TSB - Log Reference
This page lists important log events emitted by the Securosys REST API (Transaction Security Broker).
These are events that are relevant for an operations team that is hosting the TSB or the HSM cluster. These events are actionable, and you should consider writing alerting rules for them. For example, this includes failure to log in to the HSM.
The TSB also emits many other log events. However, in contrast to the selected events listed here, those events are more informational, are for application debugging or for auditing purposes, and are not directly actionable for an operations team. For example, this includes REST API clients making bad requests. These events are usually propagated back to the client.
Log Events
| Level | Message | Action |
|---|---|---|
| ERROR | Error during Automated Approval execution | Verify that the TSB can reach the VaultCode instance. Check network connectivity and firewall rules between the two services. |
| ERROR | Error from tee service | Check the logs of your VaultCode instance for details. |
| WARN | Could not login to clean up approval tasks with the information provided for | Check network connectivity between the TSB and the HSM. Verify that the partition credentials are still valid. See: REST API – Configuration. |
| WARN | Could not login to process approved HSM requests with the information provided for | Check network connectivity between the TSB and the HSM. Verify that the partition credentials are still valid. See: REST API – Configuration. |
| WARN | Host {} failed, trying next if available... | The TSB failed to connect to one HSM and is attempting to fall over to the next node in the cluster. Check network connectivity between the TSB and the affected HSM. See: HSM Load-Balancing. |
| WARN | An error occurred while attempting to create a temporary file or write content to it. Please check file permissions and ensure there is sufficient disk space. | Ensure the TSB process has write permissions to the relevant directory and that sufficient disk space is available on the host. |
| WARN | Decryption of user secret failed. This might be caused by an update of the encryption password. | Do not change the encryptionPassword in the TSB configuration after initial setup. Revert it to the original value, or re-provision the partition with a new setup password. See: REST API – Configuration. |
| WARN | Your current HSM subscription does not support creating backup-keys as this operation requires the TSB_ENGINE is licensed. Delete 'hsm.backupKeyName' from application.yml or subscribe to TSB. | Either remove the hsm.backupKeyName property from your application-local.yml, or ensure that the TSB_ENGINE feature is enabled in the Partition Security Configuration. |
| WARN | The system time and the HSM time differ by {} seconds which exceeds the maximum allowed time difference of {} seconds. The HSM UTC time is: {}. The system UTC time is: {}. | Synchronise the clocks on both the TSB host and the HSM (e.g. via NTP). The allowed threshold is controlled by the hsm.maxTimeDifferenceToHsm parameter. See: REST API – Configuration. |