Log forwarding allows you to stream logs in real time to an external endpoint. This enables integration with your own monitoring, analysis, and SIEM tools.
Currently, Airlock SaaS supports syslog over mTLS. Logs are forwarded using the RFC 3164 syslog protocol over a TLS-secured TCP connection with mutual authentication.
Forwarded log sources
The following log sources are forwarded:
Airlock IAM: structured logs from IAM application modules
Airlock Microgateway Engine: access logs
Enabling log forwarding
Configure the following fields in the Log forwarding section of the Configuration tab:
Field |
Required |
|
|---|---|---|
Endpoint URL |
Yes |
URL of the syslog endpoint. Format: |
Client certificate |
Yes |
X.509 client certificate in PEM format used for mTLS authentication |
Private key |
Yes |
Private key corresponding to the client certificate, in PEM format |
Server certificate |
No |
CA certificate in PEM format used to verify the server’s TLS certificate. If not provided, publicly trusted CAs are used. |
Syslog message format
Each log entry is forwarded as an RFC 3164 syslog message. The syslog fields are populated as follows:
Syslog field |
Content |
Example |
|---|---|---|
|
Tenant ID |
|
|
Module and component, separated by |
|
|
Log payload in JSON format |
See example below. |
Log body in JSON
{
"time": "2026-03-30T06:57:41.606+0000",
"log_id": "IAM-USERTRAIL",
"target_id": "fxvg3pw20ava",
"provided_id": "fxvg3pw20ava",
"message": "Successfully changed password upon mandatory change",
"host": "iam-loginapp-v1-7tqpq",
"program": "loginapp",
"priority": "info",
"instance": "auth",
"sess_id": "438282395745474485",
"req_id": "167c4685-ac0b-93af-86ac-9a0cc5ea526a",
"corr_id": "00-00eff822bf1e43d70adfb7730f81b238-2c02453d1852af99-01",
"configuration_context": "[DEFAULT]",
"environment": "[COMMON]"
}Certificate rotation
To rotate the client certificate, replace the configured client certificate and private key, then save the configuration. The new certificate takes effect immediately and does not require downtime.
Disabling log forwarding
To disable log forwarding, click Reset in the Log forwarding section and save the configuration.
Notice
Resetting the configuration clears all configured values. This action cannot be undone.