Submenu – Log Viewer

Airlock Gateway logs and system service logs are stored in an Elasticsearch database. Depending on the configuration, a local or remote Elasticsearch installation is targeted.

Kibana is used to browse logs. A click on the "Log Viewer" menu item opens Kibana in discover view. A number of saved searches are predefined to simplify searching and filtering for specific log messages. The Lucene query language syntax can be used to create search queries.

Kibana is also used for reporting. A number of Airlock Gateway dashboards are predefined:

  • Default: An overview dashboard with aggregated proxy and attacks statistics.
  • Application Statistics: Displays metrics aggregated by virtual hosts and mappings to identify top applications.
  • Attacks: Details visualizations of attacks and their origins.
  • Performance and Troubleshooting: A dashboard for analyzing performance issues and back-end problems.
  • Session statistics: A dashboard with detailed session and header statistics.

The default dashboard is embedded in the Configuration Center and shown after logging in.

Custom reports

The definition of custom searches, visualizations and dashboards is possible. Use the "Visualize" and "Dashboard" view to create new charts. Note however, that custom objects are not backed up. Before resetting the configuration or applying updates, make sure all custom objects are exported using the "Management" view.

Reset logging and reporting

In case the Airlock Gateway default searches or dashboards have been modified or corrupted, there is an option to restore the default configuration. To restore searches and dashboards, log in as user "menu" using ssh, then select 1 (System Management) and 5 (Restore saved searches and dashboards). Make sure to back up custom objects before resetting the configuration.

Disk space management

The time range covered by logs and reports depends on available disk space and traffic volume of the system. When the /var partition has less than 10% space left, old Elasticsearch entries are deleted until at least 20% of the space is free again. If space restrictions on the local Airlock Gateway host are too tight, consider offloading logging and reporting to a remote Elasticsearch installation (see configuration).

Terms of use for WMS service maps.airlock.com

Airlock Gateway reporting uses an external WMS service to provide geographical maps. This service is provided by Ergon Informatik AG through https://maps.airlock.com. The usage of the WMS service is only permitted to visualize Airlock Gateway logs.