This section describes the log format of Haventec dockers, and proposes some monitoring dashboards that on-premise installation could create.
Logs format
Each request will generate one log at entry (action=REQ_ENTER), one at exit (action=REQ_EXIT) and optionally several others in between.
All the logs from a single transaction will have the same value at the field correlationId. The request could provide that value as a header parameter X-Correlation-Id, if it's not present it will receive a random UUID.
Example of an entry log line:
{
"timestamp": "2019-08-20T04:50:28.253Z",
"version": "1",
"message": "action=REQ_ENTER uri=/authenticate/v1-2/authentication/login, requestContentType=application/json, requestLocale=en_US, clientIP=127.0.0.1, method=POST, protocol=HTTP/1.0, requestParameters=[]",
"logger_name": "com.haventec.authenticate.spring.LoggingFilterConfig",
"thread_name": "http-nio-8080-exec-1",
"level": "INFO",
"level_value": 20000,
"applicationUuid": "1ca851c3-566e-41a4-bcf3-13695c82b2a9",
"correlationId": "05507ef4-7376-4589-8d44-267edf039565",
"uri": "/authenticate/v1-2/authentication/login"
}
Example of a logic log line between the entry and exit point
{
"timestamp": "2019-08-20T04:50:29.367Z",
"version": "1",
"message": "loginDevice - Device login authenticated, deviceUuid=48fd33cd-8262-430e-9b81-ecc6c74c063b, successfulLoginCounter=1 ",
"logger_name": "com.haventec.authenticate.services.AuthenticateEngine",
"thread_name": "http-nio-8080-exec-1",
"level": "INFO",
"level_value": 20000,
"userUuid": "3e559367-4aa3-4eaf-a73f-7e0e43b842fd",
"deviceUuid": "48fd33cd-8262-430e-9b81-ecc6c74c063b",
"applicationUuid": "1ca851c3-566e-41a4-bcf3-13695c82b2a9",
"correlationId": "05507ef4-7376-4589-8d44-267edf039565",
"uri": "/authenticate/v1-2/authentication/login"
}
Example of an exit log line:
{
"timestamp": "2019-08-20T04:50:29.985Z",
"version": "1",
"message": "action=REQ_EXIT, uri=/authenticate/v1-2/authentication/login, statusCode=200, responseContentType=application/json;charset=UTF-8, responseLocale=en_US, applicationUuid=1ca851c3-566e-41a4-bcf3-13695c82b2a9, requestorUserUuid=3e559367-4aa3-4eaf-a73f-7e0e43b842fd, requestorDeviceUuid=48fd33cd-8262-430e-9b81-ecc6c74c063b ",
"logger_name": "com.haventec.authenticate.spring.LoggingFilterConfig",
"thread_name": "http-nio-8080-exec-1",
"level": "INFO",
"level_value": 20000,
"userUuid": "3e559367-4aa3-4eaf-a73f-7e0e43b842fd",
"deviceUuid": "48fd33cd-8262-430e-9b81-ecc6c74c063b",
"applicationUuid": "1ca851c3-566e-41a4-bcf3-13695c82b2a9",
"correlationId": "05507ef4-7376-4589-8d44-267edf039565",
"uri": "/authenticate/v1-2/authentication/login",
"statusCode": "200"
}
Monitor ERROR and WARN
We recommend to monitor and analyse any log line with a level of WARN or higher
-
ERROR: There has been a system error that may require further assistance. In our SAAS, if there is an ERROR, Haventec support will receive a notification to investigate immediately and inform any customer affected.
-
WARN: Something unexpected happened and it requires investigation.
Kibana query example
Visualization | Query |
---|---|
ERROR | product:anbe AND level:ERROR AND correlationId:* |
WARN | product:anbe AND level:WARN AND correlationId:* |
We recommend creating alarms in the case of ERROR logs in order to inform your support or infrastructure team. Please also contact Haventec support to help you investigate.
There is currently some lines with ERROR and WARN that can be ignored due to false positives:
-
ERROR and WARN logs that don't contain a correlationId can be ignored.
-
The following WARN log can also be ignored
{ "timestamp": "2019-08-20T04:50:51.686Z", "version": "1", "message": "validateConnectorOwner - Security threat. ErrorCode=AN-VALI-1054, Message=Action not permitted on this connector", "logger_name": "com.haventec.authenticate.services.helpers.ServicesValidators", "thread_name": "http-nio-8080-exec-2", "level": "WARN", "level_value": 30000, "userUuid": "3e559367-4aa3-4eaf-a73f-7e0e43b842fd", "deviceUuid": "48fd33cd-8262-430e-9b81-ecc6c74c063b", "applicationUuid": "1ca851c3-566e-41a4-bcf3-13695c82b2a9", "correlationId": "5b88d559-2399-4309-9b0f-6e088076c2a0" }
Monitor API calls
We recommend monitoring successful and failed transactions per API. This information resides on the exit log lines (action=REQ_EXIT) and contains 4 interesting parameters.
