![]() Unlike many other systems, with Datadog, you can actually forward logs directly from EventBridge without the need for CloudWatch. You need to create an API key on Datadog before following the steps outlined below. ![]() That being said, I love Datadog, so I will outline how to forward the logs there without even using CloudWatch at all. While I would love to detail how to configure the forwarding from CloudWatch to each of the three logging systems I mentioned, I don't have that much spare time at hand □. ![]() Here are some tutorials for Splunk ( link), ELK ( link, link), and Datadog ( link). You can forward these logs from CloudWatch to your log collector.If everything was configured correctly, logs will start showing up in the log group within minutes of you creating the rule.In step 5, review the configuration you created and once everything seems right, hit create rule.You can also select it from the dropdown list below the text field. Paste the name of the log group you created earlier into the text field below the dropdown list. Select CloudWatch log group from the dropdown list. In step 3, make sure AWS Services is selected in the target types field.Select Okta in the Partner drop-down list and All Events in the Event Type list. In the Event Source field, select EventBridge Partners. Scroll down to the Event Pattern section.In step 2, select " AWS events or EventBridge partner events" in the Event Source section.Make sure the correct event bus is selected, that the " Enable the rule on the selected event bus" checkbox is checked, and that the rule type is " Rule with an event pattern". In Step 1, give your rule a name and a description.Make sure the correct event bus is selected from the menu and click on Create a Rule.Once the log group is created, go back to EventBridge and navigate to the Rules section.It also needs to be in the same region as the EventBridge bus. You must create this log group in the same AWS account you configured in Okta. If you don't know how to do that, follow this tutorial. An easy destination would be CloudWatch.įorward Logs From EventBridge To CloudWatch From here, we can use Rules to configure where these logs should go.Click through the steps until the source is associated with a new event bus. Select the source and click on Associate with event bus.If you configured things on Okta correctly, you should see a source named that's in a pending status. Login into the AWS account that you configured in the previous step and navigate to the AWS EventBridge Service.In the second configuration pane, you will have to enter a name for the log stream, your AWS account ID, and the AWS region where the new log stream will be created, and a source name that will be used to differentiate the log source on AWS EventBridge.You will have only one choice, select it and proceed. In the first configuration pane, you need to select a type for the log stream.Navigate to Reports → Log Streaming and click on Add Log Stream.Once Log Stream is activated, we can now configure it to send the logs to AWS EventBridge Or Splunk Cloud (the only two supported targets for now). Toggle on the button next to the Log Streaming feature to enable it.The Log Streaming feature is still in Early Access stage, which means you will need to enable manually for your Okta Tenant. ![]() "Log data older than 3 months is not accessible in the System Log." ( Source) Activate The Log Streaming Feature The feature allows you to ship Okta logs to one of two destination – for now – AWS EventBridge, and Splunk Cloud. Luckily for everyone, Okta recently released a Log Streaming feature to their Beta channel. This is a rather short period and can cause serious issues when investigating malicious activities (or internal security incidents at Okta). Okta keeps logs for 90 days (or at least that's how long you as a customer can access them) before rotating them.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |