Skip to main content
Sumo Logic

Collect Logs for Auth0

This procedure explains how to collect error logs from Auth0. 

Log Types

Sumo Logic collects the following log types:

  • Logins, both successes and failures
  • Token exchanges, both successes and failures
  • Warnings during logins
  • User deletion
  • Login failure reasons
  • Connection errors
  • User signup events
  • Verification email events
  • Password changes
  • Rate limiting events
  • Other operational events and errors

For more information about Auth0 logs, see https://auth0.com/docs/api/managemen.../Logs/get_logs

Prerequisites

Use the Auth0 Management Portal to configure the extension.  For more information, see https://auth0.com/docs/extensions/sumologic.

Configure a Collector

Use the Sumo Logic Setup Wizard to configure a Custom App.

Configure a Source

Source type is HTTP.

Source Configuration

  • Name: Required
  • Category:
  • Timestamp Parsing Settings:
    • Enable Timestamp Parsing: True
    • Timezone:  Logs are sent in UTC by default and can be auto detected
    • Timestamp Format: Auto Detect
  • Multi-line Parsing Settings:
    • Detect Messages Spanning Multiple Lines: True
    • Multi Line Boundary: Infer Boundaries

Field Extraction Rules

Parse Expression: json "date", "type", "client_id", "client_name", "ip", "user_id"

Sample Log Messages

Example 1:

{
   "date": "2016-02-23T19:57:29.532Z",
   "type": "sapi",
   "client_id": "AaiyAPdpYdesoKnqjj8HJqRn4T5titww",
   "client_name": "My application Name",
   "ip": "190.257.209.19",
   "location_info": {},
   "details": {},
   "user_id": "auth0|56c75c4e42b6359e98374bc2"
}

Example 2:

{
"date":"2016-11-14T21:50:33.473Z",
"type":"fp",
"description":"Wrong email or password.",
"connection":"Username-Password-Authentication",
"connection_id":"con_ABCDEF",
"client_id":"123987LKJsdfmnb",
"client_name":"www.sumologic.com",
"ip":"198.0.217.157",
"user_agent":"Other 0.0.0 / Other 0.0.0",
"details": {
"error": {
"message":"Wrong email or password."
}
},
"user_id":"auth0|123ASD987",
"user_name":"noone@sumologic.com",
"strategy":"auth0",
"strategy_type":"database",
"_id":"321654987654321654987654321",
"isMobile":false
}

Query Samples

Logins by Client per Day

_collector="productionappauth0Logs_Collector" 
| json "client_name" 
| where client_name != ""
| timeslice by 1d 
| count by _timeslice, client_name 
| transpose row _timeslice column client_name

Client Version Usage

_collector="productionappauth0Logs_Collector" 
| json "auth0_client.name", "auth0_client.version" 
| concat(%auth0_client.name, " ", %auth0_client.version) as auth0_client_version 
| timeslice 1h 
| count by _timeslice, auth0_client_version 
| transpose row _timeslice column auth0_client_version

Top 10 Recent Errors

_collector="productionappauth0Logs_Collector" 
| json "type", "connection", "description", "client_name" 
| where type != "slo" 
| count client_name, connection, description 
| top 10 client_name, connection, description by _count

Sumo Logic App

Now that you have set up collection for Auth0, install the Sumo Logic App for Auth0 to use the preconfigured searches and Dashboards that provide insight into website visitor behavior patterns, monitors server operations, and assists in troubleshooting issues that span entire web server farms.