Log Reference
Watchdog Logs
| Log ID | Log Level | Message | Description |
|---|---|---|---|
| WD1001 | ERROR | Error reading SSL certificate: | Logs when there is an error reading the SSL certificate from the file. |
| WD1010 | INFO | {days_remaining} days remaining until SSL certificate expiration. | Logs the number of days remaining before the SSL certificate expires if more than 60 days are left. |
| WD1011 | WARNING | Only {days_remaining} days remaining until SSL certificate expiration. Kindly renew your certificate. | Warns the user to renew the SSL certificate if less than 60 days are remaining. |
| WD1020 | ERROR | Unable to determine SSL certificate expiration date. | Logs an error if the SSL certificate expiration date cannot be determined. |
| WD2001 | DEBUG | Entering validate_license function. | Logs entry into the license validation function. |
| WD2010 | INFO | License is valid, verification completed successfully. | Logs successful verification of the license. |
| WD2021 | ERROR | Invalid Auth Code! | Logs when the authentication code provided in the license key is invalid. |
| WD2030 | ERROR | Verification Failed! Invalid BMKEY Format! | Logs when the format of the BMKEY is invalid, causing the license validation to fail. |
| WD2040 | ERROR | Verification Error: {str(e)}! | Logs errors encountered during the license verification process. |
| WD2050 | ERROR | Verification Failed! Please use the provided key! | Logs a general failure in license verification if the key used does not work as expected. |
| WD3001 | ERROR | Cloud mode not supported! | Logs when the licensing mode set to cloud, which is not supported. |
| WD3002 | ERROR | Please select the appropriate licensing mode! | Logs when an incorrect licensing mode is selected. |
| WD2099 | DEBUG | Exiting validate_license function. | Logs exit from the license validation function. |
| WD1001 | DEBUG | Entering CheckLicenseView post method. | Logs the entry into the post method of the CheckLicenseView class. |
| WD1002 | WARNING | Invalid license. | Logs a warning when the license check fails during the post method. |
| WD3001 | ERROR | GUID is required. | Logs an error when the GUID is missing from the POST request data. |
| WD3002 | ERROR | Hostname is required. | Logs an error when the hostname is missing from the POST request data. |
| WD3003 | ERROR | Controller version is required. | Logs an error when the controller version is missing from the POST request data. |
| WD3004 | ERROR | Controller IP Address list required | Logs an error when the list of IP addresses is missing from the POST request data. |
| WD2001 | ERROR | Invalid GUID format. | Logs an error when the GUID provided is not in a valid UUID format. |
| WD2002 | WARNING | Limit Reached! Please upgrade your license then Try Again | Logs a warning when the number of active devices reaches the licensed limit. |
| WD2003 | INFO | Controller Registered! | Logs the registration of a new controller including GUID, IP, hostname, version, and IP list details. |
| WD1003 | DEBUG | Controller Version | Logs the controller version being processed in the post method. |
| WD1004 | DEBUG | Exiting CheckLicenseView post method. | Logs the exit from the post method of the CheckLicenseView class. |
| WD1005 | DEBUG | Entering GenerateGuidFile get method. | Logs the entry into the get method of the GenerateGuidFile class. |
| WD1006 | WARNING | Invalid license. | Logs a warning when the license check fails during the get method. |
| WD1007 | DEBUG | Exiting GenerateGuidFile get method. | Logs the exit from the get method of the GenerateGuidFile class. |
| WD2101 | INFO | SSL certificate and key generated: {cert_file}, {key_file} | Logs the generation of SSL certificate and key files. |
| WD2201 | INFO | Scheduler Started | Logs the start of the scheduler process. |
ETI Logs
| Log ID | Log Level | Message | Description |
|---|---|---|---|
| ETI1001 | ERROR | ETI1001: Error parsing JSON line: | Logs when a line in the decrypted ETI data cannot be parsed as valid JSON. |
