Integrations

Okta Audit Logs

okta-logo

Coralogix provides a seamless integration with Okta SAML service. You can easily send your Okta audit logs to Coralogix.

Prerequisites

 

General

Private Key – A unique ID which represents your company, this Id will be sent to your mail once you register to Coralogix.

Application Name – The name of your main application, for example, a company named “SuperData” would probably insert the “SuperData” string parameter or if they want to debug their test environment they might insert the “SuperData– Test”.

SubSystem Name – Your application probably has multiple subsystems, for example: Backend servers, Middleware, Frontend servers etc. in order to help you examine the data you need, inserting the subsystem parameter is vital.

Configuration

This document includes cluster dependent URL’s. Each URL has a variable part (in Italic). Please match this part with a row entry within the following table. Copy the table row entry located under the column that matches the top level domain of your Coralogix account (.com, .in etc.). Replace the variable part of the URL with this entry.

 .com.in
Elasticsearch-APIhttps://coralogix-esapi.coralogix.com:9443https://es-api.app.coralogix.in:9443
SSL Certificateshttps://coralogix-public.s3-eu-west-1.amazonaws.com/certificate/Coralogix-EU.crthttps://coralogix-public.s3-eu-west-1.amazonaws.com/certificate/Coralogix-IN
.pem
Cluster URLcoralogix.comapp.coralogix.in

On host machine

If your Coralogix account top level domain is different than ‘.com’ add these environment variables:

CORALOGIX_LOG_URL=https://api.Cluster URL/api/v1/logs

CORALOGIX_TIME_DELTA_URL=https://api.Cluster URL/sdk/v1/time

 

Here is the Logstash pipeline configuration logstash.conf:

input {
  okta_system_log {
    schedule       => { every => "30s" }
    limit          => 1000
    auth_token_key => "${OKTA_API_KEY}"
    hostname       => "${OKTA_TENANT}.okta.com"
  }
}
output {
  coralogix {
    config_params => {
      "PRIVATE_KEY" => "${CORALOGIX_PRIVATE_KEY}"
      "APP_NAME"    => "${CORALOGIX_APP_NAME:Okta}"
      "SUB_SYSTEM"  => "${CORALOGIX_SUB_SYSTEM:Audit}"
    }
    is_json => true
  }
}

Docker

Build Docker image with your logstash.conf:

ARG LOGSTASH_VERSION=7.4.2
FROM docker.elastic.co/logstash/logstash:${LOGSTASH_VERSION}
ENV XPACK_MONITORING_ENABLED false
RUN logstash-plugin install --no-verify \
    logstash-output-coralogix \
    logstash-input-okta_system_log
COPY logstash.conf /usr/share/logstash/pipeline/logstash.conf

and then create the container:

docker run \
    --detach \
    --name logstash-okta \
    --restart always \
    --env OKTA_API_KEY=YOUR_OKTA_API_KEY \
    --env OKTA_TENANT=YOUR_OKTA_HOSTNAME \
    --env CORALOGIX_PRIVATE_KEY=YOUR_PRIVATE_KEY \
    $(docker build -q .)

or deploy with docker-compose:

version: '3'
services:
  logstash-okta:
    container_name: logstash
    restart: always
    build:
      context: .
      args:
        LOGSTASH_VERSION: 7.4.2
    environment:
      OKTA_API_KEY: YOUR_OKTA_API_KEY
      OKTA_TENANT: YOUR_OKTA_HOSTNAME
      CORALOGIX_PRIVATE_KEY: YOUR_PRIVATE_KEY

Start solving your production issues faster

Let's talk about how Coralogix can help you

Managed, scaled, and compliant monitoring, built for CI/CD

Get a demo

No credit card required

© 2021 Copyright Coralogix. All rights reserved.

Get a personalized demo

Jump on a call with one of our experts and get a live personalized demonstration