Customizing Events

Types of notifications

Log messages are generated by system components. These messages can be viewed in the Log Viewer or forwarded to a second syslog located in the management network.

Events are created by rules based on log messages. Events can be alerted, i.e. sent by email, as web-request or to a specific syslog server. The alerting methods can be configured in "Log Settings" - "Event Notification Channels".

The Log Viewer shows both events and messages mixed in one view. It is possible to show events only using the preconfigured search "Requests - GATEWAY Troubleshooting - Events".

Types of events

There are two types of events:

• Internal events are defined by Airlock. Those events can't be changed by the administrator. They may be changed by product updates in the future.
• Customizable events covers events that are highly dependent on the Airlock usage scenario, especially the number of requests per second.

Customizable events are configured in a event rule file named "logsurfer.conf.user.custom". Events which are not configured in this file are internal events and should not be modified.
Event configuration affects only future events. Events that are already generated will not be changed.

Customization

Before changing the file, create a copy of it for backup reasons:

Adjust the alert at your needs (the commented lines describe the default values):

After changing the configuration the airlock-logsurfer service has to be restarted:

If all the criteria match (50 lines or more within 60 seconds in the example above), the event is triggered and a notification is sent to the configured channels.

Ergon supports only changes of frequency and numbers in the customizeable events. Changing the definition or adding new events is not supported.