Access Gateway monitor log
Access Gateway monitor logs include information on the following events:
- CONFIG_TEST: The NGINX engine, including start, stop, reset, and configuration tests.
- DISK_USAGE: Disk usage.
- MONITOR KRB5: Kerberos status.
- SESSION_CACHE_USAGE: Session cache.
- SESSION_CACHE_USAGE: Certificate expiration.
- START , STOP: System start and stop.
- VALIDATE: Data Store validation.
Event Fields
|
Field |
Description |
|
TIMESTAMP |
The current system date and time |
|
HOSTNAME |
The hostname of the node generating the event |
|
APPLICATION |
OAG_MONITOR |
|
SUB-PROCESS |
MONITOR |
|
COMPONENT |
The component is one of the following:
|
|
LOG_LEVEL |
The log level is one of the following:
|
|
EVENT |
The event is one of the following:
|
|
STRUCTURED_DATA |
Event data is important for analysis and troubleshooting. |
|
MESSAGE |
The message that appears in the log |
CONFIG_TEST
This event is issued after testing the NGINX configuration.
| Message | NGINX configuration is valid. |
| Example | 2020-04-02T08:02:01.348-05:00 example.myaccessgateway.com OAG_MONITOR MONITOR NGINX INFO CONFIG_TEST [STATUS="VALID"] NGINX configuration is valid. |
| Structured data |
|
DISK_USAGE
This event is issued after examining current disk use. It's checked once each hour for each mount.
| Message | Mount [device] is [x]% full. |
| Example | 2020-06-25T07:00:02.119-05:00 example.myaccessgateway.com OAG_MONITOR MONITOR DISK_USAGE INFO DISK_USAGE [FILESYSTEM="/dev/mapper/centos-root" MOUNT="/" USAGE="12%"] Mount / is 12% full |
| Structured data |
|
MONITOR KRB5
This event is issued after examining the Kerberos configuration. It's checked once each hour.
| Message |
|
| Example | 2020-04-02T08:00:02.043-05:00 example.myaccessgateway.com OAG_MONITOR MONITOR KRB5 INFO MONITOR [STATUS="VALID"] Kerberos not configured |
| Structured data | STATUS: The file system of the mount point |
SESSION_CACHE_USAGE
This event is issued after examining session cache use. It's checked once each hour.
| Message | Current session cache utilization is 0%. |
| Example | 2020-06-25T07:00:02.130-05:00 example.myaccessgateway.com OAG_MONITOR MONITOR SESSION_CACHE INFO SESSION_CACHE_USAGE [CACHE_SIZE="67108864" CURRENT_USAGE="17095" USAGE_PERCENT="0%"] Current session cache utilization is 0%. |
| Structured data |
|
SSL_CERT_VALIDITY_CHECK
This event is issued after examining certificates. It's checked once each day.
| Message | SSL Certificate is valid for more than 30 days. |
| Example | 2020-06-05T00:00:01.819-05:00 example.mysaccessgateway.com OAG_MONITOR MONITOR CERT_CHECK INFO SSL_CERT_VALIDITY_CHECK [USER="root" EXPIRY="20220603"] SSL Certificate is valid for more than 30 days. |
| Structured data |
|
START
This event is issued when an Access Gateway node is started. It's sorted by service.
| Message |
Starting service. (Services include okta-nginx, ebs-ssoagent, oag-admin, php-fpm, and others.) |
| Example | 2020-03-27T21:19:24.158-05:00 example.myaccessgateway.com OAG_MONITOR MONITOR SERVICE INFO START [SERVICE="oag-admin"] Starting oag-admin. |
| Structured data | SERVICE: The name of the service being started |
STOP
This event is issued when an Access Gateway node is stopped. It's sorted by service.
| Message |
Stopping service. (Services include okta-nginx, ebs-ssoagent, oag-admin, php-fpm, and others.) |
| Example | 2020-03-27T21:20:11.797-05:00 example.myaccessgateway.com OAG_MONITOR MONITOR SERVICE INFO STOP [SERVICE="oag-admin"] Stopping oag-admin. |
| Structured data | SERVICE: The name of the service being stopped |
VALIDATE
This event is issued once each hour for each Data Store or authentication context.
| Message | None |
| Example | 2020-06-23T02:10:01.762-05:00 example.myaccessgateway.com OAG_MONITOR MONITOR STORE INFO VALIDATE [NAME="LDAP Datastore" STATUS="passed"]. |
| Structured data |
|
|
Logs generated |
By default, there are two Data Stores in Access Gateway that generate four logs every hour:
|
Next steps
- See Download log files.
- See Decompress log files.