Parameter | Description |
---|---|
uri | API URI invoked by the HTTP request |
statusCode | HTTP status code. Successful transactions will be 200 or 302, all other will be failure transactions. |
level | If the level of the log is INFO, the failure is not a system error and therefore it doesn't have to be investigate. It would be interested to analyse them only to understand the UX. |
errorCode | Error code generated by Authenticate that your application needs to handle. The analysis of error codes per API could give us interesting insides about how customers are using your application and could help you improve the user experience. |
errorMessage | Human readable description of the error. |
Example of a successful transaction towards the login API
{
"timestamp": "2019-08-20T04:50:29.985Z",
"version": "1",
"message": "action=REQ_EXIT, uri=/authenticate/v1-2/authentication/login, statusCode=200, responseContentType=application/json;charset=UTF-8, responseLocale=en_US, applicationUuid=1ca851c3-566e-41a4-bcf3-13695c82b2a9, requestorUserUuid=3e559367-4aa3-4eaf-a73f-7e0e43b842fd, requestorDeviceUuid=48fd33cd-8262-430e-9b81-ecc6c74c063b ",
"logger_name": "com.haventec.authenticate.spring.LoggingFilterConfig",
"thread_name": "http-nio-8080-exec-1",
"level": "INFO",
"level_value": 20000,
"userUuid": "3e559367-4aa3-4eaf-a73f-7e0e43b842fd",
"deviceUuid": "48fd33cd-8262-430e-9b81-ecc6c74c063b",
"applicationUuid": "1ca851c3-566e-41a4-bcf3-13695c82b2a9",
"correlationId": "05507ef4-7376-4589-8d44-267edf039565",
"uri": "/authenticate/v1-2/authentication/login",
"statusCode": "200"
}
Example of a failure transaction towards the login API
{
"timestamp": "2019-08-24T14:05:48.993Z",
"version": "1",
"message": "action=REQ_EXIT, uri=/authenticate/v1-2/authentication/login, statusCode=401, responseContentType=application/json;charset=UTF-8, responseLocale=en_US, applicationUuid=bf36094e-3cd9-4475-bbab-719574f8e3cd, requestorDeviceUuid=57d7f49d-7126-4629-bbbf-075d67d20884, errorCode=AN-AUTH-1006, errorDescription=\"Authentication failed\" ",
"logger_name": "com.haventec.authenticate.spring.LoggingFilterConfig",
"thread_name": "http-nio-8080-exec-8",
"level": "INFO",
"level_value": 20000,
"errorMessage": "Authentication failed",
"deviceUuid": "57d7f49d-7126-4629-bbbf-075d67d20884",
"applicationUuid": "bf36094e-3cd9-4475-bbab-719574f8e3cd",
"correlationId": "cb84e8ff-b879-42f5-9461-030afeb3a8fa",
"errorCode": "AN-AUTH-1006",
"uri": "/authenticate/v1-2/authentication/login",
"statusCode": "401"
}
Monitor error codes
We recommend to monitor the following error codes:
Error code | Description | Why is it important? |
---|---|---|
AN-OPID-1000 | Expired OAuth Authorization code | There is no JWT linked to the provided OAUTH code and need to be investigated |
AN-HENG-1001 | Wrong authKey | User's device got out of synchronisation and cannot log in, user needs to register a new one |
AN-AUTH-1005 | Authentication failed, your device is now locked | Too many login failures locked the device. Users will need to register a new one |
AN-HENG-1004 | Device is locked | Too many login failures locked the device. Users will need to register a new one |
AN-AUTH-1025 | You have reached the maximum attempts to reset PIN. You are blocked from resetting your PIN, Please try again later | It won't allow users to reset the PIN in 24 hours |
AN-AUTH-1020 | Invalid activation token. Your device is now locked. | The App should guide users to register a new device with a new activation code |
AN-AUTH-1014 | Device not found or locked | The App should guide users to register a new device |
AN-AUTH-1021 | You have reached the limit of failed add new device attempts, you are unable to add a new device for 24 hours. | It may be a brute force attack. An administrator should check the user involved and assess the risk. |
AN-AUTH-1026 | Invalid activation token. Reached the maximum number of attempts activating user. | The App should guide the user to start its own registration again. An administrator should check the user involved and assess the risk. |
AN-AUTH-1033 | You have reached the limit of failed self service OTP attempts,you are unable to create or validate an OTP for 24 hours. | It may be a brute force attack. An administrator should check the user involved and assess the risk. |
AN-AUTH-1034 | You have reached the limit of failed authenticate user OTP attempts,you are unable to create or validate an OTP for 24 hours. | It may be a brute force attack. An administrator should check the user involved and assess the risk. |
Comments
0 comments
Please sign in to leave a comment.