surface last error message

Author: Thiago-AS

backend/src/ee/services/audit-log-stream/audit-log-stream-schemas.ts

@@ -1,3 +1,5 @@
+import { z } from "zod";
+
 import { AuditLogStreamsSchema } from "@app/db/schemas";
 
 export const BaseProviderSchema = AuditLogStreamsSchema.omit({
@@ -11,4 +13,7 @@ export const BaseProviderSchema = AuditLogStreamsSchema.omit({
   encryptedHeadersKeyEncoding: true,
   encryptedHeadersTag: true,
   url: true
+}).extend({
+  lastErrorMessage: z.string().nullish(),
+  lastErrorTimestamp: z.date().nullish()
 });

backend/src/ee/services/audit-log-stream/audit-log-stream-service.test.ts

@@ -9,8 +9,9 @@ const STREAM_ID = "stream-1";
 const ORG_ID = "org-1";
 const PROVIDER = "datadog";
 
+const FAILURE_MESSAGE = "upstream failure";
 const failingProviderStreamLog = vi.fn(async () => {
-  throw new Error("upstream failure");
+  throw new Error(FAILURE_MESSAGE);
 });
 
 vi.mock("@app/lib/config/env", () => ({
@@ -88,7 +89,11 @@ const createService = () => {
   const notificationService = {
     createUserNotifications: vi.fn(async () => undefined)
   };
-  const smtpService = { sendMail: vi.fn(async () => undefined) };
+  const smtpService = {
+    sendMail: vi.fn<
+      (payload: { substitutions: { lastErrorMessage: string; lastErrorTimestamp: string } }) => Promise<void>
+    >(async () => undefined)
+  };
   const orgDAL = {
     findOrgMembersByRole: vi.fn(async () => [
       { status: "accepted", user: { id: "user-1", email: "admin@example.com" } }
@@ -193,4 +198,24 @@ describe("auditLogStreamServiceFactory failure tracking", () => {
     expect(keyStore.setItemWithExpiryNX).not.toHaveBeenCalled();
     expect(notificationService.createUserNotifications).not.toHaveBeenCalled();
   });
+
+  test("stores the last error message and timestamp in the cooldown payload", async () => {
+    const { service, store, smtpService } = createService();
+
+    await driveFailures(service, FAILURE_THRESHOLD);
+
+    const payload = store[KeyStorePrefixes.AuditLogStreamAlertSent(STREAM_ID)];
+    expect(payload).toBeDefined();
+    const parsed = JSON.parse(payload as string) as { message: string; timestamp: string };
+    expect(parsed.message).toContain(FAILURE_MESSAGE);
+    expect(typeof parsed.timestamp).toBe("string");
+    expect(Number.isNaN(new Date(parsed.timestamp).getTime())).toBe(false);
+
+    expect(smtpService.sendMail).toHaveBeenCalledTimes(1);
+    const mailCall = smtpService.sendMail.mock.calls[0]?.[0] as {
+      substitutions: { lastErrorMessage: string; lastErrorTimestamp: string };
+    };
+    expect(mailCall.substitutions.lastErrorMessage).toContain(FAILURE_MESSAGE);
+    expect(mailCall.substitutions.lastErrorTimestamp).toBe(parsed.timestamp);
+  });
 });

backend/src/ee/services/audit-log-stream/audit-log-stream-service.ts

@@ -110,6 +110,24 @@ export const auditLogStreamServiceFactory = ({
     ]);
   };
 
+  const readLastErrorFromCooldown = async (streamId: string) => {
+    const raw = await keyStore.getItem(KeyStorePrefixes.AuditLogStreamAlertSent(streamId));
+    if (!raw) return { lastErrorMessage: null, lastErrorTimestamp: null };
+
+    try {
+      const parsed = JSON.parse(raw) as { message?: unknown; timestamp?: unknown };
+      const message = typeof parsed.message === "string" ? parsed.message : null;
+      const timestampStr = typeof parsed.timestamp === "string" ? parsed.timestamp : null;
+      const timestamp = timestampStr ? new Date(timestampStr) : null;
+      return {
+        lastErrorMessage: message,
+        lastErrorTimestamp: timestamp && !Number.isNaN(timestamp.getTime()) ? timestamp : null
+      };
+    } catch {
+      return { lastErrorMessage: null, lastErrorTimestamp: null };
+    }
+  };
+
   const updateById = async (
     { logStreamId, provider, credentials }: TUpdateAuditLogStreamDTO,
     actor: OrgServiceActor
@@ -239,7 +257,9 @@ export const auditLogStreamServiceFactory = ({
       });
     }
 
