Events
This table lists all existing events, including countermeasures. See also List of frequent events for additional information about how to deal with frequent events.
Event ID | Log level | Text | Countermeasure |
|---|---|---|---|
EVENT_SY-C-04-80010-000 | notice | Update successfully installed | - |
EVENT_SY-C-04-80020-100 | error | Update installation failed | Login to console with user “menu” and check the update installation log. Try reinstalling the update. |
EVENT_SY-C-70-01400-100 | warn | Invalid license information | Install a valid license under “Server Settings” in the Configuration Center. |
EVENT_SY-C-70-01420-100 | crit | Number of concurrent authenticated sessions exceeds license limit | Request a license with more authenticated sessions. |
EVENT_SY-C-ACTIVATION | notice | New Configuration activated | - |
EVENT_SY-C-CCLOGIN-FAIL | warn | Multiple failed login attempts to Configuration Center | - |
EVENT_SY-C-CCLOGIN-OK | info | Successful Configuration Center login | - |
EVENT_SY-C-CCUSER-ADD | notice | User 'root' has added the new administrator | A new user was added for Configuration Center. |
EVENT_SY-C-CCUSER-DEL | notice | User 'root' has deleted the administrator | A Configuration Center user was deleted. |
EVENT_SY-C-CCUSER-DIS | notice | User 'root' has disabled the account of administrator | An account of a Configuration Center user was disabled. |
EVENT_SY-C-CCUSER-ENA | notice | User 'root' has enabled the account of administrator | An account of a Configuration Center user was enabled. |
EVENT_SY-C-CCUSER-PWD | notice | User 'root' has set a new password for administrator | The password for a Configuration Center user was changed. |
EVENT_SY-C-CCUSER-REN | notice | User 'root' has changed the name of administrator | An account of a Configuration Center user was renamed. |
EVENT_SY-C-CCUSER-ROL | notice | User 'root' has changed the roles for administrator | New roles for a Configuration Center user were set. |
EVENT_SY-C-LICENSE-100 | warn | The licensed request rate was exceeded in the last hour | |
EVENT_SY-C-SG-CONF-581 | info | Resource illegal, using default value | Contact Airlock support. |
EVENT_SY-C-SG-TIME-301 | info | Security gate running in tracemode, this affects performance | If not enabled intentionally, disable trace mode in “Log Settings” in Configuration Center. |
EVENT_SY-H-CRLG-500 | warn | Content of CRL file(s) is not ok | Upload the CRL file again, verify that CRL file is valid. |
EVENT_SY-H-CRLG-501 | error | Access to CRL file(s) failed | Contact Airlock support. |
EVENT_SY-H-DBSYNC-FAIL | error | Database synchronization with passive Airlock failed, stateful fail-over will not work | Contact Airlock support. |
EVENT_SY-H-DBSYNC-OK | info | Database synchronization with passive Airlock successful | - |
EVENT_SY-H-DSK-FAIL | error | Disk I/O error | Replace the broken disk. |
EVENT_SY-H-DSK-SMART-FAIL | warn | SMART disk self-check failed | Replace the broken disk. |
EVENT_SY-H-FS-FULL | crit | File system full | Delete some files from indicated partition. |
EVENT_SY-H-ML-SVC-CDB-ALMOST | warn | Cold DB is 90% full | |
EVENT_SY-H-ML-SVC-CDB-DROP-ENTRIES | warn | Dropping new data due to full cold DB | |
EVENT_SY-H-ML-SVC-CDB-FULL | error | Cold DB is full | |
EVENT_SY-H-MON-BE-FAIL | warn | Back-end checks results caused this airlock switching to offline (bad back-end servers) | |
EVENT_SY-H-MON-BE-OK | info | Back-end checks results caused this airlock switching to online (healthy back-end servers) | |
EVENT_SY-H-mon-failo-800 | error | Failover system could not start | Verify your failover configuration is correct. |
EVENT_SY-H-MON-LICG-500 | warn | License will soon expire | Contact Airlock support for a new license. |
EVENT_SY-H-MON-LICG-600 | error | License has expired | Contact Airlock support for a new license. |
