What is Okta and how does the Okta log API work?

Okta is a cloud-based identity and access management (IAM) platform that provides secure authentication, authorization, and user management solutions. The Okta System Log API gives you read-only access to your enterprises’ system logs close to real-time. You can read more about Okta System Log API here. By default, there is no way to get logs from Okta in real time and continuously. Hence, we made a tool that does the same.

A Guide to Setting up an Okta Log Fetcher in Your System

Step 1: Install Git in your system. If you’re not sure how to do it, Click here to read more about it.

Step 2: Install Python version 3.X in your system. If you’re not sure how to do it, Click here to read more about it.

Step 3: You’ll need API token from the Okta. Follow this guide to generate a token from Okta.

Step 4: Once you are finished with installing Git, fire up a terminal in your system or if you’re on windows open up a CMD/POWERSHELL and run: “git clone https://github.com/dhaval055/ ”

Step 5: You’ll see the following files in your folder.

• Okta-config.properties: In this file, fill out the values of org & token. Value for org will be your organization name and for token use the one we generated in step 3.

• oktalogfetcher.py: This file contains code for pulling logs from okta and writing those logs to output.log file.

• oktascript.log: This file contains logs of oktalogfetcher.py

• output.log: This is where your okta log will be stored.

Step 6: okta-config.properties should look like this once you have filled in your details.

Step 7: Now we will need to install requirement of the script. Open up a terminal, make sure you’re in the same directory where scripts are and run “python3 –m pip install –r requirements.txt”.

Step 8: After above step we’re good to run the tool. Run command “python3 oktalogfetcher.py”.

Step 9: Now you should be seeing logs from Okta in output.log file. Please note that we have added delay of 120 seconds (You can change the same in okta-config.properties file) so that we don’t get duplicate entries in our log file.

NOTES:

1. Please not that when we run a command from the terminal that command is usually attached to that terminal. So, if you close that terminal our program will stop. Depending upon the OS you’re on, figure out a way to not let that happen and allow script to run in the background.
2. If you’re on a Linux system, you can create a service that runs oktalogfetcher.py in the background.
3. In case if script is failing for some reasons, you can read oktascript.log to figure out the problem.

EXTRAS:

1. Now that we have logs coming in ouput.log file; depending upon a SIEM solution you’re using, you can have the output.log file to be monitored for new changes and push them to SIEM.

In Conclusion, this tool offers ability to collect logs from Okta in near real-time. By leveraging this tool, we can quickly identify and remediate security issues, optimize and maintain compliance with regulatory standards.