adjust log levels

README.md

@@ -126,3 +126,15 @@ Standard attestation message in the same format as the Auditor app QR code.
 
 Returns space-separated values in plain text: `<subscribeKey> <verifyInterval>`. Additional fields
 may be added in the future.
+
+## Logging
+
+Logs are written via stderr for journald. Log guidelines:
+
+emerg: filesystem or database corruption
+alert: service fully not functioning
+crit: service partially not functioning
+error: service side error for a specific request
+warning: login failures or missing setup for full functionality such as sending alerts
+info: security-relevant events such as logins and expected errors triggered by clients
+debug: not used in production

src/main/java/app/attestation/server/AlertDispatcher.java

@@ -17,6 +17,8 @@
 import java.util.logging.Level;
 import java.util.logging.Logger;
 
+import static app.attestation.server.SyslogLevel.CRIT;
+
 class AlertDispatcher implements Runnable {
     private static final long WAIT_MS = 15 * 60 * 1000;
     private static final int TIMEOUT_MS = 30 * 1000;
@@ -33,7 +35,7 @@ public void run() {
         try {
             conn = AttestationServer.open(AttestationServer.ATTESTATION_DATABASE);
         } catch (final SQLiteException e) {
-            logger.log(Level.SEVERE, "database error, cannot set up Maintenance thread", e);
+            logger.log(CRIT, "database error, cannot set up Maintenance thread", e);
             return;
         }
         final SQLiteStatement selectConfiguration;
@@ -62,7 +64,7 @@ public void run() {
             selectEmails = conn.prepare("SELECT address FROM EmailAddresses WHERE userId = ?");
         } catch (final SQLiteException e) {
             conn.dispose();
-            logger.log(Level.SEVERE, "database error, cannot set up Maintenance thread", e);
+            logger.log(CRIT, "database error, cannot set up Maintenance thread", e);
             return;
         }
 

src/main/java/app/attestation/server/AttestationServer.java

@@ -65,6 +65,7 @@
 import static app.attestation.server.AttestationProtocol.fingerprintsStock;
 import static app.attestation.server.AttestationProtocol.fingerprintsStrongBoxCustomOS;
 import static app.attestation.server.AttestationProtocol.fingerprintsStrongBoxStock;
+import static app.attestation.server.SyslogLevel.ALERT;
 import static com.almworks.sqlite4java.SQLiteConstants.SQLITE_CONSTRAINT_UNIQUE;
 
 public class AttestationServer {
@@ -296,7 +297,7 @@ public static void main(final String[] args) throws Exception {
             createSamplesTable(samplesConn);
 
             if (userVersion < 1) {
-                logger.severe(SAMPLES_DATABASE + " database schemas older than version 1 are no longer " +
+                logger.log(ALERT, SAMPLES_DATABASE + " database schemas older than version 1 are no longer " +
                         "supported. Use an older AttestationServer revision to upgrade.");
                 System.exit(1);
             }
@@ -321,7 +322,7 @@ public static void main(final String[] args) throws Exception {
             createAttestationIndices(attestationConn);
 
             if (userVersion < 11) {
-                logger.severe(ATTESTATION_DATABASE + " database schemas older than version 10 are no longer " +
+                logger.log(ALERT, ATTESTATION_DATABASE + " database schemas older than version 10 are no longer " +
                         "supported. Use an older AttestationServer revision to upgrade.");
                 System.exit(1);
             }
@@ -725,7 +726,7 @@ public void handlePost(final HttpExchange exchange) throws IOException, SQLiteEx
                 exchange.sendResponseHeaders(400, -1);
                 return;
             } catch (final GeneralSecurityException e) {
-                logger.info("login error: " + e.getMessage());
+                logger.warning("login error: " + e.getMessage());
                 exchange.sendResponseHeaders(403, -1);
                 return;
             }

src/main/java/app/attestation/server/Maintenance.java

@@ -9,6 +9,8 @@
 import java.util.logging.Level;
 import java.util.logging.Logger;
 
+import static app.attestation.server.SyslogLevel.CRIT;
+
 class Maintenance implements Runnable {
     private static final long WAIT_MS = 24 * 60 * 60 * 1000;
     private static final long DELETE_EXPIRY_MS = 7L * 24 * 60 * 60 * 1000;
@@ -29,7 +31,7 @@ public void run() {
             samplesConn = AttestationServer.open(AttestationServer.SAMPLES_DATABASE);
             attestationConn = AttestationServer.open(AttestationServer.ATTESTATION_DATABASE);
         } catch (final SQLiteException e) {
-            logger.log(Level.SEVERE, "database error, cannot set up Maintenance thread", e);
+            logger.log(CRIT, "database error, cannot set up Maintenance thread", e);
             return;
         }
         final SQLiteStatement deleteExpiredSessions;
@@ -47,7 +49,7 @@ public void run() {
         } catch (final SQLiteException e) {
             attestationConn.dispose();
             samplesConn.dispose();
-            logger.log(Level.SEVERE, "database error, cannot set up Maintenance thread", e);
+            logger.log(CRIT, "database error, cannot set up Maintenance thread", e);
             return;
         }