System Log

Accessing the System Log

Open the full System Log by navigating to Reports > System Log. The System Log displays all events for the last 7 days with default filters.

A System Log panel on the main Reports page provides links to the System Log with pre-defined filters. For example, clicking on the AgentA software agent is a lightweight program that runs as a service outside of Okta. It is typically installed behind a firewall and allows Okta to tunnel communication between an on-premises service and Okta's cloud service. Okta employs several agent types: Active Directory, LDAP, RADIUS, RSA, Active Directory Password Sync, and IWA. For example, users can install multiple Active Directory agents to ensure that the integration is robust and highly available across geographic locations. Activity link will open the System Log displaying only data about Agent Activity events. Clicking System Log at the top of the list displays all logged events for the last 7 days with default filters.

System Log Graphs

The system log displays the following bar graphs about your chosen events:

  • Count of events over time
  • Count of events by category - Click this link to expand the following graphs:
    • Count of events per target
    • Count of events per actor
    • Count of events per event type

For more information about a data point, hover over any of the bars in the graphs. Narrow the time range of a graph by dragging your mouse over the bars to grab the range you are interested in.

Events Table

This table lists all events and includes the following information: Time, Actor, Event Info, and Targets.

  • You can click the right arrow on any row to display more data about that event.
  • You can click on any Event Info, Actor, or Target in the table, to filter events by that item.
  • You can download the entire table by clicking the Download CSV file link.
  • Use these buttons to toggle between the table view, and a geolocation view displaying events on a map:

Customizing Your System Log

Note: We have put together some custom queries you can view here: Useful Custom Log Queries.

You can customize your System Log by:

  • Date Range: Specify a start and end time range to filter the events displayed. The default is the preceding 7 days. Note : For optimum performance, search results are limited to a range of three months, specifying a longer range will result in an error.
  • Time Zone: Use the dropdown menu to select a time zone in which the system log events are displayed.
  • Search: There are two types of search:

    Click Reset Filters to clear any custom filters and return to a the default filters (all events over the last 7 days).

This is an Early Access feature. To enable it, please contact Okta Support.

Filter events by IP address

While viewing System Log events, Super or OrgThe Okta container that represents a real-world organization. admins may want to view all events by a specific IP address. Beside the IP address, click the Filter icon () to sort the event list.

Add an IP address to a Network Zone

It is possible to add an IP address that appears in a System Log event to an existing Network Zone. This saves you time, eliminating the need to copy the IP address and navigate to the Network menu. You must have Super or Org adminAn abbreviation of administrator. This is the individual(s) who have access to the Okta Administrator Dashboard. They control the provisioning and deprovisioning of end users, the assigning of apps, the resetting of passwords, and the overall end user experience. Only administrators have the Administration button on the upper right side of the My Applications page. permissions to do this.

To add an IP address to a network zone while viewing the System Log:

  1. Locate the event and IP address in the System Log.
  2. Click on the More icon ( ) and Add to zone.
  3. In the Add to IP zone dialog fill the following:
    • Add to zone — Select which network zone to add the IP address to.
    • IP type — Select from Proxy or Gateway.
  4. Click Save.

 

Top