Events

This table lists all existing events including a countermeasure.

Note that some events are customizable. See: Customizing events

Event ID

Log level

Text

Countermeasure

EVENT_SY-C-04-80010-000

notice

Update successfully installed

-

EVENT_SY-C-04-80020-100

error

Update installation failed

Login to console with user "menu" and check the update installation log. Try reinstalling the update.

EVENT_SY-C-70-01400-100

warn

Invalid license information

Install a valid license under "Server Settings" in the Configuration Center.

EVENT_SY-C-70-01420-100

crit

Number of concurrent authenticated sessions exceeds license limit

Request a license with more authenticated sessions.

EVENT_SY-C-ACTIVATION

notice

New Configuration activated

-

EVENT_SY-C-CCLOGIN-FAIL

warn

Multiple failed login attempts to Configuration Center

-

EVENT_SY-C-CCLOGIN-OK

info

Successful Configuration Center login

-

EVENT_SY-C-CCUSER-ADD

notice

User 'root' has added the new administrator

A new user was added for Configuration Center.

EVENT_SY-C-CCUSER-DEL

notice

User 'root' has deleted the administrator

A Configuration Center user was deleted.

EVENT_SY-C-CCUSER-DIS

notice

User 'root' has disabled the account of administrator

An account of a Configuration Center user was disabled.

EVENT_SY-C-CCUSER-ENA

notice

User 'root' has enabled the account of administrator

An account of a Configuration Center user was enabled.

EVENT_SY-C-CCUSER-PWD

notice

User 'root' has set a new password for administrator

The password for a Configuration Center user was changed.

EVENT_SY-C-CCUSER-REN

notice

User 'root' has changed the name of administrator

An account of a Configuration Center user was renamed.

EVENT_SY-C-CCUSER-ROL

notice

User 'root' has changed the roles for administrator

New roles for a Configuration Center user were set.

EVENT_SY-C-LICENSE-100

warn

The licensed request rate was exceeded in the last hour

EVENT_SY-C-SG-CONF-581

info

Resource illegal, using default value

Contact Airlock support.

EVENT_SY-C-SG-TIME-301

info

Security gate running in tracemode, this affects performance

If not enabled intentionally, disable trace mode in "Log Settings" in Configuration Center.

EVENT_SY-H-CRLG-500

warn

Content of CRL file(s) is not ok

Upload the CRL file again, verify that CRL file is valid.

EVENT_SY-H-CRLG-501

error

Access to CRL file(s) failed

Contact Airlock support.

EVENT_SY-H-DBSYNC-FAIL

error

Database synchronization with passive Airlock failed, stateful fail-over will not work

Contact Airlock support.

EVENT_SY-H-DBSYNC-OK

info

Database synchronization with passive Airlock successful

-

EVENT_SY-H-DSK-FAIL

error

Disk I/O error

Replace the broken disk.

EVENT_SY-H-DSK-SMART-FAIL

warn

SMART disk self-check failed

Replace the broken disk.

EVENT_SY-H-FS-FULL

crit

File system full

Delete some files from indicated partition.

EVENT_SY-H-ML-SVC-CDB-ALMOST

warn

Cold DB is 90% full

EVENT_SY-H-ML-SVC-CDB-DROP-ENTRIES

warn

Dropping new data due to full cold DB

EVENT_SY-H-ML-SVC-CDB-FULL

error

Cold DB is full

EVENT_SY-H-MON-BE-FAIL

warn

Back-end checks results caused this airlock switching to offline (bad back-end servers)

EVENT_SY-H-MON-BE-OK

info

Back-end checks results caused this airlock switching to online (healthy back-end servers)

EVENT_SY-H-MON-LICG-500

warn

License will soon expire

Contact Airlock support for a new license.

EVENT_SY-H-MON-LICG-600

error

License has expired

Contact Airlock support for a new license.

EVENT_SY-H-PROC-300

warn

Busy child processes threshold reached

-

EVENT_SY-H-PROC-310

warn

All security gate processes are busy. MaxProcs reached.

