Events
This table lists all existing events, including countermeasures. See also List of frequent events for additional information about how to deal with frequent events.
Event ID | Log level | Text | Countermeasure |
|---|---|---|---|
| notice | Update successfully installed | - |
| error | Update installation failed | Login to console with user “menu” and check the update installation log. Try reinstalling the update. |
| warn | Invalid license information | Install a valid license under “Server Settings” in the Configuration Center. |
| crit | Number of concurrent authenticated sessions exceeds license limit | Request a license with more authenticated sessions. |
| notice | New Configuration activated | - |
| warn | Multiple failed login attempts to Configuration Center | - |
| info | Successful Configuration Center login | - |
| notice | User 'root' has added the new administrator | A new user was added for Configuration Center. |
| notice | User 'root' has deleted the administrator | A Configuration Center user was deleted. |
| notice | User 'root' has disabled the account of administrator | An account of a Configuration Center user was disabled. |
| notice | User 'root' has enabled the account of administrator | An account of a Configuration Center user was enabled. |
| notice | User 'root' has set a new password for administrator | The password for a Configuration Center user was changed. |
| notice | User 'root' has changed the name of administrator | An account of a Configuration Center user was renamed. |
| notice | User 'root' has changed the roles for administrator | New roles for a Configuration Center user were set. |
| warn | The licensed request rate was exceeded in the last hour | |
| info | Resource illegal, using default value | Contact Airlock support. |
| info | Security Gate running in tracemode, this affects performance | If not enabled intentionally, disable trace mode in “Log Settings” in Configuration Center. |
| warn | Content of CRL file(s) is not ok | Upload the CRL file again, verify that CRL file is valid. |
| error | Access to CRL file(s) failed | Contact Airlock support. |
| error | Database synchronization with passive Airlock failed, stateful fail-over will not work | Contact Airlock support. |
| info | Database synchronization with passive Airlock successful | - |
| error | Disk I/O error | Replace the broken disk. |
| warn | SMART disk self-check failed | Replace the broken disk. |
| crit | File system full | Delete some files from indicated partition. |
| warn | Cold DB is 90% full | |
| warn | Dropping new data due to full cold DB | |
| error | Cold DB is full | |
| warn | Back-end checks results caused this airlock switching to offline (bad back-end servers) | |
| info | Back-end checks results caused this airlock switching to online (healthy back-end servers) | |
| error | Failover system could not start | Verify your failover configuration is correct. |
| warn | License will soon expire | Contact Airlock support for a new license. |
| error | License has expired | Contact Airlock support for a new license. |
| warn | Busy child processes threshold reached | - |
| warn | All Security Gate processes are busy. MaxProcs reached. | |
| warn | All Security Gate processes are busy. | |
| warn | Failover switch to active (takeover) | Check the partner machine for reasons for the takeover. |
| warn | Failover switch to passive (switch back) | - |
| info | Failover healthcheck failed | If this happens repeatedly, check if there is a network problem. |
| error | Add-on tomcat is terminated unexpectedly | |
| info | Failover partner state unreadable | Check your cluster configuration and make sure the network topology allows the two failover nodes to contact each other. |
| info | Created Let's Encrypt certificates | - |
| error | Something went wrong during updating a Let's Encrypt certificate | Check logs. |
| info | Renewed Let's Encrypt certificates | - |
| info | SSL CRL expires in 30 days | |
| notice | SSL CRL expires in 7 days | Refresh CRL. |
| warn | SSL CRL expires in 1 day | Refresh CRL. |
| error | SSL CRL expired | Refresh CRL. |
| warn | SSL certificate will soon expire | Replace SSL certificate. |
| error | SSL certificate has expired | Replace SSL certificate. |
| warn | Mapping is in NOTIFY mode and thus not able to protect your application | Disable NOTIFY mode if mapping is used for production. |
| warn | Failed SSH logins | Check if failed logins are caused by a password typo or are an attempt to gain illegal access to your Airlock. |
| notice | Successful SSH login | - |
| warn | Failed console login | Check if failed logins are caused by a password typo or are an attempt to gain illegal access to your Airlock. |
| notice | Successful console login | - |
| crit | Serious internal error in Security Gate | Contact Airlock support. |
| crit | Number of concurrent sessions per source IP exceeded | If not needed disable under “Session settings” or set a bigger limit. |
| warn | Possible backend problem - response time repeatedly too high | Check if the high back-end response time was regular or if there is a performance or network problem with the back-end system. |
| warn | Possible ICAP problem - response time repeatedly too high | Verify that there is no network problem with the ICAP server. |
| info | Back-end Host changed state to BAD | Check your Back-end. Check the logs to find out why the Back-end became BAD. |
| info | Back-end Host changed state to GOOD | Check the logs to find out why the Back-end became BAD in the first place. |
| error | Possible attack - {NUM} blocked requests within {NUM} seconds | Check logs to see if this was an attack or false alarm, adjust threshold if necessary. |
| error | Possible attack - {NUM} requests with statuscode 404 within {NUM} seconds | Check logs to see if this was an attack or false alarm, adjust threshold if necessary. |
| notice | Traffic or session limits reached, request(s) blocked | See the logs to find out why the limit was reached. Enlarge limits for request frequency filter or session count. |
| warn | Session store problem, request(s) blocked |