帮助手册

OneLogin 日志

OneLogin 是一家基于云的身份与访问管理 (IAM) 提供商,为企业提供统一的访问管理服务。您可以将 OneLogin 日志推送到 Site24x7 AppLogs,在统一控制台下进行全面监控、追踪错误并接收告警和报表。

前提条件:您需要 OneLogin 企业版或无限版计划订阅。

在 Site24x7 AppLogs 中创建日志类型

  1. 登录您的 Site24x7 账号 > 管理 > AppLogs > 添加日志类型
  2. 输入显示名称
  3. 日志类型下拉菜单中选择 OneLogin Logs
  4. 输入保留期限最大上传限制
  5. 以下是 Site24x7 AppLogs 为 OneLogin 日志识别的默认日志模式。
    • 日志模式: 
      json $event.imported_user_id as imported_user_id$ $event.privilege_id as privilege_id$ $event.notes as notes$ $event.note_title as note_title$ $event.proxy_agent_name as proxy_agent_name$ $event.directory_sync_run_id as directory_sync_run_id$ $event.authentication_factor_id as authentication_factor_id$ $event.solved as solved$ $event.mapping_name as mapping_name$ $event.uuid as uuid$ $event.resolution as resolution$ $event.client_id as client_id$ $event.proxy_agent_id as proxy_agent_id$ $event.otp_device_id as otp_device_id$ $event.event_type_id as event_type_id:number$ $event.resource_type_id as resource_type_id$ $event.role_id as role_id$ $event.actor_user_name as actor_user_name$ $event.error_description as error_description$ $event.create._id as create__id$ $event.directory_id as directory_id$ $event.ipaddr as ipaddr$ $event.app_id as app_id$ $event.assuming_acting_user_id as assuming_acting_user_id$ $event.authentication_factor_type as authentication_factor_type$ $event.login_id as login_id$ $event.imported_user_name as imported_user_name$ $event.group_name as group_name$ $event.certificate_name as certificate_name$ $event.otp_device_name as otp_device_name$ $event.directory_name as directory_name$ $event.object_id as object_id$ $event.adc_id as adc_id$ $event.trusted_idp_name as trusted_idp_name$ $event.role_name as role_name$ $event.policy_type as policy_type$ $event.resolved_by_user_id as resolved_by_user_id$ $event.custom_message as custom_message$ $event.user_id as user_id:number$ $event.resolved_at as resolved_at$ $event.actor_system as actor_system$ $event.privilege_name as privilege_name$ $event.task_name as task_name$ $event.radius_config_name as radius_config_name$ $event.service_directory_id as service_directory_id$ $event.policy_id as policy_id$ $event.user_name as user_name$ $event.event_timestamp as event_timestamp:date:yyyy-MM-dd HH:mm:ss$ $event.api_credential_name as api_credential_name$ $event.certificate_id as certificate_id$ $event.actor_user_id as actor_user_id:number$ $event.param as param$ $event.adc_name as adc_name$ $event.user_field_name as user_field_name$ $event.user_field_id as user_field_id$ $event.proxy_ip as proxy_ip$ $event.note_id as note_id$ $event.policy_name as policy_name$ $event.app_name as app_name$ $event.login_name as login_name$ $event.account_id as account_id:number$ $event.group_id as group_id$ $event.authentication_factor_description as authentication_factor_description$ $event.mapping_id as mapping_id$ $event.radius_config_id as radius_config_id$ $event.trusted_idp_id as trusted_idp_id$ $event.entity as entity$
    • 示例日志: 
      {"event":{"create":{"_id":"c451ec08-5e1a-4d7c-b4ff-0d61e7fa83a6"},"directory_name":null,"event_type_id":11,"role_id":null,"privilege_id":null,"group_name":null,"adc_id":null,"group_id":null,"service_directory_id":null,"radius_config_name":null,"policy_id":null,"privilege_name":null,"custom_message":null,"param":null,"client_id":null,"job_id":null,"app_id":null,"risk_cookie_id":null,"self_registration_profile_name":null,"report_id":null,"resource_type_id":null,"service_job_id":null,"login_name":null,"browser_fingerprint":null,"user_field_name":null,"uuid":"c451ec08-5e1a-4d7c-b4ff-0d61e7fa83a6","user_agent":"OneLogin Faraday Client v0.2.1","actor_system":"","ipaddr":"103.26.110.197","event_location_id":null,"directory_id":null,"authentication_factor_description":null,"proxy_agent_name":null,"directory_sync_run_id":null,"safe_to_unescape":null,"event_timestamp":"2021-08-18 05:18:29 UTC","user_name":"Dev User","role_name":null,"app_name":null,"policy_name":null,"mapping_name":null,"resolution":null,"entity":null,"authentication_factor_type":null,"authentication_factor_id":null,"service_job_name":null,"user_agent_id":null,"actor_user_id":146414317,"proxy_ip":null,"note_title":null,"certificate_id":null,"note_id":null,"account_id":195258,"actor_user_name":"Dev User","solved":null,"task_id":null,"otp_device_id":null,"resolved_by_user_id":null,"assumed_by_superadmin_or_reseller":null,"report_name":null,"user_field_id":null,"risk_score":null,"object_id":null,"self_registration_profile_id":null,"user_id":146414317,"imported_user_name":null,"mapping_id":null,"login_id":null,"radius_config_id":null,"otp_device_name":null,"adc_name":null,"task_name":null,"certificate_name":null,"proxy_agent_id":null,"notes":null,"api_credential_name":null,"assuming_acting_user_id":null,"risk_reasons":null,"policy_type":null,"job_name":null,"trusted_idp_name":null,"imported_user_id":null,"error_description":null,"resolved_at":null,"trusted_idp_id":null}}
  6. 复制如截图所示的 API 端点 URL
  7. 点击保存

在 OneLogin 中创建 Webhook

  1. 以管理员身份登录您的 OneLogin 账号,导航至 Developers > Webhook > NewWebhook
  2. 选择 Event Webhook 用于日志管理。
  3. 新建广播弹出窗口中输入名称,选择 SIEM 作为格式。
  4. 将从 Site24x7 控制台复制的 API 粘贴到 Listener URL 字段中。
  5. 如有需要,填写自定义 Header。
  6. 点击保存
  7. 您也可以参考此链接了解如何创建 Webhook。 

查看数据

  1. 登录您的 Site24x7 账号 > AppLogs
  2. 在搜索栏中输入 OneLogin 作为日志类型并按回车。
  3. 您可以在仪表板中看到以下指标:
    • 未授权 API
    • 登录失败
    • 应用用户数量已达上限
    • 应用认证失败
    • Top 10 事件
    • 按应用划分的事件
    • 密码更改
    • 随时间变化的事件
    • 随时间变化的成功登录
    • 随时间变化的失败登录
    • 最活跃用户
    • 按应用划分的登录
    • 在应用中创建的用户
    • Top 10 错误
    • 按事件数量排列的 Top 10 用户  

本文档对您有帮助吗?

您愿意帮助我们改进文档吗?请告诉我们哪些方面可以做得更好。


很抱歉本文档未能让您满意。我们希望了解可以从哪些方面改进您的体验。


感谢您抽出时间分享反馈。我们将利用您的反馈来改进在线帮助资源。

短链接已复制!