<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base

How to Find Changes Made to an OAG App

Last Updated:

Access Gateway
Okta Classic Engine

Overview

The Admin UI only shows the current config and does not keep track of the previous configuration for a specific app. The changes can only be tracked through the backend shell.

Applies To

  • Okta Access Gateway (OAG)
  • Okta Classic Engine

Solution

These are the instructions to review and audit app configuration:

  1. Login to the appliance shell.

    OAG stores every application config in a unique filename with a specific ID. This ID needs to be retrieved through the following command to track the changes:

    sudo grep 'set $label "' /opt/oag/configs/nginx/conf.d/icsgw_app_*.active.conf | grep -v 'set $label '\'

    In the below example output "Test Header" application has been used which has an application id "c2e20d08-b1aa-4d66-9d97-989ba6d20017": 

    /opt/oag/configs/nginx/conf.d/icsgw_app_c2e20d08-b1aa-4d66-9d97-989ba6d20017.active.conf: set $label "Test Header";

  2. Every application event, i.e., create/update or delete, gets stored in /opt/oag/events_processed. This location can only be accessed through the root user. In the following example, the retrieved ID from step 2 has been used to check the last two events:

    sudo su -
    ls -ltr /opt/oag/events_processed/*c2e20d08-b1aa-4d66-9d97-989ba6d20017* | tail -2
    -rw-r--r-- 1 spgw spgw 13515 Jul 11 11:43 /opt/oag/events_processed/app.c2e20d08-b1aa-4d66-9d97-989ba6d20017.create.json.2024-07-11_11:44:10.482049
    -rw-r--r-- 1 spgw spgw 13795 Jul 11 13:41 /opt/oag/events_processed/app.c2e20d08-b1aa-4d66-9d97-989ba6d20017.update.json.2024-07-11_13:45:17.653125

  3. In the output above are two files, one showing a create.json and another showing an update.json. The create.json is when the application was created, and the update.json was when the application was modified or just saved. A diff can be used for both files to check what changes have been made through the update process. The following example shows OAG load balancer setting was updated:

    diff  /opt/oag/events_processed/app.c2e20d08-b1aa-4d66-9d97-989ba6d20017.create.json.2024-07-11_11:44:10.482049  /opt/oag/events_processed/app.c2e20d08-b1aa-4d66-9d97-989ba6d20017.update.json.2024-07-11_13:45:17.653125
    <output_truncated>
    <         "lb_active": true,
    ---
    >         "lb_active": false,
    <output_truncated>

 

Recommended content

Still looking for help?
Loading
Okta Support - How to Find Changes Made to an OAG App