Okta is an enterprise-grade, identity management service, built for the cloud, but compatible with many on-premises applications.
To ship Okta logs, you'll deploy a Docker container to collect the logs and forward them to Logz.io using Logstash.
You can send logs from multiple Okta tenants and any Okta domain.
If you want to ship from multiple Okta tenants over the same docker, you'll need to use the latest configuration using a tenants-credentials.yml file. Otherwise, you can continue using the previous configuration without a tenants-credentials.yml.
Before you begin, you'll need:
- Okta administrator privileges
- Port 5050 available - Logz.io Logstash endpoint receives logs from port 5050.
Get the API token and Okta domain from Okta
In the Okta developer console, navigate to API > Tokens. Create a token and paste it in your text editor.
Click the Authorization Servers tab. Copy your Okta domain from the Issuer URI column, and paste it in your text editor. In the following example, you'd have copied "dev-123456.okta.com".
Create your tenants-credentials YAML
Build your tenants-credentials.yml:
To create the file run the following command as root and then open the file in your text editor:
mkdir /etc/logzio-okta && touch /etc/logzio-okta/tenants-credentials.yml
Insert your tenants credentials into the YAML file in the following format:
- okta_api_key: <<OKTA-API-KEY>>
This shipper supports up to 50 tenants. For multiple tenants, add your Okta API key and domain for each tenant. See the following example:
- okta_api_key: 123456a
- okta_api_key: 123456b
- okta_api_key: 123456c
|OKTA_API_KEY (Required)||The Okta API key copied in step 1.|
|OKTA_DOMAIN (Required)||The Okta domain copied in step 1. It is found under the Issuer URI column in your Okta developer console. Supports these Okta domains: example.oktapreview.com, example.okta.com, example.okta-emea.com|
YAML files are sensitive to spaces and tabs. It's a good idea to run your code through a YAML validator to make sure that its structure is correct. It's a good idea to run it through a YAML validator to rule out indentation errors, clean up extra characters, and check that it is valid. (Yamllint.com is a great choice.)
Save the file in your working directory. That's the same one you're running the docker from.
Pull the Docker image
Download the logzio/logzio-okta image:
docker pull logzio/logzio-okta
Run the Docker image
Replace the placeholders in the code sample below before running it. Then run:
docker run \
--restart always \
--name Okta \
--env LOGZIO_TOKEN=<<LOG-SHIPPING-TOKEN>> \
--env LOGZIO_LISTENER_HOST=<<LISTENER-HOST>> \
-v /etc/logzio-okta/tenants-credentials.yml:/usr/share/logstash/tenants-credentials.yml \
For Mac users: To fix issues with mounting files from root directory please add the path ‘/etc/logzio-okta’ to your Docker File Sharing.
Click here for a guide on how to fix this issue - using docker desktop or manually edit your Docker configuration file.
For more information about mounting files from root directory click here.
|LOGZIO_TOKEN (Required)||Replace |
|LOGZIO_LISTENER_HOST (Required)||Replace |
Check Logz.io for your logs
Give your logs some time to get from your system to ours, and then open Open Search Dashboards.
If you still don't see your logs, see log shipping troubleshooting.