Skip to main content

Auth0 Event Stream

Store Auth0 log events in the Secure Audit Log service

Configure the Secure Audit Log service

Secure Audit Log can use multiple configurations. These configurations can help you cover different scenarios with customizable retention time, redacting audit logs, log signing, and more.

To create a configuration for storing Auth0 log events, follow these steps:

  1. Click on the configuration drop-down at the top of the left-hand navigation panel and select + Create New. This action will open the Audit Schema dialog within the Secure Audit Log setup wizard.

  2. In the Audit Schema dialog, select the Auth0-v1.0.0 Log Streaming template from the Select Schema drop-down.

    In the Auth0-v1.0.0 Log Streaming template, you can make the following customizations:

    • Change the Config Name value as you want it to appear in the configuration drop-down.
    • Toggle Visibility, which defines the table header in the list of logs displayed in Secure Audit Log Viewer for this configuration.
  3. Click Next. This action will open the Create a token dialog in the Secure Audit Log setup wizard.

  4. In the Create a token dialog, you can adjust the properties of the configuration-specific access token, associate it with other services, and store it in Vault.

  5. Click Done. This action will close the setup wizard and select the newly created configuration in the configuration drop-down.

  6. Navigate to Overview in the left-hand navigation panel to switch to the Secure Audit Log Overview screen.

  7. From the Configuration Details section in the overview screen, you can copy the Default Token value necessary for accessing the service from Auth0.

    important

    You must use the token associated with the Auth0 Log Streaming configuration.

Configure a log Stream in Auth0

note

The instructions below assume you have an active Auth0 account.

  1. Sign in to your Auth0 Dashboard.

  2. Navigate to Monitoring >> Streams and click + Create Stream. This action will redirect you to the New Event Stream screen.

  3. In the New Event Stream screen, click Custom Webhook. This action will open the Create Event Stream dialog.

  4. In the dialog, provide a name for your log events stream and click Create. Note that you will be able to change it later. This action will create a new Custom Webhook and redirect you to its Settings screen.

  5. In the Settings screen, provide the following input:

    1. Name - You can modify your custom webhook name.

    2. Payload URL - Enter the URL for your Pangea project log-streaming endpoint.

      You can get the endpoint URL from the Secure Audit Log API page:

      1. Navigate to Secure Audit Log in the Pangea User Console.
      2. Click Explore the API in the left-hand navigation panel. This will open the Secure Audit Log API Reference page.
      3. Click /v1/log_stream in the left-hand navigation panel on the Secure Audit Log API Reference page.
      4. Copy the URL for Log streaming endpoint.
    3. Authorization Token - Enter the Authorization header value to access your Secure Audit Log configuration.

      note

      You must provide the Authorization header value in the Bearer <your_token> format.

      After you leave the input, the header value will be masked, but you can view and modify it by placing the cursor back into the input.

    4. Content Type - Leave it as application/json.

    5. Content Format - Select JSON Object.

      important

      The Secure Audit Log service will only accept a single JSON object as a log event.

    6. Filter by Event Category - You can select event categories you'd like to send to the Secure Audit Server or include all log events by leaving the input with the Filter: All value.

    7. Click Save. The updated Setting screen should show a pop-up stating that your log stream configuration was saved.

    note

    Payload Preview displays the JSON structure of the logs sent to the Pangea service. This structure will be reflected in the respective Secure Audit Log record.

  6. Select the Health tab to monitor the status of delivering the log events.

    On the Health tab, under Stream Status, you should see a message stating:

    Stream Status

    Active: Your latest log delivery was successful and we are currently delivering logs. Last Delivery: a few seconds ago

    If any errors occur, they will be displayed in the Errors occurring within the last 5 days section.

    note

    You can initiate streaming log events by saving your custom webhook stream configuration. Alternatively, you can interact with your Auth0 account in a way that aligns with your selection in the Filter by Event Category input.

  7. Successfully delivered Logs will eventually appear in the Log Viewer.

Was this article helpful?

Contact us