Events

This table lists all existing events including a countermeasure.

Note that some events are customizable. See: Customizing events

Event ID
Log level
Text
Countermeasure
EVENT_SY-C-04-80010-000
notice
Update successfully installed
-
EVENT_SY-C-04-80020-100
error
Update installation failed
Login to console with user "menu" and check the update installation log. Try reinstalling the update.
EVENT_SY-C-70-01400-100
warn
Invalid license information
Install a valid license under "Server Settings" in the Configuration Center.
EVENT_SY-C-70-01420-100
crit
Number of concurrent authenticated sessions exceeds license limit
Request a license with more authenticated sessions.
EVENT_SY-C-ACTIVATION
notice
New Configuration activated
-
EVENT_SY-C-CCLOGIN-FAIL
warn
Multiple failed login attempts to Configuration Center
-
EVENT_SY-C-CCLOGIN-OK
info
Successful Configuration Center login
-
EVENT_SY-C-CCUSER-ADD
notice
User 'root' has added the new administrator
A new user was added for Configuration Center.
EVENT_SY-C-CCUSER-DEL
notice
User 'root' has deleted the administrator
A Configuration Center user was deleted.
EVENT_SY-C-CCUSER-DIS
notice
User 'root' has disabled the account of administrator
An account of a Configuration Center user was disabled.
EVENT_SY-C-CCUSER-ENA
notice
User 'root' has enabled the account of administrator
An account of a Configuration Center user was enabled.
EVENT_SY-C-CCUSER-PWD
notice
User 'root' has set a new password for administrator
The password for a Configuration Center user was changed.
EVENT_SY-C-CCUSER-REN
notice
User 'root' has changed the name of administrator
An account of a Configuration Center user was renamed.
EVENT_SY-C-CCUSER-ROL
notice
User 'root' has changed the roles for administrator
New roles for a Configuration Center user were set.
EVENT_SY-C-LICENSE-100
warn
The licensed request rate was exceeded in the last hour
EVENT_SY-C-SG-CONF-581
info
Resource illegal, using default value
Contact Airlock support.
EVENT_SY-C-SG-TIME-301
info
Security gate running in tracemode, this affects performance
If not enabled intentionally, disable trace mode in "Log Settings" in Configuration Center.
EVENT_SY-H-CRLG-500
warn
Content of CRL file(s) is not ok
Upload the CRL file again, verify that CRL file is valid.
EVENT_SY-H-CRLG-501
error
Access to CRL file(s) failed
Contact Airlock support.
EVENT_SY-H-DBSYNC-FAIL
error
Database synchronization with passive Airlock failed, stateful fail-over will not work
Contact Airlock support.
EVENT_SY-H-DBSYNC-OK
info
Database synchronization with passive Airlock successful
-
EVENT_SY-H-DSK-FAIL
error
Disk I/O error
Replace the broken disk.
EVENT_SY-H-DSK-SMART-FAIL
warn
SMART disk self-check failed
Replace the broken disk.
EVENT_SY-H-FS-FULL
crit
File system full
Delete some files from indicated partition.
EVENT_SY-H-LOG-CONF
warn
Log configuration is not optimal
Read linked and tweak your settings or replace the harddrive with a bigger model.
EVENT_SY-H-ML-SVC-CDB-ALMOST
warn
Cold DB is 90% full
EVENT_SY-H-ML-SVC-CDB-DROP-ENTRIES
warn
Dropping new data due to full cold DB
EVENT_SY-H-ML-SVC-CDB-FULL
error
Cold DB is full
EVENT_SY-H-MON-BE-FAIL
warn
Back-end checks results caused this airlock switching to offline (bad back-end servers)
EVENT_SY-H-MON-BE-OK
info
Back-end checks results caused this airlock switching to online (healthy back-end servers)
EVENT_SY-H-MON-LICG-500
warn
License will soon expire
Contact Airlock support for a new license.
EVENT_SY-H-MON-LICG-600
error
License has expired
Contact Airlock support for a new license.
EVENT_SY-H-PROC-300
warn
Busy child processes threshold reached
