Administer log forwarding FAQs and best practices

Best Practices

Port Selection

Okta recommends using a port number higher than 2048. Many operating systems have access restrictions on ports 2048 and lower.

Frequently Asked Questions

What is the frequency of log events?

The frequency of log events depends on the activity in Access Gateway. Application updates, Data Store configuration, AUDIT, and MONITOR events generate log entries.

Do I need to restart Access Gateway after configuring log forwarders?

No. Once configured, Access Gateway immediately begins to send out events, as they occur.

I'm running a log server and my instance went down. Are events during that period lost?

When there's no recipient for the event stream, the events are dropped. Access Gateway doesn't cache events. However, you can still download the logs for the time period where events were missing. See Download log files.

I've changed the logging level but I still see all log events on my forwarder.

Changing the verbosity level on log downloads has no effect on the log levels and events sent to log forwarders. All log events are always sent to log forwarders regardless of the logging level. Configure a remote filter to remove unwanted log events on the log forwarder.