Key Manager - Log Reference
This page lists important log events emitted by the Securosys Key Manager UI.
These are events that are relevant for an operations team that is hosting the KM UI, TSB, or the HSM cluster. These events are actionable, and you should consider writing alerting rules for them. For example, this includes failure to log in to the TSB or HSM. It also includes important user account and authentication events.
The Key Manager UI also emits many other log events. However, in contrast to the selected events listed here, those events are more informational, are for application debugging or for auditing purposes, and are not directly actionable for an operations team. For example, this includes clients making bad requests. These events are usually propagated back to the client.
Format
The Key Manager UI writes logs as JSON in the following format:
{
"timestamp": "2026-03-24T18:00:18.936Z",
"level": "INFO",
"event": "DATA_OBJECT_UPDATED",
"category": "DATA_OBJECT",
"user": "john.doe@securosys.com",
"role": "user",
"provider": "microsoft",
"resource": "KMIP-USERS",
"details": {},
"result": "SUCCESS",
"api_url": "https://tsb.example.com",
"session_id": "139894456870640"
}
Note: The JSON is written as a single line, but shown here as multi-line for readability.
Categories
The following categories are available:
AUTHENTICATION
KEY_MANAGEMENT
CERTIFICATE_MANAGEMENT
USER_MANAGEMENT
APPROVER_MANAGEMENT
CRYPTO_OPERATION
DATA_OBJECT
PROFILE_MANAGEMENT
KMIP_MANAGEMENT
SYSTEM
Results
The following result types are available:
SUCCESS
DENIED
ERROR
Log Events
The following are the most important log events:
| Level | Category | Event | Action / Description |
|---|---|---|---|
| ERROR | SYSTEM | SSL_ERROR | Verify that the Key Manager UI can validate the certificate chain for the backend services it connects to (TSB, OAuth, MCP). This typically occurs when those services use TLS certificates issued by a private CA. See: Configure TLS (HTTPS). |
| ERROR | SYSTEM | REQUEST_ERROR | Verify that the Key Manager UI can reach the backend services it connects to (TSB, OAuth, MCP). |
| ERROR | SYSTEM | REQUEST_TIMEOUT | Verify that the Key Manager UI can reach the backend services it connects to (TSB, OAuth, MCP). |
| ERROR | SYSTEM | MTLS_FAILED | Verify that mTLS is correctly configured. See: mTLS with TSB (Backend). |
| ERROR | %s | %s_FAILED For example: USER_UPDATE_FAILED or KEY_DELETE_FAILED. | An operation failed. These events will have result="ERROR". Check the TSB logs and HSM logs for details. |
| ERROR | DATA_OBJECT | DATA_OBJECT_CORRUPTED | Do not manually modify data objects created by the Key Manager UI. Delete the affected data object and restart the Key Manager UI. |
| ERROR | AUTHENTICATION | LOGIN_ERROR | Check TSB connectivity and credentials. See: Authentication (Frontend). |
| WARNING | AUTHENTICATION | LOGIN_FAILURE | A user attempted to log in with invalid credentials. |
| WARNING | AUTHENTICATION | LOGIN_DENIED | A user successfully authenticated via OAuth but was denied access due to authorization restrictions. See: Authentication (Frontend). |
| INFO | AUTHENTICATION | LOGIN_SUCCESS | A user successfully authenticated. |
| INFO | USER_MANAGEMENT | USER_CREATED | A new local user has been created. |
| INFO | USER_MANAGEMENT | USER_UPDATED | A local user has been updated. |
| INFO | KMIP_MANAGEMENT | KMIP_USER_CREATED | A new KMIP user has been created. |