This table lists all existing events, including countermeasures. See also List of frequent events for additional information about how to deal with frequent events.
Note that some events are customizable. See: Customizing events
Event ID | Log level | Text | Countermeasure |
|---|---|---|---|
EVENT_SY-C-04-80010-000 | notice | Update successfully installed | - |
EVENT_SY-C-04-80020-100 | error | Update installation failed | Login to console with user "menu" and check the update installation log. Try reinstalling the update. |
EVENT_SY-C-70-01400-100 | warn | Invalid license information | Install a valid license under "Server Settings" in the Configuration Center. |
EVENT_SY-C-70-01420-100 | crit | Number of concurrent authenticated sessions exceeds license limit | Request a license with more authenticated sessions. |
EVENT_SY-C-ACTIVATION | notice | New Configuration activated | - |
EVENT_SY-C-CCLOGIN-FAIL | warn | Multiple failed login attempts to Configuration Center | - |
EVENT_SY-C-CCLOGIN-OK | info | Successful Configuration Center login | - |
EVENT_SY-C-CCUSER-ADD | notice | User 'root' has added the new administrator | A new user was added for Configuration Center. |
EVENT_SY-C-CCUSER-DEL | notice | User 'root' has deleted the administrator | A Configuration Center user was deleted. |
EVENT_SY-C-CCUSER-DIS | notice | User 'root' has disabled the account of administrator | An account of a Configuration Center user was disabled. |
EVENT_SY-C-CCUSER-ENA | notice | User 'root' has enabled the account of administrator | An account of a Configuration Center user was enabled. |
EVENT_SY-C-CCUSER-PWD | notice | User 'root' has set a new password for administrator | The password for a Configuration Center user was changed. |
EVENT_SY-C-CCUSER-REN | notice | User 'root' has changed the name of administrator | An account of a Configuration Center user was renamed. |
EVENT_SY-C-CCUSER-ROL | notice | User 'root' has changed the roles for administrator | New roles for a Configuration Center user were set. |
EVENT_SY-C-LICENSE-100 | warn | The licensed request rate was exceeded in the last hour | |
EVENT_SY-C-SG-CONF-581 | info | Resource illegal, using default value | Contact Airlock support. |
EVENT_SY-C-SG-TIME-301 | info | Security gate running in tracemode, this affects performance | If not enabled intentionally, disable trace mode in "Log Settings" in Configuration Center. |
EVENT_SY-H-CRLG-500 | warn | Content of CRL file(s) is not ok | Upload the CRL file again, verify that CRL file is valid. |
EVENT_SY-H-CRLG-501 | error | Access to CRL file(s) failed | Contact Airlock support. |
EVENT_SY-H-DBSYNC-FAIL | error | Database synchronization with passive Airlock failed, stateful fail-over will not work | Contact Airlock support. |
EVENT_SY-H-DBSYNC-OK | info | Database synchronization with passive Airlock successful | - |
EVENT_SY-H-DSK-FAIL | error | Disk I/O error | Replace the broken disk. |
EVENT_SY-H-DSK-SMART-FAIL | warn | SMART disk self-check failed | Replace the broken disk. |
EVENT_SY-H-FS-FULL | crit | File system full | Delete some files from indicated partition. |
EVENT_SY-H-ML-SVC-CDB-ALMOST | warn | Cold DB is 90% full | |
EVENT_SY-H-ML-SVC-CDB-DROP-ENTRIES | warn | Dropping new data due to full cold DB | |
EVENT_SY-H-ML-SVC-CDB-FULL | error | Cold DB is full | |
EVENT_SY-H-MON-BE-FAIL | warn | Back-end checks results caused this airlock switching to offline (bad back-end servers) | |
EVENT_SY-H-MON-BE-OK | info | Back-end checks results caused this airlock switching to online (healthy back-end servers) | |
EVENT_SY-H-mon-failo-800 | error | Failover system could not start | Verify your failover configuration is correct. |
EVENT_SY-H-MON-LICG-500 | warn | License will soon expire | Contact Airlock support for a new license. |
EVENT_SY-H-MON-LICG-600 | error | License has expired | Contact Airlock support for a new license. |