| ETI2001 | WARNING | ETI2001: Config file {self.config_path} not found | Logs when the configuration file does not exist and defaults/fallbacks will be used. |
| ETI2002 | ERROR | ETI2002: Proxy mode enabled but no valid proxy URLs found | Logs when proxy mode is enabled but neither HTTP nor HTTPS proxy is configured. |
| ETI2003 | ERROR | ETI2003: Missing required environment variables | Logs when one or more required environment variables for Elasticsearch connection are missing. |
| ETI2004 | ERROR | ETI2004: Configuration error: | Logs when a general configuration error occurs during loading or validation. |
| ETI2005 | ERROR | ETI2005: Failed to create Elasticsearch client: | Logs when the Elasticsearch client cannot be created due to invalid config or connection issues. |
| ETI3001 | INFO | ETI3001: Proxies configured: | Logs when proxy mode is enabled and HTTP/HTTPS proxies are configured for the session. |
| ETI4001 | ERROR | ETI4001: Request failed for {url}: {e} | Logs when an HTTP request fails due to network issues, timeout, or invalid response status. |
| ETI5001 | INFO | ETI5001: Successfully downloaded from | Logs when data is successfully downloaded from the given URL. |
| ETI5002 | WARNING | ETI5002: Download attempt {attempt + 1} failed for {url}: {e} | Logs when a single download attempt fails due to network or server issues. |
| ETI5003 | INFO | ETI5003: Retrying in {self.RETRY_DELAY} seconds... | Logs when the system will retry the download after a delay. |
| ETI5004 | ERROR | ETI5004: All download attempts failed for | Logs when all retry attempts fail and the download cannot be completed. |
| ETI6001 | ERROR | ETI6001: Error parsing date string: | Logs when the given date string cannot be parsed into a standard datetime format. |
| ETI6002 | ERROR | ETI6002: Error comparing date: | Logs when the given date string cannot be parsed or compared against the threshold date. |
| ETI8001 | INFO | ETI8001: Rollover successful for alias: | Logs when the rollover operation is successfully acknowledged by Elasticsearch. |
| ETI8002 | INFO | ETI8002: New index created: | Logs the name of the new index created after a successful rollover. |
| ETI8003 | WARNING | ETI8003: Rollover response for alias {alias}: {response} | Logs when the rollover operation returns a non-acknowledged response. |
| ETI8004 | ERROR | ETI8004: Error during rollover for alias {alias}: {e} | Logs when an exception occurs during the rollover operation. |
| ETI8005 | ERROR | ETI8005: Error getting current index: | Logs when an exception occurs while retrieving the current active threat-index from Elasticsearch. |
| ETI8006 | INFO | ETI8006: Index {index_name} contains {doc_count} documents | Logs the document count of the specified index when checked. |
| ETI8007 | ERROR | ETI8007: Error checking document count in index {index_name}: {e} | Logs when an exception occurs while retrieving the document count from Elasticsearch. |
| ETI8008 | ERROR | ETI8008: Error generating bulk actions: | Logs when an exception occurs while generating bulk indexing actions from ETI data. |
| ETI9001 | INFO | ETI9001: No ETI data to insert | Logs when there is no ETI data available for insertion into Elasticsearch. |
| ETI9002 | INFO | ETI9002: Inserting {len(eti_data)} records into Elasticsearch | Logs when the bulk insert operation is starting, including record count. |
| ETI9003 | INFO | ETI9003: Inserting data into index: | Logs the index name where data will be inserted. |
| ETI9004 | WARNING | ETI9004: No valid actions generated for bulk insert | Logs when no valid bulk actions were generated for insertion. |
| ETI9005 | INFO | ETI9005: Bulk insert completed: {success} successful, {len(errors)} errors | Logs the result of the bulk insert operation, including successes and errors. |
| ETI9006 | ERROR | ETI9006: Bulk insert errors (first 5): | Logs the first few errors returned from the bulk insert operation. |
| ETI9007 | ERROR | ETI9007: Error during bulk insert: | Logs when an unexpected exception occurs during the bulk insert operation. |
