Administer log forwarding FAQs and best practices
Okta recommends using a port number greater then 2048. Many operating systems have access restrictions on ports with values less then 2048. While port numbers lower then 2048 may work, they should be avoided when possible.
Frequently Asked Questions
The frequency of log events depends on the activity in Access Gateway in one of the covered areas.
For example, AUDIT events occur only when an application is accessed. If there are no current application accesses, then no events will occur. Similarly, MONITOR events occur when a change is made to an Access Gateway configuration. For example application updates, configuration of data stores, or similar changes. . If no changes are being made, then no monitor events will occur.
No, once configured Access Gateway immediately begins to send out events, as they occur.
From a log forwarding perspective, yes, Access Gateway does not cache events. When there is no recipient for the event stream, in this case Gray Log, the events are dropped. However, you can still download the logs for the time period where events were missing. See Download logs.
I've changed the log verbosity, yet I still see all events in my log forwarder.
Changing verbosity on log download has no effect on log levels and events sent to log forwarders. All log events are always sent to log forwarders regardless of logging level. Configure a remote filter to remove unwanted log events on the log forwarder itself.