This application polls Okta System Log entries and print them to the console (stdout). The logs can then be forwarded to Loki using the Promtail agent or Alloy.
You can run the application using the provided Docker image, the released binary, or by building it from source.
The Docker image is available on Docker Hub. The entrypoint is set to the command itself, so you can pass the arguments directly to the container, as shown below. Alternatively, you can run the container without arguments to see the help message. Note that you can provide the API key and Okta URL as environment variables, as explained in Configuration.
docker run --rm --name okta-logs-collector okta-logs-collector:latest --helpDownload the latest release from the releases page. Extract the archive and run the binary.
okta-logs-collector --helpTo build the application from source, you need to have Go installed on your machine. Clone the repository and run the following commands:
make build-devThe application requires an API key to authenticate with the Okta API. The API key can be provided using the --apiKey flag or by setting the API_KEY environment variable. The Okta URL can be provided using the --oktaURL flag or by setting the OKTA_URL environment variable. The default value for the Okta URL is https://<org>.okta.com, which means that you need to replace <org> with your Okta organization name.
okta-logs-collector --apiKey <API_KEY> --oktaURL <OKTA_URL> pollThe application polls the Okta API for new logs every POLL_INTERVAL. The default value is 10s. The LOOKBACK_INTERVAL is used to rewind the time when polling for updates. The default value is 1h0m0s (an hour).
okta-logs-collector --apiKey <API_KEY> --oktaURL <OKTA_URL> poll --pollInterval 10s --lookbackInterval 1hThe application logs messages to stdout. The log level can be set using the --logLevel flag. The default value is info.
okta-logs-collector --apiKey <API_KEY> --oktaURL <OKTA_URL> poll --logLevel debugThe application cancels requests after REQUEST_TIMEOUT. The default value is 30s.
okta-logs-collector --apiKey <API_KEY> --oktaURL <OKTA_URL> poll --requestTimeout 30sThe application can sanitize log messages by removing sensitive information. When the type is USER, the following fields will be sanitized. Their values will be replaced with the first character, followed by an ellipsis, and the last character.
- actor.alternateId
- actor.displayName
- target.alternateId
- target.displayName
okta-logs-collector --apiKey <API_KEY> --oktaURL <OKTA_URL> poll --sanitizeUserIdentityFor example usage, see the examples directory. It contains configuration files for running Loki, Alloy and Promtail. The provided configuration files are for demonstration purposes only and should be adjusted to your environment. For example, you need to adjust the intervals, the Loki URL and/or remove echo configurations to disable printing logs to the console.
We welcome contributions from everyone. Just open an issue or send us a pull request.
Okta logs collector is licensed under the Apache License version 2.0.