Accessing the System Log
Open the full System Log by navigating to Reports > System Log. The System Log displays all events for the last 7 days with default filters.
A System Log panel on the main Reports page provides links to the System Log with pre-defined filters. For example, clicking on the AgentA software agent is a lightweight program that runs as a service outside of Okta. It is typically installed behind a firewall and allows Okta to tunnel communication between an on-premises service and Okta's cloud service. Okta employs several agent types: Active Directory, LDAP, RADIUS, RSA, Active Directory Password Sync, and IWA. For example, users can install multiple Active Directory agents to ensure that the integration is robust and highly available across geographic locations. Activity link will open the System Log displaying only data about Agent Activity events. Clicking System Log at the top of the list displays all logged events for the last 7 days with default filters.
System Log Graphs
The system log displays the following bar graphs about your chosen events:
- Count of events over time
- Count of events by category - Click this link to expand the following graphs:
- Count of events per target
- Count of events per actor
- Count of events per event type
For more information about a data point, hover over any of the bars in the graphs. Narrow the time range of a graph by dragging your mouse over the bars to grab the range you are interested in.
This table lists all events and includes the following information: Time, Actor, Event Info, and Targets.
- You can click the right arrow on any row to display more data about that event.
- You can click on any Event Info, Actor, or Target in the table, to filter events by that item.
- You can download the entire table by clicking the Download CSV file link.
Use these buttons to toggle between the table view, and a geolocation view displaying events on a map:
Customizing Your System Log
Note: We have put together some custom queries you can view here: Useful Custom Log Queries.
You can customize your System Log by:
- Date Range: Specify a start and end time range to filter the events displayed. The default is the preceding 7 days. Note : For optimum performance, search results are limited to a range of three months, specifying a longer range will result in an error.
- Time Zone: Use the dropdown menu to select a time zone in which the system log events are displayed.
Search: There are two types of search:
- Basic: Enter a string to search all events within the specified time range. To do a basic search, type your search string, then click enter, or the search icon.
Advanced: Advanced search allows you to do a structured search based on the various fields of the events.
To perform an advanced search: Click Advanced Filter, then enter your selection criteria then click Apply Filter.
This is an Early AccessEarly Access (EA) features are opt-in features that you can try out in your org by asking Okta Support to enable them. Additionally, the Features page in the Okta Admin Console (Settings > Features) allows Super Admins to enable and disable some EA features themselves. feature. To enable it, please contact Okta Support.
Saved Searches: You can save and reuse searches. After performing a System Log search, a Save button appears next to the query. Click Save and you are prompted to name your search. Once saved, your named search appears on the main Reports page. You can reuse your saved search, modify it, or delete it. Note that saved searches can only be seen by the user who created them. A maximum of 10 searches can be saved at any time.
Click Reset Filters to clear any custom filters and return to a the default filters (all events over the last 7 days).
This is an Early Access feature. To enable it, please contact Okta Support.
Filter events by IP address
While viewing System Log events, Super or OrgThe Okta container that represents a real-world organization. admins may want to view all events by a specific IP address. Beside the IP address, click the Filter icon () to sort the event list.
Add an IP address to a Network Zone
It is possible to add an IP address that appears in a System Log event to an existing Network Zone. This saves you time, eliminating the need to copy the IP address and navigate to the Network menu. You must have Super or Org adminAn abbreviation of administrator. This is the individual(s) who have access to the Okta Administrator Dashboard. They control the provisioning and deprovisioning of end users, the assigning of apps, the resetting of passwords, and the overall end user experience. Only administrators have the Administration button on the upper right side of the My Applications page. permissions to do this.
To add an IP address to a network zone while viewing the System Log:
- Locate the event and IP address in the System Log.
- Click on the More icon ( ) and Add to zone.
- In the Add to IP zone dialog fill the following:
- Add to zone — Select which network zone to add the IP address to.
- IP type — Select from Proxy or Gateway.
- Click Save.