<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
OAG System Logs Are No Longer Generated in Azure Infrastructure
Jan 13, 2026
Access Gateway
Okta Classic Engine
Okta Identity Engine
Overview

The Azure OAG image uses the waagent and this agent creates logs that are handled by the system.

Applies To
  • Okta Access Gateway (OAG)
  • Azure
  • waagent
  • syslog-ng
Cause

If the file /etc/syslog-ng/conf.d/azuremonitoragent-tcp.conf does not have the correct source, the syslog-ng service will not be able to start because it cannot resolve the value. The symptoms of this will be that no logs for the system will be generated. If log forwarding is used, then no logs will be seen.

Further Investigation

To investigate further, access the shell.

If looking at the log files or trying to tail them, nothing will be shown. The command below will show the logs for the current day and previous day.

ls -l /opt/oag/logs/all/

The following location can be checked if both logs are empty above to see the last time the system was writing logs. Each appliance keep logs for 30 days.

ls -ltr /opt/oag/logs/archive/all/

Refer to this article to troubleshoot why the syslog service is failing.

If the output points to this file /etc/syslog-ng/conf.d/azuremonitoragent-tcp.conf, please follow the steps from the solution section below.

Symptoms of a Failing Service

If the syslog-ng service is not running then management console will fail to connect with the error below. A reboot is currently required in order to connect to the management console when syslog-ng is down.

Symptoms of a failing service

 

Solution

The correct version of the file "/etc/syslog-ng/conf.d/azuremonitoragent-tcp.conf" is shown below: 

# Azure MDSD configuration: syslog forwarding config for mdsd agent
options {};

# during install time, we detect if s_src exist, if it does then we
# replace it by appropriate source name like in redhat 's_sys'
# Forwrding using tcp
destination d_azure_mdsd {
        network("127.0.0.1"
        port(28330)
        flags(no_multi_line)
        log-fifo-size(25000));
};

log {
        source(s_sys); # will be automatically parsed from /etc/syslog-ng/syslog-ng.conf
        destination(d_azure_mdsd);
        flags(flow-control);
};

 

Following is an example of incorrect config created by WAAgent. The difference can be seen in source value i.e. source(s_sys) is the expected config but has been configured as source(s_src) below by the agent.

# Azure MDSD configuration: syslog forwarding config for mdsd agent
options {};

# during install time, we detect if s_src exist, if it does then we
# replace it by appropriate source name like in redhat 's_sys'
# Forwrding using tcp
destination d_azure_mdsd {
        network("127.0.0.1"
        port(28330)
        flags(no_multi_line)
        log-fifo-size(25000));
};

log {
        source(s_src); # will be automatically parsed from /etc/syslog-ng/syslog-ng.conf     <<<<<<<<<<<<<<<<<< 
        destination(d_azure_mdsd);
        flags(flow-control);
};

 

Related References

Recommended content

Still looking for help?
Loading
OAG System Logs Are No Longer Generated in Azure Infrastructure