Airlock as a Service Knowledge Base
API Reference Service Status Airlock Console
airlock.com

Log forwarding

Log forwarding allows you to receive your logs in real-time at an external endpoint. This enables integration with your own analysis, monitoring and SIEM systems.

Currently, we support syslog over mTLS as a destination. Logs are exported using the RFC 3164 syslog protocol over a TLS-secured TCP connection with mutual authentication.


Supported Log Sources

The following application logs are forwarded:

  • Airlock IAM: structured IAM application module logs

  • Airlock Microgateway Engine: access logs


Enabling Log Forwarding

Configure the following fields in the Log Forwarding section of the Configuration tab:

Field

Required


Endpoint URL

Yes

Your syslog receiver endpoint. Format: tcp+tls://<host>:<port> (e.g. tcp+tls://syslog.example.com:6514)

Client certificate

Yes

X.509 client certificate in PEM format, used for mTLS authentication

Private key

Yes

Private key corresponding to the client certificate, in PEM format

Server certificate

No

CA certificate in PEM format for verifying the server's TLS certificate. If not provided, the system uses publicly trusted CAs.


Syslog Message Format

Each log entry is delivered as an RFC 3164 syslog message. The syslog envelope fields are mapped as follows:

Syslog Field

Content

Example

hostname

Tenant ID

7pvr7m

appname

Module and component, separated by '/'
Modules: loginapp, adminapp
Components: airlock-iam, airlock-microgateway-engine

loginapp/airlock-iam

message

Log body in JSON format

See example below


Log body in JSON

{
  "time": "2026-03-30T06:57:41.606+0000",
  "log_id": "IAM-USERTRAIL",
  "target_id": "fxvg3pw20ava",
  "provided_id": "fxvg3pw20ava",
  "message": "Successfully changed password upon mandatory change",
  "host": "iam-loginapp-v1-7tqpq",
  "program": "loginapp",
  "priority": "info",
  "instance": "auth",
  "sess_id": "438282395745474485",
  "req_id": "167c4685-ac0b-93af-86ac-9a0cc5ea526a",
  "corr_id": "00-00eff822bf1e43d70adfb7730f81b238-2c02453d1852af99-01",
  "configuration_context": "[DEFAULT]",
  "environment": "[COMMON]"
}


Certificate Rotation

To rotate the client certificate, enter a new client certificate and private key in the configuration and save. The change takes effect without downtime.


Disabling Log Forwarding

To stop forwarding logs, click the Reset button in the Log Forwarding section. Note: this will empty all fields without possibility to undo.