TSB - Log Reference
This page lists important log events emitted by the Securosys REST API (Transaction Security Broker).
These are events that are relevant for an operations team that is hosting the TSB or the HSM cluster. These events are actionable, and you should consider writing alerting rules for them. For example, this includes failure to log in to the HSM.
The TSB also emits many other log events. However, in contrast to the selected events listed here, those events are more informational, are for application debugging or for auditing purposes, and are not directly actionable for an operations team. For example, this includes REST API clients making bad requests. These events are usually propagated back to the client.
Log Events
| Level | Message | Action |
|---|---|---|
| ERROR | Error during Automated Approval execution | Check that the TSB can reach the VaultCode instance. |
| ERROR | Error from tee service | Check the logs of your VaultCode instance. |
| WARN | Could not login to clean up approval tasks with the information provided for | Check network connectivity between the TSB and the HSM. Check that the partition credentials are still valid. |
| WARN | Could not login to process approved hsm requests with the information provided for | Check network connectivity between the TSB and the HSM. Check that the partition credentials are still valid. |
| WARN | Host {} failed, trying next if available... | The TSB failed to log in to one HSM, and is trying another one in the cluster. Check network connectivity between the TSB and that HSM. |
| WARN | An error occurred while attempting to create a temporary file or write content to it. Please check file permissions and ensure there is sufficient disk space. | See the message. |
| WARN | Decryption of user secret failed. This might be caused by an update of the encryption password. | Don't change the "encryption password" in the TSB configuration. Change it back, or configure a new Setup Password. |
| WARN | Your current HSM subscription does not support creating backup-keys as this operation requires the TSB_ENGINE is licensed. Delete 'hsm.backupKeyName' from application.yml or subscribe to TSB. | See the message. Make sure that the TSB_ENGINE is enabled in your Partition Security Config. |
| WARN | The system time and the HSM time differ by {} seconds which exceeds the maximum allowed time " + "difference of {} seconds. The HSM UTC time is: {}. The system UTC time is: {}. | Make sure that the clocks on the HSM and the TSB are correct. |