache in use in MB.
  • USAGE_PERCENT: Percent of the cache currently in use.

SSL_CERT_VALIDITY_CHECK

The event is issued after examining certificates and is checked once per day.

Message

  • SSL Certificate is valid for more than 30 days.

Example

  • 2020-06-05T00:00:01.819-05:00 example.mysaccessgateway.com OAG_MONITOR MONITOR CERT_CHECK INFO SSL_CERT_VALIDITY_CHECK [USER="root" EXPIRY="20220603"] SSL Certificate is valid for more than 30 days.

Structured data

  • USER: Certificate owner.
  • EXPIRY: The date when the certificate expires.

START

The event is issued when an Access Gateway node is started, by service.

Message

  • Starting service. (Services include: okta-nginx, ebs-ssoagent, oag-admin, php-fpm, and others.)

Example

  • 2020-03-27T21:19:24.158-05:00 example.myaccessgateway.com OAG_MONITOR MONITOR SERVICE INFO START [SERVICE="oag-admin"] Starting oag-admin.

Structured data

  • SERVICE: The name of the service being started.

STOP

The event is issued when an Access Gateway node is stopped, by service.

Message

  • Stopping service. (Services include: okta-nginx, ebs-ssoagent, oag-admin, php-fpm, and others.)

Example

  • 2020-03-27T21:20:11.797-05:00 example.myaccessgateway.com OAG_MONITOR MONITOR SERVICE INFO STOP [SERVICE="oag-admin"] Stopping oag-admin.

Structured data

  • SERVICE: The name of the service being stopped.

VALIDATE

The event is issued once per hour, per data store or authentication context.

Message

  • None

Example

  • 2020-06-23T02:10:01.762-05:00 example.myaccessgateway.com OAG_MONITOR MONITOR STORE INFO VALIDATE [NAME="LDAP Datastore" STATUS="passed"].

Structured data

  • NAME: The name of the service being validated.
  • STATUS: Passed or failed.

Logs generated

By default there are two data stores in Access Gateway. This results in generating four logs every hour. These are the names of the logs:

  • oag.support.lab OAG_MONITOR MONITOR STORE INFO VALIDATE [NAME="App Context" STATUS="passed"]
  • oag.support.lab OAG_MONITOR MONITOR STORE INFO VALIDATE [NAME="Auth Context" STATUS="passed"]
  • oag.support.lab OAG_MONITOR MONITOR STORE INFO VALIDATE [NAME="auth" STATUS="passed"]
  • oag.support.lab OAG_MONITOR MONITOR STORE INFO VALIDATE [NAME="spgw" STATUS="passed"]