Access Gateway monitor log

Access Gateway monitor logs include information on the following events:

Before you begin

Event Fields

Field

Description

TIMESTAMP

Current system date and time

HOSTNAME

Hostname of the node generating event

APPLICATION

OAG_MONITOR

SUB-PROCESS

MONITOR

COMPONENT

One of :

  • CERT_CHECK
  • DISK_USAGE
  • KRB5
  • NGINX
  • SERVICE
  • SESSION_CACHE
  • STORE

LOG_LEVEL

Log level. One of: TRACE, DEBUG, INFO, WARN, ERROR, or FATAL

EVENT

One of:

  • CONFIG_TEST
  • DISK_USAGE
  • MONITOR
  • SESSION_CACHE_USAGE
  • SSL_CERT_VALIDITY_CHECK
  • START
  • STOP
  • VALIDATE

STRUCTURED_DATA

Data related to the occurred event important for analysis/troubleshooting

MESSAGE

Readable message

Monitor examples

CONFIG_TEST

Event issued after testing the NGINX configuration.

Message:

  • NGINX configuration is valid.

Example:

  • 2020-04-02T08:02:01.348-05:00 example.myaccessgateway.com OAG_MONITOR MONITOR NGINX INFO CONFIG_TEST [STATUS="VALID"] NGINX configuration is valid.

Structured data:

  • STATUS - VALID or INVALID

DISK_USAGE

Event issued after examining current disk usage. Checked once per hour per mount.

Message:

  • Mount [device] is [x]% full.

Example:

  • 2020-06-25T07:00:02.119-05:00 example.myaccessgateway.com OAG_MONITOR MONITOR DISK_USAGE INFO DISK_USAGE [FILESYSTEM="/dev/mapper/centos-root" MOUNT="/" USAGE="12%"] Mount / is 12% full

Structured data:

  • FILESYSTEM - Filesystem of mount point
  • MOUNT - Mount point
  • USAGE - Mount point usage

MONITOR KRB5

Event issued after examining Kerberos configuration. Checked once per hour.

Messages:

  • Kerberos not configured.
  • Kerberos is configured.

Example:

  • 2020-04-02T08:00:02.043-05:00 example.myaccessgateway.com OAG_MONITOR MONITOR KRB5 INFO MONITOR [STATUS="VALID"] Kerberos not configured

  • Structured data
    • STATUS - File system of the mount point.

SESSION_CACHE_USAGE

Event issued after examining session cache usage. Checked once per hour.

Message:

  • Current session cache utilization is 0%.

Example:

  • 2020-06-25T07:00:02.130-05:00 example.myaccessgateway.com OAG_MONITOR MONITOR SESSION_CACHE INFO SESSION_CACHE_USAGE [CACHE_SIZE="67108864" CURRENT_USAGE="17095" USAGE_PERCENT="0%"] Current session cache utilization is 0%.

Structured data:

  • CACHE_SIZE - Total session cache size in MB.
  • CURRENT_USAGE- Session cache in use in MB.
  • USAGE_PERCENT - Percent of cache currently in use.

SSL_CERT_VALIDITY_CHECK

Event issued after examining certificates. Checked once per day.

Message:

  • SSL Certificate is valid for more than 30 days.

Example:

  • 2020-06-05T00:00:01.819-05:00 example.mysaccessgateway.com OAG_MONITOR MONITOR CERT_CHECK INFO SSL_CERT_VALIDITY_CHECK [USER="root" EXPIRY="20220603"] SSL Certificate is valid for more than 30 days.

Structured data

  • USER- Certificate owner
  • EXPIRY - The date when the certificate expires.

START

Event issued with an Access Gateway node is starting by service.

Message:

  • Starting service. (Services include: okta-nginx, ebs-ssoagent, oag-admin, php-fpm, and others.)

Example:

  • 2020-03-27T21:19:24.158-05:00 example.myaccessgateway.com OAG_MONITOR MONITOR SERVICE INFO START [SERVICE="oag-admin"] Starting oag-admin.

Structured data:

  • SERVICE - The service being started.

STOP

Event issued with an Access Gateway node is stopping by service.

Message:

  • Stopping service. (Services include: okta-nginx, ebs-ssoagent, oag-admin, php-fpm, and others.)

Example:

  • 2020-03-27T21:20:11.797-05:00 example.myaccessgateway.com OAG_MONITOR MONITOR SERVICE INFO STOP [SERVICE="oag-admin"] Stopping oag-admin.

Structured data:

  • SERVICE - The service being stopped.

VALIDATE

Event issued once per hour per data store, or auth context.

Message:

  • None

Example:

  • 2020-06-23T02:10:01.762-05:00 example.myaccessgateway.com OAG_MONITOR MONITOR STORE INFO VALIDATE [NAME="LDAP Datastore" STATUS="passed"].

Structured data:

  • NAME - Name of service being validated.
  • STATUS - Passed or failed.