Accessing the System Log
Open the full System Log by navigating to Reports > System Log. The System Log displays all events for the last 7 days with default filters.
A System Log panel on the main Reports page provides links to the System Log with pre-defined filters. For example, clicking on the AgentA software agent is a lightweight program that runs as a service outside of Okta. It is typically installed behind a firewall and allows Okta to tunnel communication between an on-premises service and Okta's cloud service. Okta employs several agent types: Active Directory, LDAP, RADIUS, RSA, Active Directory Password Sync, and IWA. For example, users can install multiple Active Directory agents to ensure that the integration is robust and highly available across geographic locations. Activity link will open the System Log displaying only data about Agent Activity events. Clicking System Log at the top of the list displays all logged events for the last 7 days with default filters.
System Log Graphs
The system log displays the following bar graphs about your chosen events:
- Count of events over time
- Count of events by category - Click this link to expand the following graphs:
- Count of events per target
- Count of events per actor
- Count of events per event type
For more information about a data point, hover over any of the bars in the graphs. Narrow the time range of a graph by dragging your mouse over the bars to grab the range you are interested in.
This table lists all events and includes the following information: Time, Actor, Event Info, and Targets.
- You can click the right arrow on any row to display more data about that event.
- You can click on any Event Info, Actor, or Target in the table, to filter events by that item.
- You can download the entire table by clicking the Download CSV file link.
Use these buttons to toggle between the table view, and a geolocation view displaying events on a map:
Customizing Your System Log
Note: We have put together some custom queries you can view here: Useful Custom Log Queries.
You can customize your System Log by:
- Date Range: Specify a start and end time range to filter the events displayed. The default is the preceding 7 days. Note : For optimum performance, search results are limited to a range of six months, specifying a longer range will result in an error.
- Time Zone: Use the dropdown menu to select a time zone in which the system log events are displayed.
Search: There are two types of search:
- Basic: Enter a string to search all events within the specified time range. To do a basic search, type your search string, then click enter, or the search icon.
Advanced: Advanced search allows you to do a structured search based on the various fields of the events.
To perform an advanced search: Click Advanced Filter, then enter your selection criteria then click Apply Filter.
This is an Early Access feature. To enable it, please contact Okta Support.
Saved Searches: You can save and reuse searches. After performing a System Log search, a Save button appears next to the query. Click Save and you are prompted to name your search. Once saved, your named search appears on the main Reports page. You can reuse your saved search, modify it, or delete it. Note that saved searches can only be seen by the user who created them. A maximum of 10 searches can be saved at any time.
Click Reset Filters to clear any custom filters and return to a the default filters (all events over the last 7 days).