EVENT_SY-H-PROC-320

warn

All security gate processes are busy.

EVENT_SY-H-mon-failo-800

error

Failover system could not start

Verify your failover configuration is correct.

EVENT_SY-N-30-01010-000

warn

Failover switch to active (takeover)

Check the partner machine for reasons for the takeover.

EVENT_SY-N-30-02006-100

warn

Failover switch to passive (switch back)

-

EVENT_SY-N-30-02011-101

info

Failover healthcheck failed

If this happens repeatedly, check if there is a network problem.

EVENT_SY-N-addon-tomcat-600

error

Addon tomcat is terminated unexpectedly

EVENT_SY-N-failo-pchk

info

Failover partner state unreadable

Check your cluster configuration and make sure the network topology allows the two failover nodes to contact each other.

EVENT_SY-S-LE-CREATE

info

Created Let's Encrypt certificates

-

EVENT_SY-S-LE-FAIL

error

Something went wrong during updating a Let's Encrypt certificate

Check logs.

EVENT_SY-S-LE-RENEW

info

Renewed Let's Encrypt certificates

-

EVENT_SY-S-MON-CRL-EOLG-500

info

SSL CRL expires in 30 days

EVENT_SY-S-MON-CRL-EOLG-510

notice

SSL CRL expires in 7 days

Refresh CRL.

EVENT_SY-S-MON-CRL-EOLG-520

warn

SSL CRL expires in 1 day

Refresh CRL.

EVENT_SY-S-MON-CRL-EOLG-600

error

SSL CRL expired

Refresh CRL.

EVENT_SY-S-MON-SSL-EOLG-500

warn

SSL certificate will soon expire

Replace SSL certificate.

EVENT_SY-S-MON-SSL-EOLG-600

error

SSL certificate has expired

Replace SSL certificate.

EVENT_SY-Y-SSH-LOGIN-FAIL

warn

Failed SSH logins

Check if failed logins are caused by a password typo or are an attempt to gain illegal access to your Airlock.

EVENT_SY-Y-SSH-LOGIN-OK

notice

Successful SSH login

-

EVENT_SY-Y-TTY-LOGIN-FAIL

warn

Failed console login

Check if failed logins are caused by a password typo or are an attempt to gain illegal access to your Airlock.

EVENT_SY-Y-TTY-LOGIN-OK

notice

Successful console login

-

EVENT_SY-Y-notify-mapping

warn

Mapping is in NOTIFY mode and thus not able to protect your application

Disable NOTIFY mode if mapping is used for production.

EVENT_WR-H-70-01200-100

crit

Serious internal error in security gateway

Contact Airlock support.

EVENT_WR-H-70-01421-100

crit

Number of concurrent sessions per source IP exceeded

If not needed disable under "Session settings" or set a bigger limit.

EVENT_WR-H-ICAP-501

warn

Possible ICAP problem - response time repeatedly too high

Verify that there is no network problem with the ICAP server.

EVENT_WR-H-LBAL-022-BAD

info

Back-end Host changed state to BAD

Check your Back-end. Check the logs to find out why the Back-end became BAD.

EVENT_WR-H-LBAL-022-GOOD

info

Back-end Host changed state to GOOD

Check the logs to find out why the Back-end became BAD in the first place.

EVENT_WR-H-backend-500

warn

Possible backend problem - response time repeatedly too high

Check if the high back-end response time was regular or if there is a performance or network problem with the back-end system.

EVENT_WR-Y-attack-600

error

Possible attack - {NUM} blocked requests within {NUM} seconds

Check logs to see if this was an attack or false alarm, adjust threshold if necessary.

EVENT_WR-Y-attack-601

error

Possible attack - {NUM} requests with statuscode 404 within {NUM} seconds

Check logs to see if this was an attack or false alarm, adjust threshold if necessary.

EVENT_WR-Y-reqfilter-300

notice

Traffic or session limits reached, request(s) blocked

See the logs to find out why the limit was reached. Enlarge limits for request frequency filter or session count.

EVENT_WR-Y-sessionstore-300

warn

Session store problem, request(s) blocked