Monitoring and Logging

Service Management

Airlock installs itself as a system service. The service can be controlled using the commands:

sudo systemctl stop airlock
sudo systemctl start airlock
sudo systemctl restart airlock
sudo systemctl status airlock

Airlock is installed in the /opt/airlock directory. This directory contains the Airlock binaries, configuration files, and supporting files.

Metrics

Airlock collects metrics while running to provide insights into its operation and the text being processed. The metrics collected include a count of the documents processed by Airlock, counts of the types of sensitive information identified per type, and the entity confidence values of entities extracted by non-deterministic natural language processing methods. These metrics can be reported via JMX, and to external services Prometheus, Amazon CloudWatch, and Datadog.

Reporting Metrics to Prometheus

To enable Airlock metric reporting to Prometheus modify Airlock's Settings to enable the Prometheus metrics. When enabled, the metrics HTTP endpoint will be http://airlock-ip:9100/metrics.

Enable scraping of Airlock's metrics in Prometheus' settings:

global:
  scrape_interval: 10s

scrape_configs:
- job_name: airlock
  static_configs:
  - targets: ['10.0.2.104:9100']

You may need to make port 9100 accessible to Prometheus. For example, if you launch Airlock in AWS you will need to modify Airlock's security group to permit inbound network traffic on port 9100 to Prometheus.

Reporting Metrics to Amazon CloudWatch

To enable Airlock metric reporting to Amazon CloudWatch modify Airlock's Settings to set the AWS properties. Metrics will be published to CloudWatch every 60 seconds, by default, when enabled.

The AWS IAM user or role being used should have PutMetricData permissions:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "cloudwatch:PutMetricData"
            ],
            "Resource": "*"
        }
    ]
}

The metrics will be published to the Amazon CloudWatch namespace provided in Airlock's settings. Amazon CloudWatch can then be used to visualize the metrics, set performance alarms, or perform other integrations with AWS services.

Reporting Metrics to Datadog

Metrics will be published to Datadog every 60 seconds when enabled.

Metrics published to Datadog will have a airlock prefix.

Reporting Metrics to JMX

Metrics in JMX can be viewed using visualvm or similar tool.

Metrics Collected and Reported

The listing below shows an example of the metrics Airlock collects and writes to standard out while running. The metrics reported to supported services such as JMX, Amazon CloudWatch and Datadog will contain the same metrics but may be represented or visualized differently between the services.

The metrics collected include:

A cumulative count of each type of sensitive information across all contexts and documents.
The total count of documents processed.

These metrics will be reset when Airlock is stopped and restarted.

Logging

Airlock's log file can be viewed using the command journalctl -u airlock. This log should be the first place checked for more information on Airlock's status.

The log level can be set using the logging.level.root property in Airlock's Settings.

Last modified: 17 November 2023