-
EVENT_SY-H-PROC-310
warn
All security gate processes are busy. MaxProcs reached.
EVENT_SY-H-PROC-320
warn
All security gate processes are busy.
EVENT_SY-H-mon-failo-800
error
Failover system could not start
Verify your failover configuration is correct.
EVENT_SY-N-30-01010-000
warn
Failover switch to active (takeover)
Check the partner machine for reasons for the takeover.
EVENT_SY-N-30-02006-100
warn
Failover switch to passive (switch back)
-
EVENT_SY-N-30-02011-101
info
Failover healthcheck failed
If this happens repeatedly, check if there is a network problem.
EVENT_SY-N-addon-tomcat-600
error
Addon tomcat is terminated unexpectedly
EVENT_SY-N-failo-pchk
info
Failover partner state unreadable
Check your cluster configuration and make sure the network topology allows the two failover nodes to contact each other.
EVENT_SY-S-LE-CREATE
info
Created Let's Encrypt certificates
-
EVENT_SY-S-LE-FAIL
error
Something went wrong during updating a Let's Encrypt certificate
Check logs.
EVENT_SY-S-LE-RENEW
info
Renewed Let's Encrypt certificates
-
EVENT_SY-S-MON-CRL-EOLG-500
info
SSL CRL expires in 30 days
EVENT_SY-S-MON-CRL-EOLG-510
notice
SSL CRL expires in 7 days
Refresh CRL.
EVENT_SY-S-MON-CRL-EOLG-520
warn
SSL CRL expires in 1 day
Refresh CRL.
EVENT_SY-S-MON-CRL-EOLG-600
error
SSL CRL expired
Refresh CRL.
EVENT_SY-S-MON-SSL-EOLG-500
warn
SSL certificate will soon expire
Replace SSL certificate.
EVENT_SY-S-MON-SSL-EOLG-600
error
SSL certificate has expired
Replace SSL certificate.
EVENT_SY-Y-SSH-LOGIN-FAIL
warn
Failed SSH logins
Check if failed logins are caused by a password typo or are an attempt to gain illegal access to your Airlock.
EVENT_SY-Y-SSH-LOGIN-OK
notice
Successful SSH login
-
EVENT_SY-Y-TTY-LOGIN-FAIL
warn
Failed console login
Check if failed logins are caused by a password typo or are an attempt to gain illegal access to your Airlock.
EVENT_SY-Y-TTY-LOGIN-OK
notice
Successful console login
-
EVENT_SY-Y-notify-mapping
warn
Mapping is in NOTIFY mode and thus not able to protect your application
Disable NOTIFY mode if mapping is used for production.
EVENT_WR-H-70-01200-100
crit
Serious internal error in security gateway
Contact Airlock support.
EVENT_WR-H-70-01421-100
crit
Number of concurrent sessions per source IP exceeded
If not needed disable under "Session settings" or set a bigger limit.
EVENT_WR-H-ICAP-501
warn
Possible ICAP problem - response time repeatedly too high
Verify that there is no network problem with the ICAP server.
EVENT_WR-H-LBAL-022-BAD
info
Back-end Host changed state to BAD
Check your Back-end. Check the logs to find out why the Back-end became BAD.
EVENT_WR-H-LBAL-022-GOOD
info
Back-end Host changed state to GOOD
Check the logs to find out why the Back-end became BAD in the first place.
EVENT_WR-H-backend-500
warn
Possible backend problem - response time repeatedly too high
Check if the high back-end response time was regular or if there is a performance or network problem with the back-end system.
EVENT_WR-Y-attack-600
error
Possible attack - {NUM} blocked requests within {NUM} seconds
Check logs to see if this was an attack or false alarm, adjust threshold if necessary.
EVENT_WR-Y-attack-601
error
Possible attack - {NUM} requests with statuscode 404 within {NUM} seconds
Check logs to see if this was an attack or false alarm, adjust threshold if necessary.
EVENT_WR-Y-reqfilter-300
notice
Traffic or session limits reached, request(s) blocked
See the logs to find out why the limit was reached. Enlarge limits for request frequency filter or session count.
EVENT_WR-Y-sessionstore-300
warn
Session store problem, request(s) blocked