EVENT_SY-H-PROC-300 | warn | Busy child processes threshold reached | - |
EVENT_SY-H-PROC-310 | warn | All security gate processes are busy. MaxProcs reached. | |
EVENT_SY-H-PROC-320 | warn | All security gate processes are busy. | |
EVENT_SY-N-30-01010-000 | warn | Failover switch to active (takeover) | Check the partner machine for reasons for the takeover. |
EVENT_SY-N-30-02006-100 | warn | Failover switch to passive (switch back) | - |
EVENT_SY-N-30-02011-101 | info | Failover healthcheck failed | If this happens repeatedly, check if there is a network problem. |
EVENT_SY-N-addon-tomcat-600 | error | Addon tomcat is terminated unexpectedly | |
EVENT_SY-N-failo-pchk | info | Failover partner state unreadable | Check your cluster configuration and make sure the network topology allows the two failover nodes to contact each other. |
EVENT_SY-S-LE-CREATE | info | Created Let's Encrypt certificates | - |
EVENT_SY-S-LE-FAIL | error | Something went wrong during updating a Let's Encrypt certificate | Check logs. |
EVENT_SY-S-LE-RENEW | info | Renewed Let's Encrypt certificates | - |
EVENT_SY-S-MON-CRL-EOLG-500 | info | SSL CRL expires in 30 days | |
EVENT_SY-S-MON-CRL-EOLG-510 | notice | SSL CRL expires in 7 days | Refresh CRL. |
EVENT_SY-S-MON-CRL-EOLG-520 | warn | SSL CRL expires in 1 day | Refresh CRL. |
EVENT_SY-S-MON-CRL-EOLG-600 | error | SSL CRL expired | Refresh CRL. |
EVENT_SY-S-MON-SSL-EOLG-500 | warn | SSL certificate will soon expire | Replace SSL certificate. |
EVENT_SY-S-MON-SSL-EOLG-600 | error | SSL certificate has expired | Replace SSL certificate. |
EVENT_SY-Y-notify-mapping | warn | Mapping is in NOTIFY mode and thus not able to protect your application | Disable NOTIFY mode if mapping is used for production. |
EVENT_SY-Y-SSH-LOGIN-FAIL | warn | Failed SSH logins | Check if failed logins are caused by a password typo or are an attempt to gain illegal access to your Airlock. |
EVENT_SY-Y-SSH-LOGIN-OK | notice | Successful SSH login | - |
EVENT_SY-Y-TTY-LOGIN-FAIL | warn | Failed console login | Check if failed logins are caused by a password typo or are an attempt to gain illegal access to your Airlock. |
EVENT_SY-Y-TTY-LOGIN-OK | notice | Successful console login | - |
EVENT_WR-H-70-01200-100 | crit | Serious internal error in security gateway | Contact Airlock support. |
EVENT_WR-H-70-01421-100 | crit | Number of concurrent sessions per source IP exceeded | If not needed disable under “Session settings” or set a bigger limit. |
EVENT_WR-H-backend-500 | warn | Possible backend problem - response time repeatedly too high | Check if the high back-end response time was regular or if there is a performance or network problem with the back-end system. |
EVENT_WR-H-ICAP-501 | warn | Possible ICAP problem - response time repeatedly too high | Verify that there is no network problem with the ICAP server. |
EVENT_WR-H-LBAL-022-BAD | info | Back-end Host changed state to BAD | Check your Back-end. Check the logs to find out why the Back-end became BAD. |
EVENT_WR-H-LBAL-022-GOOD | info | Back-end Host changed state to GOOD | Check the logs to find out why the Back-end became BAD in the first place. |
EVENT_WR-Y-attack-600 | error | Possible attack - {NUM} blocked requests within {NUM} seconds | Check logs to see if this was an attack or false alarm, adjust threshold if necessary. |
EVENT_WR-Y-attack-601 | error | Possible attack - {NUM} requests with statuscode 404 within {NUM} seconds | Check logs to see if this was an attack or false alarm, adjust threshold if necessary. |
EVENT_WR-Y-reqfilter-300 | notice | Traffic or session limits reached, request(s) blocked | See the logs to find out why the limit was reached. Enlarge limits for request frequency filter or session count. |
EVENT_WR-Y-sessionstore-300 | warn | Session store problem, request(s) blocked |