Adding custom data to Syslog entries


We are using okta to provide SSO for corporate customers. We are supporting both a JIT flow and a manual user creation flow.

In the manual flow admin users in our application provision users. We use the api/v1/users?activate=true&provider=true to create these users.

In the syslog the event shows that the actor is the service account that created the token we use for administrative operations in okta.

Ideally I would like to have the Actor in the syslog be the user in our application who provisioned the user. (also an Okta user).

I would be satisfied if I could annotate the Syslog entry with a note indicating which user initiated the request.

I would also be satisfied if i could add a custom log entry that encapsulates the changes done through the API and the application user who did them.

This come from a requirement to track the who, what, where, when of any change to a user.

Any thought would be appreciated.