Messages are written to the logs using these rules for the log level:
ERROR
: system failures or situations that require some action to ensure correct operation of the system.WARN
: notifications that don't require immediate action or that are indications that a transaction failed.INFO
: information message to allow investigation of issues or to provide reassurance that the system is operating correctly.DEBUG
: very verbose logging to assist with investigation of issues
The log level is written out in uppercase as part of the log message, this can be used for alert monitoring.
Errors
Below is a non-exhaustive list of error messages and suggested actions. Braces '{}' indicate where further detail of the root cause is logged as part of the message.
Message | Cause |
---|---|
Error decoding message: {error details} | Invalid base64 in privateFrom/privateFor from Smilo or in tx hash for resend Action: Sender needs to provide valid base64 |
Error occurred: {error details} Root cause: {root cause} | Generated for a variety of reasons:
|
Enclave unavailable: {error details} | Action: user needs to check why enclave is unavailable (look in log file for enclave) |
Entity not found: {error details} | API request received against q2tserver/transaction/{key} where key is not a tx hash in the DB |
Entity not found:{error details} | Thrown if endpoint doesn't exist on that API, e.g.curl -s http://localhost:9001/invalidendpoint |
Security exception {followed by exception message, like "java.lang.SecurityException: No key found for url 127.1.1.1"} | Thrown if enableRemoteKeyValidation: true and partyinfo request received from a URL for which we don't hold a public key (i.e. potentially a malicious party).Note: if key validation enabled then this exception will be thrown during startup whilst the nodes exchange key information. |
ERROR c.q.t.a.e.DefaultExceptionMapper - HTTP 400 Bad Request | Logged if received message is corrupt/incorrectly formatted, e.g.curl -X POST "http://localhost:9001/resend" \ |
Error while reading secret from file | Unable to read the secret key (password) from file specified by TESSERA_CONFIG_SECRET Action: ensure the secret key file config is correct, and file can be read |
unable to initialize encryption facade {error details} | Unable to initialise elliptical curve encryption. Logged error message will give further details Action: check configuration properties |
unable to generate shared secret {error details} | Unable to generate shared secret for elliptical curve encryption. Logged error message will give further details. Action: check configuration properties |
unable to perform symmetric encryption {error details} | Unable to encrypt data. Logged error message will give further details. Action: check configuration properties |
unable to perform symmetric decryption {error details} | Unable to decrypt data. Logged error message will give further details. Action: check configuration properties |
Error when executing action {action type}, exception details: {error details} | Unable to start Influx DB. Logged error message will give further details Action: check configuration properties |
Error creating bean with name 'entityManagerFactory' | Unable to create connection to database due to failure to decrypt the DB password using the supplied secret key Action: ensure that the correct value is supplied for the secret key |
Config validation issue: {property name} {error details} | Invalid configuration detected Action: correct the configuration of the named property. |
Invalid json, cause is {error details} | Invalid json in the configuration file Action: check the configuration file for mistakes. |
Configuration exception, cause is {error details} | Invalid data in the configuration file Action: check the configuration file for mistakes. |
CLI exception, cause is {error details} | Invalid command line Action: The error details will give further information regarding the action to be taken. |
Warnings
Below is a list of warning messages and possible causes. Braces '{}' indicate where further detail of the root cause is logged as part of the message.
Message | Cause |
---|---|
Public key {publicKey} not found when searching for private key | The key in a transaction is not recognised, i.e. it is not the public key of a known participant node. |
Recipient not found for key: {public key} | An unrecognised participant is specified in a transaction. No action needed. |
Unable to unmarshal payload | A received message is corrupt, or incorrectly formatted |
Remote host {remote host name} with IP {remote host IP} failed whitelist validation | Logged if whitelist validation is enabled and the remote host is not in the whitelist. Action: either this is a malicious connection attempt, or mis-configuration |
Ignoring unknown/unmatched json element: {element tag name} | An unrecognised element has been found in the config file. Action: remove or correct the config file entry |
Not able to find or read any secret for decrypting sensitive values in config | Secret key (password) could not be read from console or password file (see TESSERA_CONFIG_SECRET in docs ).Action: correction needed for the secret key or the file access permission |
Some sensitive values are being given as unencrypted plain text in config. Please note this is NOT recommended for production environment. | Self explanatory |
Not able to parse configured property. Will use default value instead | Error in config file |
IOException while attempting to close remote session {error details} | Only occurs on shutdown, no action needed |
Could not compute the shared key for pub {public key} and priv REDACTED | Possible cause is that a public key does not match the configured cryptography algorithm. Action: ensure provided key is correct |
Could not create sealed payload using shared key {shared key} | Possible cause is that a public key does not match the configured cryptography algorithm. Action: ensure provided key is correct |
Could not open sealed payload using shared key {shared key} | Possible cause that wrong password was given for key file decryption or making a change to the values in the keyfile so that the password no longer works. Action: ensure that password is correct for the keyfile |
Unable to generate a new keypair! | Internal error - potentially an issue with jnacl dependency |
Exception thrown : {exception message} While starting service {service name} | Internal error - failed to start a service |
Invalid key found {remote host url} recipient will be ignored | Remote key validation check failed. No action needed, however it is a possible indication of a malicious node |
Push returned status code for peer {remote peer url} was {status code} | The peer rejected a transaction 'push' request. Action: check logs on peer to see why it failed |
PartyInfo returned status code for peer{remote peer url} was {status code} | The peer rejected a partyInfo request. Action: check logs on peer to see why it failed |
Unable to resend payload to recipient with public key {public key}, due to {error details} | The peer rejected a transaction push request during a resend operation. Action: check reason message, or logs on peer to see why it failed |
Attempt is being made to update existing key with new url. Please switch on remote key validation to avoid a security breach. | Self explanatory |
Failed to connect to node {remote node url}, due to {error details} | A remote node refused partyinfo request. Can occur if:
|
Failed to connect to node {remote node url} for partyInfo, due to {error details} | A node failed partyInfo request during resend to peer. Action: check reason message, or logs on peer to see why it failed |
Failed to make resend request to node {remote node url} for key {public key}, due to {error details} | Peer communication failed during '/resend' request. Action: check reason message, or logs on peer to see why it failed |
!!! Note Some messages will be rearranged to correct logging levels in our next release.
To change the default log level
The level of logging is controlled by the logback configuration file. The default file packaged with Tessera can be seen here.
To specify a different logging configuration, pass a customised logback file on the command line using:
-Dlogback.configurationFile=/path/to/logback.xml