EVENT_SY-H-PROC-300 | warn | Busy child processes threshold reached | - |
EVENT_SY-H-PROC-310 | warn | All security gate processes are busy. MaxProcs reached. | |
EVENT_SY-H-PROC-320 | warn | All security gate processes are busy. | |
EVENT_SY-N-30-01010-000 | warn | Failover switch to active (takeover) | Check the partner machine for reasons for the takeover. |
EVENT_SY-N-30-02006-100 | warn | Failover switch to passive (switch back) | - |
EVENT_SY-N-30-02011-101 | info | Failover healthcheck failed | If this happens repeatedly, check if there is a network problem. |
EVENT_SY-N-addon-tomcat-600 | error | Addon tomcat is terminated unexpectedly | |
EVENT_SY-N-failo-pchk | info | Failover partner state unreadable | Check your cluster configuration and make sure the network topology allows the two failover nodes to contact each other. |
EVENT_SY-S-LE-CREATE | info | Created Let's Encrypt certificates | - |
EVENT_SY-S-LE-FAIL | error | Something went wrong during updating a Let's Encrypt certificate | Check logs. |
EVENT_SY-S-LE-RENEW | info | Renewed Let's Encrypt certificates | - |
EVENT_SY-S-MON-CRL-EOLG-500 | info | SSL CRL expires in 30 days | |
EVENT_SY-S-MON-CRL-EOLG-510 | notice | SSL CRL expires in 7 days | Refresh CRL. |
EVENT_SY-S-MON-CRL-EOLG-520 | warn | SSL CRL expires in 1 day | Refresh CRL. |
EVENT_SY-S-MON-CRL-EOLG-600 | error | SSL CRL expired | Refresh CRL. |
EVENT_SY-S-MON-SSL-EOLG-500 | warn | SSL certificate will soon expire | Replace SSL certificate. |
EVENT_SY-S-MON-SSL-EOLG-600 | error | SSL certificate has expired | Replace SSL certificate. |
EVENT_SY-Y-notify-mapping | warn | Mapping is in NOTIFY mode and thus not able to protect your application | Disable NOTIFY mode if mapping is used for production. |
EVENT_SY-Y-SSH-LOGIN-FAIL | warn | Failed SSH logins | Check if failed logins are caused by a password typo or are an attempt to gain illegal access to your Airlock. |
EVENT_SY-Y-SSH-LOGIN-OK | notice | Successful SSH login | - |
EVENT_SY-Y-TTY-LOGIN-FAIL | warn | Failed console login | Check if failed logins are caused by a password typo or are an attempt to gain illegal access to your Airlock. |
EVENT_SY-Y-TTY-LOGIN-OK | notice | Successful console login | - |
EVENT_WR-H-70-01200-100 | crit | Serious internal error in security gateway | Contact Airlock support. |
EVENT_WR-H-70-01421-100 | crit | Number of concurrent sessions per source IP exceeded | If not needed disable under "Session settings" or set a bigger limit. |
EVENT_WR-H-backend-500 | warn | Possible backend problem - response time repeatedly too high | Check if the high back-end response time was regular or if there is a performance or network problem with the back-end system. |
EVENT_WR-H-ICAP-501 | warn | Possible ICAP problem - response time repeatedly too high | Verify that there is no network problem with the ICAP server. |
EVENT_WR-H-LBAL-022-BAD | info | Back-end Host changed state to BAD | Check your Back-end. Check the logs to find out why the Back-end became BAD. |
EVENT_WR-H-LBAL-022-GOOD | info | Back-end Host changed state to GOOD | Check the logs to find out why the Back-end became BAD in the first place. |
EVENT_WR-Y-attack-600 | error | Possible attack - {NUM} blocked requests within {NUM} seconds | Check logs to see if this was an attack or false alarm, adjust threshold if necessary. |
EVENT_WR-Y-attack-601 | error | Possible attack - {NUM} requests with statuscode 404 within {NUM} seconds | Check logs to see if this was an attack or false alarm, adjust threshold if necessary. |
EVENT_WR-Y-reqfilter-300 | notice | Traffic or session limits reached, request(s) blocked | See the logs to find out why the limit was reached. Enlarge limits for request frequency filter or session count. |
EVENT_WR-Y-sessionstore-300 | warn | Session store problem, request(s) blocked |