| ETI8009 | INFO | ETI8009: Checking indices for deletion (threshold: {date}) | Logs the start of the index deletion check and shows the threshold date. |
| ETI8010 | WARNING | ETI8010: Skipping {index}: No creation_date found | Logs when an index is skipped because it does not have a creation date. |
| ETI8011 | INFO | ETI8011: Deleted old index: {index} (created: {date}) | Logs when an old index is successfully deleted. |
| ETI8012 | WARNING | ETI8012: Error processing index {index}: {error} | Logs when an error occurs while processing a specific index. |
| ETI8013 | INFO | ETI8013: Deleted {count} old indices | Logs the total number of indices deleted after the cleanup run. |
| ETI8014 | ERROR | ETI8014: Error deleting old indices: | Logs when the deletion routine fails due to a fatal error. |
| ETI1100 | ERROR | ETI1100: Error generating auth hash: | Logs when SHA3-512 hash generation fails due to an unexpected error. |
| ETI1101 | ERROR | ETI1101: Failed to generate auth hash: | Raised as an ETIDataError when authentication hash cannot be generated. |
| ETI1102 | WARNING | ETI1102: ⚠️ No checksum header provided by server | Logs when the server response does not include a checksum header. |
| ETI1103 | ERROR | ETI1103: ❌ Checksum mismatch! Local={local_checksum}, Server={server_checksum} | Logs when calculated checksum differs from the server-provided checksum. |
| ETI1104 | INFO | ETI1104: Checksum verified successfully ({local_checksum}) | Logs when checksum verification succeeds and the data integrity is ensured. |
| ETI2100 | ERROR | ETI2100: Checksum mismatch (local={local_checksum}, server={checksum_header}) | Raised as a NetworkError when checksum validation fails for the response. |
| ETI2101 | WARNING | ETI2101: Download attempt {attempt} failed: {error} | Logs when an individual download attempt fails due to a network error. |
| ETI2102 | INFO | ETI2102: Retrying in {delay} seconds... | Logs when the system waits before retrying a failed download attempt. |
| ETI2103 | ERROR | ETI2103: All download attempts failed for ETI API | Logs when all retries are exhausted and data could not be downloaded. |
| ETI2104 | INFO | ETI2104: Starting ETI data collection | Logs when the ETI data collection process begins. |
| ETI2105 | WARNING | ETI2105: Failed to download ETI data | Logs when encrypted ETI data could not be downloaded. |
| ETI2106 | INFO | ETI2106: No new ETI data to process | Logs when the decrypted ETI dataset is empty or contains no new records. |
| ETI2107 | INFO | ETI2107: ETI data collection completed successfully. | Logs when ETI data has been successfully inserted into Elasticsearch. |
| ETI2108 | ERROR | ETI2108: Failed to insert ETI data. | Logs when ETI data decryption succeeds but bulk insertion into ES fails. |
| ETI2109 | ERROR | ETI2109: ETI data collection failed: | Logs unexpected errors with traceback during ETI data collection. |
| ETI4000 | INFO | ETI4000: Starting threat intelligence collection pipeline | Logs when the full ETI pipeline execution begins. |
| ETI4001 | INFO | ETI4001: Active index is not empty. Skipping data processing | Logs when the active Elasticsearch index already contains data, so ingestion is skipped. |
| ETI4002 | INFO | ETI4002: Pipeline execution completed successfully | Logs when the ETI pipeline completes all steps without errors. |
| ETI4003 | ERROR | ETI4003: Pipeline execution failed: | Logs unexpected errors during the ETI pipeline execution. |
| ETI4004 | INFO | ETI4004: Starting threat collector scheduler | Logs when the scheduler service begins execution. |
| ETI4005 | INFO | ETI4005: Next run scheduled in {seconds_until_next_run:.0f} seconds | Logs how many seconds until the next scheduled pipeline run. |
| ETI4006 | INFO | ETI4006: Scheduler stopped by user | Logs when the scheduler is stopped via user interrupt (KeyboardInterrupt). |
| ETI4007 | ERROR | ETI4007: Pipeline execution failed: | Logs errors during scheduled pipeline execution but keeps scheduler alive. |
