Created
June 23, 2023 12:07
-
-
Save ritesh/f2ff30e343567b04de62a4c68a859d4c to your computer and use it in GitHub Desktop.
Okta Syslog Schema - via https://developer.okta.com/docs/reference/api/system-log/#logevent-object-annotated-example
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"uuid": "Randomly generated String, Required", | |
"published": "ISO8601 string for timestamp, Required", | |
"eventType": "String, Required", | |
"version": "String, Required", | |
"severity": "String, one of DEBUG, INFO, WARN, ERROR, Required", | |
"legacyEventType": "String, Optional", | |
"displayMessage": "String, Optional", | |
"actor": { | |
"id": "String, Required", | |
"type": "String, Required", | |
"alternateId": "String, Optional", | |
"displayName": "String, Optional", | |
"detailEntry": { | |
"String": "String", | |
"StringResMap": "Resource map" | |
} | |
}, | |
"client": { | |
"userAgent": { | |
"rawUserAgent": "String, Optional", | |
"os": "String, Optional", | |
"browser": "String, Optional" | |
}, | |
"geographicalContext": { | |
"geolocation": { | |
"lat": "Double, Optional", | |
"lon": "Double, Optional" | |
}, | |
"city": "String, Optional", | |
"state": "String, Optional", | |
"country": "String, Optional", | |
"postalCode": "String, Optional" | |
}, | |
"zone": "String, Optional", | |
"ipAddress": "String, Optional", | |
"device": "String, Optional", | |
"id": "String, Optional" | |
}, | |
"outcome": { | |
"result": "String, one of: SUCCESS, FAILURE, SKIPPED, ALLOW, DENY, CHALLENGE, UNKNOWN, Required", | |
"reason": "String, Optional" | |
}, | |
"target": [ | |
{ | |
"id": "String, Required", | |
"type": "String, Required", | |
"alternateId": "String, Optional", | |
"displayName": "String, Optional", | |
"detailEntry": { | |
"String": "String", | |
"StringResMap": "Resource map" | |
} | |
}, | |
{ | |
"id": "String, Required", | |
"type": "String, Required", | |
"alternateId": "String, Optional", | |
"displayName": "String, Optional", | |
"detail": { | |
"String": "String", | |
"StringResMap": "Resource map" | |
} | |
} | |
], | |
"transaction": { | |
"id": "String, Optional", | |
"type": "String one of WEB, JOB, Optional", | |
"detail": { | |
"String": "String", | |
"StringResMap": "Resource map" | |
} | |
}, | |
"debugContext": { | |
"debugData": { | |
"String": "String/Resource Map", | |
"String1": "String/Resource Map", | |
"requestUri": "/api/1/devtools/global/test/orgs/specific", | |
"originalPrincipal": { | |
"id": "00ujchcbjpltartYI0g3", | |
"type": "User", | |
"alternateId": "admin@saasure.com", | |
"displayName": "Piras Add-min" | |
} | |
} | |
}, | |
"authenticationContext": { | |
"authenticationProvider": "String one of OKTA_AUTHENTICATION_PROVIDER, ACTIVE_DIRECTORY, LDAP, FEDERATION, SOCIAL, FACTOR_PROVIDER, Optional", | |
"credentialProvider": "String one of OKTA_CREDENTIAL_PROVIDER, RSA, SYMANTEC, GOOGLE, DUO, YUBIKEY, Optional", | |
"credentialType": "String one of OTP, SMS, PASSWORD, ASSERTION, IWA, EMAIL, OAUTH2, JWT, CERTIFICATE, PRE_SHARED_SYMMETRIC_KEY, OKTA_CLIENT_SESSION, DEVICE_UDID, Optional", | |
"issuer": { | |
"id": "String, Optional", | |
"type": "String Optional" | |
}, | |
"externalSessionId": "String, Optional", | |
"interface": "String, Optional" | |
}, | |
"securityContext": { | |
"asNumber": "Integer, Optional", | |
"asOrg": "String, Optional", | |
"isp": "String, Optional", | |
"domain": "String, Optional", | |
"isProxy": "Boolean, Optional" | |
}, | |
"request": { | |
"ipChain": [ | |
{ | |
"ip": "String, Optional", | |
"geographicalContext": { | |
"geolocation": { | |
"lat": "Double, Optional", | |
"lon": "Double, Optional" | |
}, | |
"city": "String, Optional", | |
"state": "String, Optional", | |
"country": "String, Optional", | |
"postalCode": "String, Optional" | |
}, | |
"version": "String, one of V4, V6 Optional", | |
