Send Okta Logs to Observability Pipelines

This product is not supported for your selected Datadog site. ().
Available for:

Logs

Overview

This document goes over how to send Okta logs to Observability Pipelines using Amazon EventBridge and the Observability Pipelines HTTP Server source.

Prerequisites

The following are required to send Okta logs to Observability Pipelines using Amazon EventBridge:

  • A registered domain.
  • A TLS certificate that matches the domain.

Set up a pipeline

Set up the pipeline components

  1. Navigate to Observability Pipelines.
  2. Select a log template to create a pipeline.
  3. Select the HTTP Server source.
  4. If you are using Secrets Management, enter the identifier for the HTTP/S Server address key. See Set secrets for the defaults used.
  5. Select your authorization strategy. If you selected Plain:
    • Enter the identifiers for the HTTP/S Server username and password. See Set secrets for the defaults used.
  6. In the Decoding dropdown menu, select Bytes.
  7. Toggle the switch to Enable TLS.
    • If you are using Secrets Management, enter the identifier for the HTTP/S Server key pass. See Set secrets for the defaults used.
    • The following certificate and key files are required.
      • Server Certificate Path: The path to the certificate file that has been signed by your Certificate Authority (CA) root file in DER, PEM, or CRT (X.509).
      • CA Certificate Path: The path to the certificate file that is your Certificate Authority (CA) root file in DER, PEM, or CERT (X.509).
      • Private Key Path: The path to the .key private key file that belongs to your Server Certificate Path in DER, PEM, or CERT (PKCS #8) format.
      • Notes:
        • The configuration data directory /var/lib/observability-pipelines-worker/config/ is automatically appended to the file paths. See Advanced Worker Configurations for more information.
        • The file must be readable by the observability-pipelines-worker group and user.
  8. Copy your certificates into the configuration directory:
    # Create the configuration directory
sudo mkdir -p /var/lib/observability-pipelines-worker/config

# Copy your certificates
sudo cp /path/to/your/<your-cert-file> /var/lib/observability-pipelines-worker/config/<your-cert-file>
sudo cp /path/to/your/<your-cert-file> /var/lib/observability-pipelines-worker/config/<your-cert-file>
  9. After you set up your destinations and processors, click Next: Install.

Install the Worker

  1. On the Install page, select your platform in the dropdown menu.
  2. Follow the instructions on the page to install the Worker based on your platform. See Install the Worker for details.
  3. After installing the Worker, change ownership of the certificates so the Observability Pipelines Worker can read them:
    # Change ownership so the Worker can read the certificates
sudo chgrp observability-pipelines-worker /var/lib/observability-pipelines-worker/config/<your-cert-file>
sudo chmod 640 /var/lib/observability-pipelines-worker/config/<your-cert-file>
sudo chgrp observability-pipelines-worker /var/lib/observability-pipelines-worker/config/<your-cert-file>
sudo chmod 640 /var/lib/observability-pipelines-worker/config/<your-cert-file>
  4. Deploy the configuration from the Observability Pipelines UI.
  5. Test your endpoint using curl:
    curl -X POST https://your-domain.com \
  -u username:password \
  -H "Content-Type: application/json" \
  -d '{"message":"test log from curl","source":"curl","service":"okta"}'

Create an AWS EventBridge stream in Okta

Follow the Add an AWS EventBridge log stream instructions to:

  1. Create an EventBridge stream in Okta.
  2. Configure the Amazon EventBridge log stream in the AWS console.
    1. When you are configuring a target after building the event pattern, select EventBridge API destination for the Target type.
    2. Select Create a new API destination.
    3. Enter a name for the destination.
    4. In the API destination endpoint field, enter your Observability Pipelines Worker URL.
    5. Select Post as the HTTP method.
    6. Select Create a new connection.
    7. Enter a name for the connection.
    8. Select the API type.
    9. Select Custom configuration if you are using HTTP authentication and enter your username and password.
    10. Click Create rule.

After configuring the Amazon EventBridge, you can view your Okta logs in Log Explorer.