Systems Logs

Using System Logs to Monitor and Troubleshoot your Oort Tenant

The Oort System Logs page provides event information for all of the data collection, configuration changes, and user analytics in your Oort tenant.

Accessing System Logs

To access your tenant's System Logs, navigate using the user menu on the top-right portion of the Oort Dashboard.

User Menu

Use Cases & Troubleshooting Scenarios

The Oort System Logs are very helpful in the following scenarios:

  • Initial Data Collection - After one or more identity provider (IDP) integrations are configured for the first time, such as Okta or Azure AD, and the Collect Now function is triggered, the System Logs can be used to verify the collection has started and monitor the progress of individual collection batches.

  • Admin Actions or Configuration Changes - Changes to either the Oort tenant settings or individual integrations (Okta, Azure, Google, Duo, etc.) can be audited and verified using events in the System Logs, such as Mutation__updateTenantConfig or Mutation__updateIntegrationInstance. Also, all administrator actions can be viewed using the Admin Triggered filter, available in the left-hand pane.

  • Investigating Collection or other Failures - The system logs can provide insight into event failures in the environment, for example if an API secret expires or a API permissions change in an integration, the resulting failures can be quickly found in System logs using the filters (shown below) and/or filtering on the specific IDP in question (e.g. Okta).

  • Check Failures and Notification Feedback - The system logs are another way to view both user check failures and also search for notification feedback, such as when events are marked Interesting or Normal Behavior from Teams or Slack notifications.

For a demonstration of how to use the System Logs page in these scenarios, please see the #Video Tutorial below.

Frequently Used Event Types

Filtering the System Logs can be useful to quickly locate log entries of interest. In the search bar at the top of the menu you can enter text to filter by (such as the name of a target data source). You can also click on individual items in the columns to filter by that attribute type. Some examples:

  • Events - click on an Event Type to filter by that specific event (e.g. Integration Data Upload)

  • Target - Select the provider instance to filter by

System Logs - Filter by Target
System Logs - Filtering by Target Provider (e.g. Okta)

You can also click on an individual record in the System Logs to pop out a window with additional information about the specific event.

System Logs - Entry Details
System Logs - Showing additional event details

Video Tutorial

For a tutorial on how to use the System Logs, please see this video.

Last updated