Customizing events

  • There are two types of events:
  • Internal events are defined by Airlock. Those events can't be changed by the administrator. They may be changed with product updates in the future.
  • Customizable events cover events that are highly dependent on the Airlock usage scenario, i.e. the number of requests per second.

Customizable events are configured in the event rule file logsurfer.conf.user.custom. Events that are not configured in this file are internal events and should not be modified.

Do not use event customization as a tool to suppress event messages, i.e., to cover Gateway misconfiguration, system or network problems or alike.

  • Best practice:
  • Thoroughly check overall Gateway and system configuration when events occur frequently or at an unusual pace.
  • Fix the cause of event warnings rather than make adjustments to the event configuration.

Customization example

  • General information:
  • Event configuration affects only future events.
  • Events that are already generated will not be changed.

Before changing the file, create a copy of it for backup reasons.

  1. Instruction step 1 – Backup the logsurfer.conf.user.custom
  2. Backup the logsurfer.conf.user.custom file.
    3. copy
    cd /opt/airlock/custom-settings/logsurfer 
cp logsurfer.conf.user.custom logsurfer.conf.user.custom.orig 
vi logsurfer.conf.user.custom
  3. Adjust the alert to your needs. The file contains comments that describe the default values – you may use them for orientation and information purposes.
    4. copy
    # uncomment to enable/disable the event 
WR_SG_SUMMARY_404_enable=true 
# number of lines needed to trigger the event 
WR_SG_SUMMARY_404_num=50 
# lines are counted during range seconds 
WR_SG_SUMMARY_404_range=60
  4. After changing the logsurfer.conf.user.custom file, the airlock-logsurfer service has to be restarted.
    5. copy
    systemctl restart airlock-logsurfer.service