获取任何日志信息的最佳方法是执行您要为测试用户捕获的事件并获取发布时间大于开始时间的 Okta 事件。
例如,我从最终用户设置页面 (https://{org}.okta.com/enduser/settings) 为用户 mfa@thomas-kirk.com 执行了以下事件:
- 设置 Google 身份验证器因素
- 更新了我的安全问题因素
- 重置 Google 身份验证器因素
然后我使用PostMan在测试开始时间后提取所有事件:
/api/v1/events?limit=100&filter=published gt "2015-04-17T18:21:00.000Z"
您可以看到以下输出以供参考:
[
{
"eventId": "tevz7MzV49UT8CkaAY7LwOB_g1429294862000",
"sessionId": "s03khgvyS6nRr61bjallafGHQ",
"requestId": "VTFPDoXpXQ9fcy12eMvbwgAAA6o",
"published": "2015-04-17T18:21:02.000Z",
"action": {
"message": "User set up Google Authenticator factor",
"categories": [],
"objectType": "core.user.factor.activate",
"requestUri": "/user/settings/factors/soft_token/phone_verify"
},
"actors": [
{
"id": "00u3ssydqqKOfez5C0h7",
"displayName": "MFA Test",
"login": "mfa@thomas-kirk.com",
"objectType": "User"
},
{
"id": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.118 Safari/537.36",
"displayName": "CHROME",
"ipAddress": "67.223.10.7",
"objectType": "Client"
}
],
"targets": [
{
"id": "00u3ssydqqKOfez5C0h7",
"displayName": "MFA Test",
"login": "mfa@thomas-kirk.com",
"objectType": "User"
}
]
},
{
"eventId": "tevw_-4GuDETaugWP-m-g7e9w1429294973000",
"sessionId": "s03khgvyS6nRr61bjallafGHQ",
"requestId": "VTFPfXHotREXVB8lhZ@XTAAABLc",
"published": "2015-04-17T18:22:53.000Z",
"action": {
"message": "User updated Security Question factor",
"categories": [],
"objectType": "core.user.factor.update",
"requestUri": "/user/settings/security_question_factor/create"
},
"actors": [
{
"id": "00u3ssydqqKOfez5C0h7",
"displayName": "MFA Test",
"login": "mfa@thomas-kirk.com",
"objectType": "User"
},
{
"id": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.118 Safari/537.36",
"displayName": "CHROME",
"ipAddress": "67.223.10.7",
"objectType": "Client"
}
],
"targets": [
{
"id": "00u3ssydqqKOfez5C0h7",
"displayName": "MFA Test",
"login": "mfa@thomas-kirk.com",
"objectType": "User"
}
]
},
{
"eventId": "tevszF5O0FwTl6Kh3VPuD43zQ1429295053000",
"sessionId": "s03khgvyS6nRr61bjallafGHQ",
"requestId": "VTFPzX72Bs3H2qU5ZzXavQAACiE",
"published": "2015-04-17T18:24:13.000Z",
"action": {
"message": "User reset Google Authenticator factor",
"categories": [],
"objectType": "core.user.factor.deactivate",
"requestUri": "/user/settings/factors/soft_token/phone_deactivate"
},
"actors": [
{
"id": "00u3ssydqqKOfez5C0h7",
"displayName": "MFA Test",
"login": "mfa@thomas-kirk.com",
"objectType": "User"
},
{
"id": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.118 Safari/537.36",
"displayName": "CHROME",
"ipAddress": "67.223.10.7",
"objectType": "Client"
}
],
"targets": [
{
"id": "00u3ssydqqKOfez5C0h7",
"displayName": "MFA Test",
"login": "mfa@thomas-kirk.com",
"objectType": "User"
}
]
},
{
"eventId": "tev9bJOoEHAQEK101ZkEBAnvw1429295150000",
"sessionId": "s01XrjTEzTcRdGT1Zb7FkiOxw",
"requestId": "VTFQLn72Bs3H2qU5ZzXeIwAACeA",
"published": "2015-04-17T18:25:50.000Z",
"action": {
"message": "User set up Google Authenticator factor",
"categories": [],
"objectType": "core.user.factor.activate",
"requestUri": "/user/settings/factors/soft_token/phone_verify"
},
"actors": [
{
"id": "00u3ssydqqKOfez5C0h7",
"displayName": "MFA Test",
"login": "mfa@thomas-kirk.com",
"objectType": "User"
},
{
"id": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.118 Safari/537.36",
"displayName": "CHROME",
"ipAddress": "67.223.10.7",
"objectType": "Client"
}
],
"targets": [
{
"id": "00u3ssydqqKOfez5C0h7",
"displayName": "MFA Test",
"login": "mfa@thomas-kirk.com",
"objectType": "User"
}
]
}
]
这意味着要查询的对象类型是:
- 设置 Google 身份验证器因子:“core.user.factor.activate”
- 更新了我的安全问题因素:“core.user.factor.update”
- 重置 Google 身份验证器因素:“core.user.factor.deactivate”
另请注意:您不能依赖事件 API 来获取实时数据。由于 ETL,Okta 的事件可能会落后。我已经看到事件 API 落后了几个小时。