REST Monitoring management events

REST Monitoring management events found in the audit log and all logs.

Topics

Event fields

Access Gateway audit log certificate events include the following information:

Field

Description

TIMESTAMP

Current system date and time

HOSTNAME

Hostname of node generating event

Identification

Always OAG ADMIN_CONSOLE MONITORING REST API INFO

Operation

One of:

  • ENABLE, DISABLE

  • ENDPOINT

  • ADDED ALLOWED IP,
    DELETED ALLOWD IP

Message Associated error message.

Monitoring management events

Events logged when managing REST interfaces including enabling and disabling monitoring, adding/deleting addresses and changing endpoint name.

Enable or disable API

Description: While adding or updating a certificate using the Access Gateway Management console, an invalid certificate was provided.

Messages:

  • Enabling Monitoring REST APIs.
  • Disabling Monitoring REST APIs.

Examples:

  • 2021-06-13T11:03:40.834-05:00 domain.tld OAG ADMIN_CONSOLE MONITORING REST API INFO ENABLE [USER="oag-mgmt"] Enabling Monitoring REST APIs.
  • 2021-06-13T11:03:38.650-05:00 domain.tld OAG ADMIN_CONSOLE MONITORING REST API INFO DISABLE [USER="oag-mgmt"] Disabling Monitoring REST APIs.
  • Structured data:
    • USER - Username of account performing the action
  • Corrective action :
    • None
  • Change endpoint name

    Description: The monitoring REST endpoint name was changed.

    Messages:

    • NEW ENDPOINT NAME UPDATED IN FILE /opt/oag/monitoring_rest/icsgw_monitoring_rest.active.conf

    Examples:

    • 2021-06-13T11:16:07.198-05:00 oag.okta.com OAG ADMIN_CONSOLE MONITORING REST API INFO ENDPOINT NAME CHANGE [USER="oag-mgmt" NEW NAME="basic_status"] NEW ENDPOINT NAME UPDATED IN FILE /opt/oag/monitoring_rest/icsgw_monitoring_rest.active.conf
  • Structured data:
    • USER - Username of account performing the action
    • NEW NAME - New name for endpoint.
  • Corrective action :
    • None
  • Add or delete a supported IP/CIDR

    Description: Add or delete a known endpoint address

    Messages:

    • Added entry to file /opt/oag/monitoring_rest/icsgw_monitoring_rest.active.conf
    • Deleted entry from file /opt/oag/monitoring_rest/icsgw_monitoring_rest.active.conf

    Examples:

    • 2021-06-13T11:03:53.818-05:00 domain.tld OAG ADMIN_CONSOLE MONITORING REST API INFO ADD ALLOWED IP [USER="oag-mgmt" ENTRY="192.168.1.1"] Added entry to file /opt/oag/monitoring_rest/icsgw_monitoring_rest.active.conf
    • 2021-06-13T11:04:01.366-05:00 domain.tld OAG ADMIN_CONSOLE MONITORING REST API INFO DELETE ALLOWED IP [USER="oag-mgmt" ENTRY="192.168.1.2"] Deleted entry from file /opt/oag/monitoring_rest/icsgw_monitoring_rest.active.conf
  • Structured data:
    • USER - Username of account performing the action
    • ENTRY - IP/CIDR or added or deleted IP address.
  • Corrective action :
    • None
  • Related topics

    Access Gateway audit log

    See Download logs for details on downloading logs.

    See Decompressing logs for details on decompressing log files.