Access Gateway monitor log
Access Gateway monitor logs include information on the following events:
- CONFIG_TEST: NGINX engine including start, stop, reset, and configuration tests.
- DISK_USAGE: Disk usage.
- MONITOR KRB5: Kerberos status.
- SESSION_CACHE_USAGE: Session cache.
- SESSION_CACHE_USAGE: Certificate expiration.
- START , STOP: System start and stop.
- VALIDATE: Data store validation.
Before you begin
- See Download log files for details on downloading logs.
- See Decompress log files for details on decompressing log files.
Event Fields
Field |
Description |
TIMESTAMP |
The current system date and time. |
HOSTNAME |
The hostname of the node generating the event. |
APPLICATION |
OAG_MONITOR |
SUB-PROCESS |
MONITOR |
COMPONENT |
The component is one of the following:
|
LOG_LEVEL |
The log level is one of the following:
|
EVENT |
The event is one of the following:
|
STRUCTURED_DATA |
Data related to the event that occurred is important for analysis and troubleshooting. |
MESSAGE |
The message that appears in the log. |
CONFIG_TEST
The event is issued after testing the NGINX configuration.
Message
- NGINX configuration is valid.
Example
- 2020-04-02T08:02:01.348-05:00 example.myaccessgateway.com OAG_MONITOR MONITOR NGINX INFO CONFIG_TEST [STATUS="VALID"] NGINX configuration is valid.
Structured data
- STATUS: VALID or INVALID.
DISK_USAGE
The event is issued after examining current disk usage and is checked once per hour per mount.
Message
- Mount [device] is [x]% full.
Example
- 2020-06-25T07:00:02.119-05:00 example.myaccessgateway.com OAG_MONITOR MONITOR DISK_USAGE INFO DISK_USAGE [FILESYSTEM="/dev/mapper/centos-root" MOUNT="/" USAGE="12%"] Mount / is 12% full
Structured data
- FILESYSTEM: Filesystem of mount point.
- MOUNT: Mount point.
- USAGE: Mount point usage.
MONITOR KRB5
The event is issued after examining the Kerberos configuration and is checked once per hour.
Message
- Kerberos not configured.
- Kerberos is configured.
Example
- 2020-04-02T08:00:02.043-05:00 example.myaccessgateway.com OAG_MONITOR MONITOR KRB5 INFO MONITOR [STATUS="VALID"] Kerberos not configured
Structured data
- STATUS: File system of the mount point.
SESSION_CACHE_USAGE
The event is issued after examining session cache usage and is checked once per hour.
Message
- Current session cache utilization is 0%.
Example
- 2020-06-25T07:00:02.130-05:00 example.myaccessgateway.com OAG_MONITOR MONITOR SESSION_CACHE INFO SESSION_CACHE_USAGE [CACHE_SIZE="67108864" CURRENT_USAGE="17095" USAGE_PERCENT="0%"] Current session cache utilization is 0%.
Structured data
- CACHE_SIZE: Total session cache size in MB.
- CURRENT_USAGE: Session cache in use in MB.
- USAGE_PERCENT: Percent of the cache currently in use.
SSL_CERT_VALIDITY_CHECK
The event is issued after examining certificates and is checked once per day.
Message
- SSL Certificate is valid for more than 30 days.
Example
- 2020-06-05T00:00:01.819-05:00 example.mysaccessgateway.com OAG_MONITOR MONITOR CERT_CHECK INFO SSL_CERT_VALIDITY_CHECK [USER="root" EXPIRY="20220603"] SSL Certificate is valid for more than 30 days.
Structured data
- USER: Certificate owner.
- EXPIRY: The date when the certificate expires.
START
The event is issued when an Access Gateway node is started, by service.
Message
- Starting service. (Services include: okta-nginx, ebs-ssoagent, oag-admin, php-fpm, and others.)
Example
- 2020-03-27T21:19:24.158-05:00 example.myaccessgateway.com OAG_MONITOR MONITOR SERVICE INFO START [SERVICE="oag-admin"] Starting oag-admin.
Structured data
- SERVICE: The name of the service being started.
STOP
The event is issued when an Access Gateway node is stopped, by service.
Message
- Stopping service. (Services include: okta-nginx, ebs-ssoagent, oag-admin, php-fpm, and others.)
Example
- 2020-03-27T21:20:11.797-05:00 example.myaccessgateway.com OAG_MONITOR MONITOR SERVICE INFO STOP [SERVICE="oag-admin"] Stopping oag-admin.
Structured data
- SERVICE: The name of the service being stopped.
VALIDATE
The event is issued once per hour, per data store or authentication context.
Message
- None
Example
- 2020-06-23T02:10:01.762-05:00 example.myaccessgateway.com OAG_MONITOR MONITOR STORE INFO VALIDATE [NAME="LDAP Datastore" STATUS="passed"].
Structured data
- NAME: The name of the service being validated.
- STATUS: Passed or failed.
Logs generated
By default there are two data stores in Access Gateway. This results in generating four logs every hour. These are the names of the logs:
- oag.support.lab OAG_MONITOR MONITOR STORE INFO VALIDATE [NAME="App Context" STATUS="passed"]
- oag.support.lab OAG_MONITOR MONITOR STORE INFO VALIDATE [NAME="Auth Context" STATUS="passed"]
- oag.support.lab OAG_MONITOR MONITOR STORE INFO VALIDATE [NAME="auth" STATUS="passed"]
- oag.support.lab OAG_MONITOR MONITOR STORE INFO VALIDATE [NAME="spgw" STATUS="passed"]