| ETI4008 | INFO | ETI4008: Service cleanup completed | Logs when all resources (e.g., HTTP sessions) are cleaned up successfully. |
| ETI4009 | ERROR | ETI4009: Error during cleanup: | Logs when an error occurs while cleaning up resources. |
| ETI9000 | INFO | ETI9000: Service stopped by user | Logs when the service is manually stopped by the user (KeyboardInterrupt). |
| ETI9001 | ERROR | ETI9001: Service failed to start: | Logs when the service fails to start due to an unexpected exception. |
| ETI3308 | INFO | ETI3308: Making request to: {full_url} |
Logs full url to which threat-collector sends get request. |
UCS Logs
| Log ID | Log Level | Message | Description |
|---|---|---|---|
| UCS1001 | ERROR | UCS1001: Missing required environment variables | Raised when one or more critical environment variables are not set. |
| UCS1002 | WARNING | UCS1002: Config file {self.config_path} not found | Logs when the expected UCS client config file is missing. |
| UCS1003 | ERROR | UCS1003: UCS updates enabled but authcode not provided | Raised when UCS updates are enabled but no authentication code is provided. |
| UCS1004 | ERROR | UCS1004: Proxy mode enabled but no valid proxy URLs found | Raised when proxy mode is enabled but no HTTP/HTTPS proxy URLs are given. |
| UCS1005 | ERROR | UCS1005: Configuration error: | Logs and raises a configuration error for any other unexpected exception. |
| UCS2001 | INFO | UCS2001: Elasticsearch client created successfully | Logs when the Elasticsearch client is created without errors. |
| UCS2005 | ERROR | UCS2005: Failed to create Elasticsearch client: | Logs and raises a configuration error if Elasticsearch client creation fails. |
| UCS3001 | INFO | UCS3001: Proxies configured: | Logs the proxies that are applied to the HTTP session when proxy mode is enabled. |
| UCS3002 | INFO | UCS3002: Loaded last domain ID from Elasticsearch: | Logs the last domain ID loaded successfully from file. |
| UCS3003 | WARN | UCS3003: Error loading domain ID: | Logs a warning if the domain ID file is missing or contains invalid data. |
| UCS3004 | INFO | UCS3004: No documents found in Elasticsearch, starting with domain ID: 0 | Logs when no UCS documents exist and starts from domain ID 0. |
| UCS3005 | WARN | UCS3005: Failed to load last domain ID from Elasticsearch: {e} Returning 0 | Logs when failed to load last domain id. |
| UCS3006 | ERROR | UCS3006: Error saving domain ID: | Logs and raises an error when saving the domain ID fails. |
| UCS3007 | ERROR | UCS3007: Error generating auth hash: | Logs an error when SHA3-512 hash generation fails. |
| UCS4001 | ERROR | UCS4001: Request failed for {url}: {exception} | Logs and raises a NetworkError when an HTTP request to the UCS API fails. |
| UCS5001 | INFO | UCS5001: Successfully downloaded UCS data from | Logs successful download of UCS data from the API endpoint. |
| UCS5002 | WARN | UCS5002: Download attempt {attempt} failed: {exception} | Logs a failed attempt to download UCS data. Includes attempt count. |
| UCS5003 | INFO | UCS5003: Retrying in {self.RETRY_DELAY} seconds... | Logs that the client is retrying a failed UCS data download after a delay. |
| UCS5004 | ERROR | UCS5004: All download attempts failed for UCS API | Logs that all retry attempts to download UCS data have failed. |
| UCS6001 | INFO | UCS6001: ZIP file saved temporarily at | Logs the location where the UCS ZIP file is temporarily saved before extraction. |
| UCS6002 | INFO | UCS6002: Extracting file: | Logs the name of the file being extracted from the UCS ZIP archive. |
| UCS6003 | WARN | UCS6003: Error parsing JSON line: | Logs a warning when a single JSON line fails to parse but continues processing. |
| UCS6004 | INFO | UCS6004: Successfully parsed {len(ucs_data)} UCS records | Logs the number of UCS records successfully parsed after extraction. |
| UCS6005 | ERROR | UCS6005: Error extracting/parsing UCS data: | Logs and raises an error if the UCS ZIP extraction or parsing process fails. |
| UCS6006 | ERROR | UCS6006: Failed to process UCS data: | Raises UCSDataError when extraction or parsing of UCS data completely fails. |