"source": "String, Optional" | |
} | |
] | |
} | |
} |
Required fields need fixing
use serde_derive::Deserialize;
use serde_derive::Serialize;
#[derive(Default, Debug, Clone, PartialEq, Serialize, Deserialize)]
#[serde(rename_all = "camelCase")]
pub struct Root {
pub uuid: String,
pub published: String,
pub event_type: String,
pub version: String,
pub severity: String,
pub legacy_event_type: String,
pub display_message: String,
pub actor: Actor,
pub client: Client,
pub outcome: Outcome,
pub target: Vec<Target>,
pub transaction: Transaction,
pub debug_context: DebugContext,
pub authentication_context: AuthenticationContext,
pub security_context: SecurityContext,
pub request: Request,
}
#[derive(Default, Debug, Clone, PartialEq, Serialize, Deserialize)]
#[serde(rename_all = "camelCase")]
pub struct Actor {
pub id: String,
#[serde(rename = "type")]
pub type_field: String,
pub alternate_id: String,
pub display_name: String,
pub detail_entry: DetailEntry,
}
#[derive(Default, Debug, Clone, PartialEq, Serialize, Deserialize)]
#[serde(rename_all = "camelCase")]
pub struct DetailEntry {
#[serde(rename = "String")]
pub string: String,
#[serde(rename = "StringResMap")]
pub string_res_map: String,
}
#[derive(Default, Debug, Clone, PartialEq, Serialize, Deserialize)]
#[serde(rename_all = "camelCase")]
pub struct Client {
pub user_agent: UserAgent,
pub geographical_context: GeographicalContext,
pub zone: String,
pub ip_address: String,
pub device: String,
pub id: String,
}
#[derive(Default, Debug, Clone, PartialEq, Serialize, Deserialize)]
#[serde(rename_all = "camelCase")]
pub struct UserAgent {
pub raw_user_agent: String,
pub os: String,
pub browser: String,
}
#[derive(Default, Debug, Clone, PartialEq, Serialize, Deserialize)]
#[serde(rename_all = "camelCase")]
pub struct GeographicalContext {
pub geolocation: Geolocation,
pub city: String,
pub state: String,
pub country: String,
pub postal_code: String,
}
#[derive(Default, Debug, Clone, PartialEq, Serialize, Deserialize)]
#[serde(rename_all = "camelCase")]
pub struct Geolocation {
pub lat: String,
pub lon: String,
}
#[derive(Default, Debug, Clone, PartialEq, Serialize, Deserialize)]
#[serde(rename_all = "camelCase")]
pub struct Outcome {
pub result: String,
pub reason: String,
}
#[derive(Default, Debug, Clone, PartialEq, Serialize, Deserialize)]
#[serde(rename_all = "camelCase")]
pub struct Target {
pub id: String,
#[serde(rename = "type")]
pub type_field: String,
pub alternate_id: String,
pub display_name: String,
pub detail_entry: Option<DetailEntry2>,
pub detail: Option<Detail>,
}
#[derive(Default, Debug, Clone, PartialEq, Serialize, Deserialize)]
#[serde(rename_all = "camelCase")]
pub struct DetailEntry2 {
#[serde(rename = "String")]
pub string: String,
#[serde(rename = "StringResMap")]
pub string_res_map: String,
}
#[derive(Default, Debug, Clone, PartialEq, Serialize, Deserialize)]
#[serde(rename_all = "camelCase")]
pub struct Detail {
#[serde(rename = "String")]
pub string: String,
#[serde(rename = "StringResMap")]
pub string_res_map: String,
}
#[derive(Default, Debug, Clone, PartialEq, Serialize, Deserialize)]
#[serde(rename_all = "camelCase")]
pub struct Transaction {
pub id: String,
#[serde(rename = "type")]
pub type_field: String,
pub detail: Detail2,
}
#[derive(Default, Debug, Clone, PartialEq, Serialize, Deserialize)]
#[serde(rename_all = "camelCase")]
pub struct Detail2 {
#[serde(rename = "String")]
pub string: String,
#[serde(rename = "StringResMap")]
pub string_res_map: String,
}
#[derive(Default, Debug, Clone, PartialEq, Serialize, Deserialize)]
#[serde(rename_all = "camelCase")]
pub struct DebugContext {
pub debug_data: DebugData,
}
#[derive(Default, Debug, Clone, PartialEq, Serialize, Deserialize)]
#[serde(rename_all = "camelCase")]
pub struct DebugData {
#[serde(rename = "String")]
