Grafana dashboards

Airlock Microgateway offers several preconfigured Helm-based Grafana dashboard templates that can be enabled and individually disabled in the Microgateway Operator Helm chart.
Dashboard metric data is obtained using Prometheus metrics and logs are aggregated using Grafana Loki in combination with a suitable log agent (e.g. Grafana Promtail or similar).

The Operator Helm chart also includes options for dashboardLabel and folderAnnotation that can be configured to allow the Grafana sidecar to find and identify the ConfigMaps that contain the dashboards in this article. These settings must match the configuration of the Grafana sidecar.

 
Info

You can find the Airlock Microgateway Helm charts here:

Requirements

  • All dashboards require Grafana to be installed and running with the sidecar.dashboards.enabled=true flag. This lets Grafana automatically add/update and delete Airlock Microgateway Dashboards.
  • Metric dashboards require Prometheus to be installed and running in addition to Grafana.
  • Log Dashboards require Grafana Loki to be installed and running in addition to Grafana

Metrics dashboards

Airlock Microgateway Overview

This dashboard contains statistics and status information on the installed Airlock Microgateway components. It provides an overview of license status, protected pods, processed requests, and latency as perceived by downstream clients.

Airlock Microgateway License

The dashboard provides detailed license information and estimated usage over the last 30 days per license ID for licenses assigned to a Microgateway Operator.

Airlock Microgateway Threats Block Metrics

The dashboard shows more detailed statistics on how Airlock Microgateway protects your applications. Processed requests and corresponding block rates can be displayed per Microgateway Operator installation and application namespace, including Block Type and Subtype.

Airlock Microgateway Threats LogOnly Metrics

The dashboard shows metrics for threats logged in threatHandlingMode: LogOnly. The temporal distribution and the breakdown by Block Type and Subtype are visualized. See also the related Airlock Microgateway Threat LogOnly Logs dashboard below.

Log dashboards

Airlock Microgateway Request Logs

The dashboard lists detailed log information for every request processed by Airlock Microgateway. Filtering on dashboard and table level enables a detailed analysis of the requests.

Airlock Microgateway Threats Block Logs

The dashboard lists detailed log information for the requests blocked in threatHandlingMode: Block. Filtering on the dashboard and table level enables a detailed analysis of the denied requests. For details, see CR DenyRules reference documentation.

Airlock Microgateway Threat LogOnly Logs

The dashboard lists detailed log information for requests with threats logged in threatHandlingMode: LogOnly to analyze the impact of deny rules on an application running in production. This allows for identifying false positives and configuring exceptions without disturbing productive traffic. For details, see CR DenyRules reference documentation.

Airlock Microgateway Access Control Logs

The dashboard lists detailed log information for requests with access control details available. Filtering on dashboard and table level enables a detailed analysis of the requests.

Airlock Microgateway Header Rewrites Logs

The dashboard lists detailed log information for header rewrites to analyze their impact on an application. To enable Header Rewrites Logs, set the operationalMode to Integration. For details, see CR HeaderRewrites reference documentation.