Benefits of Sumo Logic for Auth0
Before going through the process of setting up the extension, you may be asking yourself why would I even want to do this? What are the benefits? Using Auth0 as your identity provider allows you to capture a lot of data when users attempt to authenticate with your application. A lot of this data is stored in log files and easily forgotten about. Having this data visualized allows you to stay on top of what is happening in your applications. Sumo Logic makes it easy to see the latest failed logins, find and alert on error messages, create charts to visualize trends, or even do complex statistical analysis on your data. Here are some of the log types that can be collected:- Logins, both successes and failures
- Token exchanges, both successes and failures
- Login failure reasons
- Connection errors
- User signup events
- Password changes
- Rate limiting events
Configuring Sumo Logic to Receive Auth0 Logs
To install the Sumo Logic extension, login to your Sumo Logic account and open up the Setup Wizard from the Manage top-level menu.
On the next screen, you will want to select the Setup Streaming Data option.
For the data type, we will select Your Custom App.
Finally, select HTTP Source as the method for collecting the data logs.
The last section will have you name the source category as well as select a time zone in the event one is not provided.
With the configuration complete, the next screen will display the HTTP endpoint to be used for transmitting our logs.
Copy the HTTP Source URL and click the Continue button to complete the setup wizard. Next, we’ll install the Sumo Logic extension from our Auth0 management dashboard.
Installing the Sumo Logic Extension within Auth0
Installing the Sumo Logic extension is a fairly straightforward process. We only need the HTTP Source URL which we got when we ran through the Setup Wizard. Let’s look at the process for installing the Sumo Logic extension. Log into your Auth0 management dashboard and navigate to the Extensions tab.
Scroll to find the extension title Auth0 Logs to Sumo Logic and select it. A modal dialog will open with a variety of configuration options. We can leave all the default options enabled, we’ll just need to update the SUMOLOGIC URL with the HTTP Source URL we copied earlier. Paste it here and hit save.
By default, this job will run every five minutes. After five minutes have gone by, let’s check our extension and make sure that it ran properly. To do this, we can simply click into our Auth0 Logs to Sumo Logic extension and we will see the Cron job listed. Here, we can see when the job is scheduled to run again, the result of the last time it ran and other information.
We can additionally click on the job name to see an in-depth history.
Now that we have our Sumo Logic extension successfully installed and sending data, let’s go ahead and setup our dashboards in Sumo Logic so we can start making sense of the data.
Installing the Auth0 Dashboards in Sumo Logic
To install the Auth0 Dashboards in Sumo Logic, head over to your Sumo Logic dashboard. From here, select Library from the top level menu. Next, select the last tab titled Preview and you will see the Auth0 application at the very top. Note that at present time the Auth0 app is in Preview state, in the future it may be located in the Apps section.
With the Auth0 app selected, click the Install button to configure and setup the app. Here, all you will need to select is the source category which will be the name you gave to the HTTP Source when we configured it earlier. You don’t have to remember the name as you will select the source from a dropdown list.
We can leave all the other settings to their default values and just click the Install button to finish installing the app. To make sure the app is successfully installed, click on Library from your top level menu and select the tab titled Personal. You should see a new folder titled Auth0 and if you select it, you’ll see the two dashboards and all the predefined queries you can run.
In the next section, we’ll take a look at the two dashboards Auth0 has created for us.
Learning the Auth0 Dashboards
We have created two different dashboards to better help you visualize and analyze the log data. The Overview dashboard allows you to visualize general login data while the Connections and Clients dashboard focuses primarily on showing you how and from where your users are logging in. Let’s look at deeper look into each of the dashboards.1. Overview Dashboard
The Overview dashboard provides a visual summary of login activity for your application. This dashboard is useful to quickly get a pulse on popular users, login success and fail rates, MFA usage, and the like.
- Login Event by Location. Performs a geo lookup operation and displays user logins based on IP address on a map of the world for the last 24 hours.
- Logins per Hour. Displays a line chart on a timeline showing the number of failed and successful logins per hour, over the last seven days.
- Top 10 Users by Successful Login. Shows a table chart with the top ten users with the most successful logins, including user name and count for the last 24 hours.
- Top 10 Users by Failed Login. Provides a table chart with the top ten users with the most failed logins, including user name and count for the last 24 hours.
- Top 10 Source IPs by Failed Login. Displays a table chart with a list of ten source IP addresses causing the most failed logins, including IP and count, for the last 24 hours.
- Top 10 User Agents. Displays the top ten most popular user agents in a pie chart from all connections for the last seven days.
- Top 10 Operating Systems. Shows the top ten most popular operating systems based on user agent in a pie chart for the last seven days.
- Guardian MFA Activity. Displays a line chart on a timeline showing the number of each Guardian MFA event per hour for the last seven days.
2. Connections and Clients Dashboard
The Connections and Clients dashboard visualizes the logs that deal with how users are logging into your applications. This dashboard contains information such as countries, clients, and amount of times users login to specific clients.
- Logins by Client and Country. Displays a stacked bar chart showing the number of successful logins for the last 24 hours, grouped by both client and country name. This visualizes the relative popularity of each client overall, as well as in a given country.
- Logins by Client per Day.mShows a stacked bar chart on a timeline showing the number of successful logins for the last seven days, grouped by client per day. This shows the popularity of each client over the past week, and the relative popularity among clients.
- Connection Types per Hour. Provides a line chart on a timeline of the connection types used for the past seven days.
- Client Version Usage. Displays a line chart on a timeline of the Auth0 library version being used by all clients for the past seven days. This is useful to detect outdated clients, as well as to track upgrades.
- Top 10 Clients. Shows a table chart that lists the ten most popular clients, including client name and count for the past 24 hours.
- Top 10 Recent Errors. Provides a table chart with a list of the ten most frequent errors, including details on client name, connection, description and count for the last 24 hours. This is useful for discovering and troubleshooting operational issues.
- Logins by Client per Day. Shows a stacked bar chart on a timeline showing the number of successful logins for the last seven days, grouped by client per day. This shows the popularity of each client over the past week, and the relative popularity among clients.
- Connection Types per Hour. Provides a line chart on a timeline of the connection types used for the past seven days.
- Client Version Usage. Displays a line chart on a timeline of the Auth0 library version being used by all clients for the past seven days. This is useful to detect outdated clients, as well as to track upgrades.
- Top 10 Clients. Shows a table chart that lists the ten most popular clients, including client name and count for the past 24 hours.
- Top 10 Recent Errors. Provides a table chart with a list of the ten most frequent errors, including details on client name, connection, description and count for the last 24 hours. This is useful for discovering and troubleshooting operational issues.
How to Learn More
For additional learning on Auth0, please visit their site. For a video on how to configure the Sumo Logic App for Auth0, please watch hereComplete visibility for DevSecOps
Reduce downtime and move from reactive to proactive monitoring.