| UCS6007 | INFO | UCS6007: UCS data saved to | Logs when UCS data is successfully written to the JSONL output file. |
| UCS6008 | ERROR | UCS6008: Error saving UCS data to file: | Logs an error when writing UCS data to the JSONL file fails. |
| UCS7001 | ERROR | UCS7001: Error generating bulk actions: | Logs and raises an error if bulk action generation for Elasticsearch fails. |
| UCS7002 | INFO | UCS7002: No UCS data to insert | Logs when no UCS records are available for bulk insert. |
| UCS7003 | INFO | UCS7003: Inserting {count} records into Elasticsearch | Logs the number of UCS records being prepared for insertion. |
| UCS7004 | WARNING | UCS7004: No valid actions generated for bulk insert | Logs when bulk action generation results in no valid operations. |
| UCS7005 | INFO | UCS7005: Bulk insert completed: {success} successful, {error_count} errors | Logs the outcome of the bulk insert operation (success and error counts). |
| UCS7006 | ERROR | UCS7006: Bulk insert errors (first 5): | Logs details of the first 5 errors if Elasticsearch bulk insert fails. |
| UCS7007 | ERROR | UCS7007: Error during bulk insert: | Logs unexpected exceptions during Elasticsearch bulk insert execution. |
| UCS3009 | ERROR | UCS3009: Error getting max domain ID: | Logs and handles errors that occur while calculating the maximum domainId from UCS data. |
| UCS8001 | INFO | UCS8001: UCS updates are disabled in configuration. Skipping UCS sync. | Logs when UCS sync is skipped because updates are disabled in configuration. |
| UCS8002 | INFO | UCS8002: Starting UCS data collection | Logs the start of the UCS data collection process. |
| UCS8003 | WARNING | UCS8003: Failed to download UCS data | Logs when UCS data could not be downloaded after retries. |
| UCS8004 | INFO | UCS8004: No new UCS data to process | Logs when UCS data was downloaded but contains no new entries. |
| UCS8005 | INFO | UCS8005: UCS data collection completed successfully. New domain ID: | Logs successful UCS data processing and update of the last domain ID. |
| UCS8006 | WARNING | UCS8006: No valid domain IDs found in data | Logs when UCS data was processed but no valid domain IDs were found. |
| UCS8007 | ERROR | UCS8007: Failed to insert UCS data. Domain ID will not be updated. | Logs when UCS data could not be inserted into Elasticsearch, preventing domain ID update. |
| UCS8008 | ERROR | UCS8008: UCS data collection failed: | Logs and raises an error if UCS data collection fails due to an unhandled exception. |
| UCS9000 | INFO | UCS9000: Starting UCS client scheduler | Logs when the UCS scheduler service starts running. |
| UCS9001 | INFO | UCS9001: Next UCS sync scheduled in {seconds} seconds | Logs the number of seconds until the next scheduled UCS sync at 00:15. |
| UCS9002 | INFO | UCS9002: Scheduler stopped by user | Logs when the scheduler is manually interrupted (Ctrl+C / KeyboardInterrupt). |
| UCS9003 | ERROR | UCS9003: UCS collection failed: | Logs unexpected errors during scheduled UCS collection but continues running. |
| UCS1101 | INFO | UCS1101: UCS client cleanup completed | Logs successful cleanup of UCS client resources (e.g., session close). |
| UCS1102 | ERROR | UCS1102: Error during cleanup: | Logs errors that occur while cleaning up UCS client resources. |
| UCS2101 | INFO | UCS2101: UCS client stopped by user | Logs when the UCS client is stopped manually (KeyboardInterrupt). |
| UCS2102 | ERROR | UCS2102: UCS client failed to start: | Logs and exits when the UCS client fails to start due to an unexpected error. |
| UCS5005 | ERROR | UCS5005: Checksum mismatch (local = {local_checksum}, server = {server_checksum}) | Logs when checksum verification mismatch. |
| UCS5006 | INFO | UCS5006: Checksum verified successfully ({local_checksum}) | Logs when checksum is verified successfully. |
| UCS5007 | WARN | UCS5007: No checksum header received from server | Logs when no checksum header is received. |
| UCS3308 | INFO | UCS3308: Making request to: {full_url} |
Logs full url to which ucs-client sends get request. |