Monitoring and Logging
Airlock installs itself as a system service. The service can be controlled using the commands:
Airlock is installed in the
/opt/airlock directory. This directory contains the Airlock binaries, configuration files, and supporting files.
Airlock collects metrics while running to provide insights into its operation and the text being processed. The metrics collected include a count of the documents processed by Airlock, counts of the types of sensitive information identified per type, and the entity confidence values of entities extracted by non-deterministic natural language processing methods. These metrics can be reported via JMX, and to external services Prometheus, Amazon CloudWatch, and Datadog.
Reporting Metrics to Prometheus
To enable Airlock metric reporting to Prometheus modify Airlock's Settings to enable the Prometheus metrics. When enabled, the metrics HTTP endpoint will be
Enable scraping of Airlock's metrics in Prometheus' settings:
You may need to make port
9100 accessible to Prometheus. For example, if you launch Airlock in AWS you will need to modify Airlock's security group to permit inbound network traffic on port
9100 to Prometheus.
Reporting Metrics to Amazon CloudWatch
To enable Airlock metric reporting to Amazon CloudWatch modify Airlock's Settings to set the AWS properties. Metrics will be published to CloudWatch every 60 seconds, by default, when enabled.
The AWS IAM user or role being used should have
The metrics will be published to the Amazon CloudWatch namespace provided in Airlock's settings. Amazon CloudWatch can then be used to visualize the metrics, set performance alarms, or perform other integrations with AWS services.
Reporting Metrics to Datadog
Metrics will be published to Datadog every 60 seconds when enabled.
Metrics published to Datadog will have a
Reporting Metrics to JMX
Metrics in JMX can be viewed using visualvm or similar tool.
Metrics Collected and Reported
The listing below shows an example of the metrics Airlock collects and writes to standard out while running. The metrics reported to supported services such as JMX, Amazon CloudWatch and Datadog will contain the same metrics but may be represented or visualized differently between the services.
The metrics collected include:
A cumulative count of each type of sensitive information across all contexts and documents.
The total count of documents processed.
These metrics will be reset when Airlock is stopped and restarted.
Airlock's log file can be viewed using the command
journalctl -u airlock. This log should be the first place checked for more information on Airlock's status.
The log level can be set using the
logging.level.root property in Airlock's Settings.