REST Monitoring management events

REST Monitoring management events found in the audit log and all logs.

Event fields

Access Gateway audit log events include the following information:

Field

Description

TIMESTAMP

Current system date and time

HOSTNAME

Hostname of node generating event

Identification

Always OAG ADMIN_CONSOLE MONITORING REST API INFO
Operation

One of:

  • ENABLE, DISABLE

  • ENDPOINT

  • ADDED ALLOWED IP, DELETED ALLOWED IP
Message Associated error message.

Monitoring management events

Events logged when managing REST interfaces including enabling and disabling monitoring, adding/deleting addresses and changing endpoint name.

Enable or disable API

Description:

  • While adding or updating a certificate using the Access Gateway Management console, an invalid certificate was provided.

Messages:

  • Enabling Monitoring REST APIs.
  • Disabling Monitoring REST APIs.

Examples:

  • 2021-06-13T11:03:40.834-05:00 <domain.tld> OAG ADMIN_CONSOLE MONITORING REST API INFO ENABLE [USER="oag-mgmt"] Enabling Monitoring REST APIs.
  • 2021-06-13T11:03:38.650-05:00 <domain.tld> OAG ADMIN_CONSOLE MONITORING REST API INFO DISABLE [USER="oag-mgmt"] Disabling Monitoring REST APIs.

Structured data:

  • USER - Username of account performing the action

Corrective action:

  • None

Change endpoint name

Description: The monitoring REST endpoint name was changed.

Messages:

  • NEW ENDPOINT NAME UPDATED IN FILE /opt/oag/monitoring_rest/icsgw_monitoring_rest.active.conf

Examples:

  • 2021-06-13T11:16:07.198-05:00 oag.okta.com OAG ADMIN_CONSOLE MONITORING REST API INFO ENDPOINT NAME CHANGE [USER="oag-mgmt" NEW NAME="basic_status"] NEW ENDPOINT NAME UPDATED IN FILE /opt/oag/monitoring_rest/icsgw_monitoring_rest.active.conf

Structured data:

  • USER - Username of account performing the action
  • NEW NAME - New name for endpoint.

Corrective action:

  • None

Add or delete a supported IP/CIDR

Description: Add or delete a known endpoint address

Messages:

  • Added entry to file /opt/oag/monitoring_rest/icsgw_monitoring_rest.active.conf
  • Deleted entry from file /opt/oag/monitoring_rest/icsgw_monitoring_rest.active.conf

Examples:

  • 2021-06-13T11:03:53.818-05:00 domain.tld OAG ADMIN_CONSOLE MONITORING REST API INFO ADD ALLOWED IP [USER="oag-mgmt" ENTRY="192.168.1.1"] Added entry to file /opt/oag/monitoring_rest/icsgw_monitoring_rest.active.conf
  • 2021-06-13T11:04:01.366-05:00 domain.tld OAG ADMIN_CONSOLE MONITORING REST API INFO DELETE ALLOWED IP [USER="oag-mgmt" ENTRY="192.168.1.2"] Deleted entry from file /opt/oag/monitoring_rest/icsgw_monitoring_rest.active.conf

Structured data:

  • USER - Username of account performing the action
  • ENTRY - IP/CIDR or added or deleted IP address.

Corrective action:

  • None

Related topics

Access Gateway audit log

See Download log files for details on downloading logs.

See Decompress log files for details on decompressing log files.