Accessing the System Log
Open the full System Log by navigating to Reports > System Log. The System Log displays all events for the last 7 days with default filters.
A System Log panel on the main Reports page provides links to the System Log with pre-defined filters. For example, clicking on the Agent Activity link will open the System Log displaying only data about Agent Activity events. Clicking System Log at the top of the list displays all logged events for the last 7 days with default filters.
Note: For a description of System Log event types, see event-types.
System Log Graphs
The System Log displays the following bar graphs about your chosen events:
- Count of events over time
- Count of events by category - Click this link to expand the following graphs:
- Count of events per target
- Count of events per actor
- Count of events per event type
For more information about a data point, hover over any of the bars in the graphs. Narrow the time range of a graph by dragging your mouse over the bars to grab the range you are interested in.
This table lists all events and includes the following information: Time, Actor, Event Info, and Targets.
- You can click the right arrow on any row to display more data about that event.
- You can click on any Event Info, Actor, or Target in the table, to filter events by that item.
- You can download the entire table by clicking the Download CSV file link.
Use these buttons to toggle between the table view, and a geolocation view displaying events on a map:
Customizing Your System Log
Note: We have put together some custom queries you can view here: Useful Custom Log Queries.
You can customize your System Log by:
- Date Range: Specify a start and end time range to filter the events displayed. The default is the preceding 7 days. Note : For optimum performance, search results are limited to a range of three months, specifying a longer range will result in an error.
- Time Zone: Use the dropdown menu to select a time zone in which the system log events are displayed.
Search: There are two types of search:
- Basic: Enter a string to search all events within the specified time range. To do a basic search, type your search string, then click enter, or the search icon.
Advanced: Advanced search allows you to do a structured search based on the various fields of the events.
To perform an advanced search: Click Advanced Filter, then enter your selection criteria then click Apply Filter.
This is an Early Access feature. To enable it, please contact Okta Support.
Saved Searches: You can save and reuse searches. After performing a System Log search, a Save button appears next to the query. Click Save and you are prompted to name your search. Once saved, your named search appears on the main Reports page. You can reuse your saved search, modify it, or delete it. Note that saved searches can only be seen by the user who created them. A maximum of 10 searches can be saved at any time.
Click Reset Filters to clear any custom filters and return to a the default filters (all events over the last 7 days).
This is an Early Access feature. To enable it, contact Okta Support.
Filter events by IP address
While viewing System Log events, Super or Org admins may want to view all events by a specific IP address. Beside the IP address, click the Filter icon () to sort the event list.
Add an IP address to a Network Zone
It is possible to add an IP address that appears in a System Log event to an existing Network Zone. This saves you time, eliminating the need to copy the IP address and navigate to the Network menu. You must have Super or Org admin permissions to do this.
To add an IP address to a network zone while viewing the System Log:
- Locate the event and IP address in the System Log.
- Click on the More icon ( ) and Add to zone.
- In the Add to IP zone dialog fill the following:
- Add to zone — Select which network zone to add the IP address to.
- IP type — Select from Proxy or Gateway.
- Click Save.