KMIP Server - Log Reference
This page lists important log events emitted by the Securosys KMIP Server.
These are events that are relevant for an operations team that is hosting the KMIP Server or the HSM cluster. These events are actionable, and you should consider writing alerting rules for them. For example, this includes failure to log in to the HSM.
The KMIP Server also emits many other log events. However, in contrast to the selected events listed here, those events are more informational, are for application debugging or for auditing purposes, and are not directly actionable for an operations team. For example, this includes clients making bad requests. These events are usually propagated back to the client.
Log Events
| Level | Message | Action / Description |
|---|---|---|
| ERROR | Caused by: org.postgresql.util.PSQLException: ERROR: permission denied for schema public | The configured database user does not have read/write access to the KMIP database. Fix the permission settings of the database user. |
| ERROR | kmipserver.PrimusShim fetchHsmGeneration, com.securosys.primus.jce.spi0.NotAuthorizedException: status: UserNotLoggedIn | The KMIP Server attempted to log in to the HSM, but the login failed. Check the HSM connectivity details, perform standard network checks, and ensure that the HSM credentials are valid. |
| WARN | com.securosys.primus.jce.PrimusProviderException | Java exception thrown by the Primus JCE Provider. Check the rest of the stack trace for details. |
| WARN | Error migrating database, rolling back | Check the KMIP Server logs and database logs. Delete the KMIP database and restart the application. (The KMIP Server will reinitialize the database based on the HSM keystore.) |
| WARN | Error getting dbversion (new db?), will try and load init script | Emitted when the database is empty, causing the KMIP Server to reinitialize based on the connected HSM partition. Informational, no action required. |
| WARN | db migrate target version not provided | Ensure that the latest database migration target version is specified in the db.version configuration field, update your helm-chart. |
| WARN | kmipserver.KmipConfig Error starting KmipServer and configuring db, com.cryptsoft.kmip.KmipException$System: System Error | Check the KMIP Server logs (the database migration likely failed) and the database logs. Delete the KMIP database and restart the application. (The KMIP Server will reinitialize the database based on the HSM keystore.) |
| WARN | util.log javax.net.ssl.SSLHandshakeException: (certificate_unknown) Received fatal alert: certificate_unknown | A user attempted to log in with an invalid client certificate. This can be caused by an unauthorized request or a misconfiguration of the KMIP truststore - for example, if the client has not been whitelisted via the Key Manager UI. Follow the Managing KMIP Users & KMIP Server Configuration guides. |
| WARN | kmipserver.KmipServer Error for: Operation 'CreateKeyPair' (0x00000002) | Check the ResultMessage: com.cryptsoft.kmip.KmipException: Operation=CreateKeyPair, ResultStatus=OperationFailed, ResultReason=NonUniqueNameAttribute, ResultMessage=Attribute already exists with Name: kms-rsa-b23fb5, hex value: 420xxx000; Choose a different name for the key. |
| WARN | kmipserver.KmipServer Error for: Operation 'Encrypt' (0x0000001f) | Check the ResultMessage: com.cryptsoft.kmip.KmipException: Operation=Encrypt, ResultStatus=OperationFailed, ResultReason=WrongKeyLifecycleState, ResultMessage=Key has not been activated. Activate the key in the Key Manager UI using the KMIP client (if enabled by configuration). |