pub string: String,
#[serde(rename = "String1")]
pub string1: String,
pub request_uri: String,
pub original_principal: OriginalPrincipal,
}
#[derive(Default, Debug, Clone, PartialEq, Serialize, Deserialize)]
#[serde(rename_all = "camelCase")]
pub struct OriginalPrincipal {
pub id: String,
#[serde(rename = "type")]
pub type_field: String,
pub alternate_id: String,
pub display_name: String,
}
#[derive(Default, Debug, Clone, PartialEq, Serialize, Deserialize)]
#[serde(rename_all = "camelCase")]
pub struct AuthenticationContext {
pub authentication_provider: String,
pub credential_provider: String,
pub credential_type: String,
pub issuer: Issuer,
pub external_session_id: String,
pub interface: String,
}
#[derive(Default, Debug, Clone, PartialEq, Serialize, Deserialize)]
#[serde(rename_all = "camelCase")]
pub struct Issuer {
pub id: String,
#[serde(rename = "type")]
pub type_field: String,
}
#[derive(Default, Debug, Clone, PartialEq, Serialize, Deserialize)]
#[serde(rename_all = "camelCase")]
pub struct SecurityContext {
pub as_number: String,
pub as_org: String,
pub isp: String,
pub domain: String,
pub is_proxy: String,
}
#[derive(Default, Debug, Clone, PartialEq, Serialize, Deserialize)]
#[serde(rename_all = "camelCase")]
pub struct Request {
pub ip_chain: Vec<IpChain>,
}
#[derive(Default, Debug, Clone, PartialEq, Serialize, Deserialize)]
#[serde(rename_all = "camelCase")]
pub struct IpChain {
pub ip: String,
pub geographical_context: GeographicalContext2,
pub version: String,
pub source: String,
}
#[derive(Default, Debug, Clone, PartialEq, Serialize, Deserialize)]
#[serde(rename_all = "camelCase")]
pub struct GeographicalContext2 {
pub geolocation: Geolocation2,
pub city: String,
pub state: String,
pub country: String,
pub postal_code: String,
}
#[derive(Default, Debug, Clone, PartialEq, Serialize, Deserialize)]
#[serde(rename_all = "camelCase")]
pub struct Geolocation2 {
pub lat: String,
pub lon: String,
}
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
{ "$schema": "http://json-schema.org/draft-06/schema#", "$ref": "#/definitions/Welcome8", "definitions": { "Welcome8": { "type": "object", "additionalProperties": false, "properties": { "uuid": { "type": "string" }, "published": { "type": "string" }, "eventType": { "type": "string" }, "version": { "type": "string" }, "severity": { "type": "string" }, "legacyEventType": { "type": "string" }, "displayMessage": { "type": "string" }, "actor": { "$ref": "#/definitions/Actor" }, "client": { "$ref": "#/definitions/Client" }, "outcome": { "$ref": "#/definitions/Outcome" }, "target": { "type": "array", "items": { "$ref": "#/definitions/Actor" } }, "transaction": { "$ref": "#/definitions/Transaction" }, "debugContext": { "$ref": "#/definitions/DebugContext" }, "authenticationContext": { "$ref": "#/definitions/AuthenticationContext" }, "securityContext": { "$ref": "#/definitions/SecurityContext" }, "request": { "$ref": "#/definitions/Request" } }, "required": [ "actor", "authenticationContext", "client", "debugContext", "displayMessage", "eventType", "legacyEventType", "outcome", "published", "request", "securityContext", "severity", "target", "transaction", "uuid", "version" ], "title": "Welcome8" }, "Detail": { "type": "object", "additionalProperties": false, "properties": { "String": { "type": "string" }, "StringResMap": { "type": "string" } }, "required": [ "String", "StringResMap" ], "title": "Detail" }, "AuthenticationContext": { "type": "object", "additionalProperties": false, "properties": { "authenticationProvider": { "type": "string" }, "credentialProvider": { "type": "string" }, "credentialType": { "type": "string" }, "issuer": { "$ref": "#/definitions/Issuer" }, "externalSessionId": { "type": "string" }, "interface": { "type": "string" } }, "required": [ "authenticationProvider", "credentialProvider", "credentialType", "externalSessionId", "interface", "issuer" ], "title": "AuthenticationContext" }, "Issuer": { "type": "object", "additionalProperties": false, "properties": { "id": { "type": "string" }, "type": { "type": "string" } }, "required": [ "id", "type" ], "title": "Issuer" }, "Client": { "type": "object", "additionalProperties": false, "properties": { "userAgent": { "$ref": "#/definitions/UserAgent" }, "geographicalContext": { "$ref": "#/definitions/GeographicalContext" }, "zone": { "type": "string" }, "ipAddress": { "type": "string" }, "device": { "type": "string" }, "id": { "type": "string" } }, "required": [ "device", "geographicalContext", "id", "ipAddress", "userAgent", "zone" ], "title": "Client" }, "GeographicalContext": { "type": "object", "additionalProperties": false, "properties": { "geolocation": { "$ref": "#/definitions/Geolocation" }, "city": { "type": "string" }, "state": { "type": "string" }, "country": { "type": "string" }, "postalCode": { "type": "string" } }, "required": [ "city", "country", "geolocation", "postalCode", "state" ], "title": "GeographicalContext" }, "Geolocation": { "type": "object", "additionalProperties": false, "properties": { "lat": { "type": "string" }, "lon": { "type": "string" } }, "required": [ "lat", "lon" ], "title": "Geolocation" }, "UserAgent": { "type": "object", "additionalProperties": false, "properties": { "rawUserAgent": { "type": "string" }, "os": { "type": "string" }, "browser": { "type": "string" } }, "required": [ "browser", "os", "rawUserAgent" ], "title": "UserAgent" }, "DebugContext": { "type": "object", "additionalProperties": false, "properties": { "debugData": { "$ref": "#/definitions/DebugData" } }, "required": [ "debugData" ], "title": "DebugContext" }, "DebugData": { "type": "object", "additionalProperties": false, "properties": { "String": { "type": "string" }, "String1": { "type": "string" }, "requestUri": { "type": "string" }, "originalPrincipal": { "$ref": "#/definitions/Actor" } }, "required": [ "String", "String1", "originalPrincipal", "requestUri" ], "title": "DebugData" }, "Outcome": { "type": "object", "additionalProperties": false, "properties": { "result": { "type": "string" }, "reason": { "type": "string" } }, "required": [ "reason", "result" ], "title": "Outcome" }, "Request": { "type": "object", "additionalProperties": false, "properties": { "ipChain": { "type": "array", "items": { "$ref": "#/definitions/IPChain" } } }, "required": [ "ipChain" ], "title": "Request" }, "IPChain": { "type": "object", "additionalProperties": false, "properties": { "ip": { "type": "string" }, "geographicalContext": { "$ref": "#/definitions/GeographicalContext" }, "version": { "type": "string" }, "source": { "type": "string" } }, "required": [ "geographicalContext", "ip", "source", "version" ], "title": "IPChain" }, "SecurityContext": { "type": "object", "additionalProperties": false, "properties": { "asNumber": { "type": "string" }, "asOrg": { "type": "string" }, "isp": { "type": "string" }, "domain": { "type": "string" }, "isProxy": { "type": "string" } }, "required": [ "asNumber", "asOrg", "domain", "isProxy", "isp" ], "title": "SecurityContext" }, "Actor": { "type": "object", "additionalProperties": false, "properties": { "id": { "type": "string" }, "type": { "type": "string" }, "alternateId": { "type": "string" }, "displayName": { "type": "string" }, "detailEntry": { "$ref": "#/definitions/Detail" }, "detail": { "$ref": "#/definitions/Detail" } }, "required": [ "alternateId", "displayName", "id", "type" ], "title": "Actor" }, "Transaction": { "type": "object", "additionalProperties": false, "properties": { "id": { "type": "string" }, "type": { "type": "string" }, "detail": { "$ref": "#/definitions/Detail" } }, "required": [ "detail", "id", "type" ], "title": "Transaction" } } }