-    return decryptLogStream(logStream, kmsService);
+    const decrypted = await decryptLogStream(logStream, kmsService);
+    const lastError = await readLastErrorFromCooldown(logStream.id);
+    return { ...decrypted, ...lastError };
   };
 
   const list = async (actor: OrgServiceActor) => {
@@ -256,10 +276,22 @@ export const auditLogStreamServiceFactory = ({
 
     const logStreams = await auditLogStreamDAL.find({ orgId: actor.orgId });
 
-    return Promise.all(logStreams.map((stream) => decryptLogStream(stream, kmsService)));
+    return Promise.all(
+      logStreams.map(async (stream) => {
+        const decrypted = await decryptLogStream(stream, kmsService);
+        const lastError = await readLastErrorFromCooldown(stream.id);
+        return { ...decrypted, ...lastError };
+      })
+    );
   };
 
-  const notifyStreamFailure = async (orgId: string, streamId: string, provider: string, failureCount: number) => {
+  const notifyStreamFailure = async (
+    orgId: string,
+    streamId: string,
+    provider: string,
+    failureCount: number,
+    lastError: { message: string; timestamp: string }
+  ) => {
     const appCfg = getConfig();
     const orgAdmins = await orgDAL.findOrgMembersByRole(orgId, OrgMembershipRole.Admin);
     const activeAdmins = orgAdmins.filter((admin) => admin.status !== OrgMembershipStatus.Invited);
@@ -295,15 +327,22 @@ export const auditLogStreamServiceFactory = ({
           provider,
           windowFailureCount: failureCount,
           windowMinutes: FAILURE_WINDOW_MINUTES,
-          streamUrl
+          streamUrl,
+          lastErrorMessage: lastError.message,
+          lastErrorTimestamp: lastError.timestamp
         }
       })
       .catch((err) =>
         logger.error(err, `Failed to send audit log stream failure email [streamId=${streamId}] [orgId=${orgId}]`)
       );
   };
 
-  const evaluateErrorSlidingWindow = async (orgId: string, streamId: string, provider: string) => {
+  const evaluateErrorSlidingWindow = async (
+    orgId: string,
+    streamId: string,
+    provider: string,
+    errorMessage: string
+  ) => {
     try {
       const alertKey = KeyStorePrefixes.AuditLogStreamAlertSent(streamId);
 
@@ -318,11 +357,19 @@ export const auditLogStreamServiceFactory = ({
 
       if (failureCount < FAILURE_THRESHOLD) return;
 
+      // Capture the last error message and timestamp inside the cooldown payload so list reads and
+      // the failure email both surface the most recent root cause to admins.
+      const lastError = { message: errorMessage, timestamp: new Date().toISOString() };
+
       // NX lock ensures only one worker fires the alert within the cooldown window.
-      const acquired = await keyStore.setItemWithExpiryNX(alertKey, FAILURE_ALERT_COOLDOWN_SECONDS, "1");
+      const acquired = await keyStore.setItemWithExpiryNX(
+        alertKey,
+        FAILURE_ALERT_COOLDOWN_SECONDS,
+        JSON.stringify(lastError)
+      );
       if (!acquired) return;
 
-      await notifyStreamFailure(orgId, streamId, provider, failureCount).catch(async (notifyErr) => {
+      await notifyStreamFailure(orgId, streamId, provider, failureCount, lastError).catch(async (notifyErr) => {
         logger.error(
           notifyErr,
           `Failed to send audit log stream failure notification [streamId=${streamId}] [orgId=${orgId}]`
@@ -354,18 +401,21 @@ export const auditLogStreamServiceFactory = ({
         try {
           await factory.streamLog({ credentials, auditLog });
         } catch (error) {
+          let errorMessage: string;
           if (isAxiosError(error)) {
+            errorMessage = `${error?.message ?? "Request failed"} — ${JSON.stringify(error?.response?.data) ?? ""}`;
             logger.error(
               `audit-log-queue: Failed to stream audit log due to request error [auditLogId=${auditLog.id}] [event=${auditLog.eventType}] [provider=${provider}] [orgId=${orgId}] [projectId=${auditLog.projectId}] [message=${error?.message}] [response=${JSON.stringify(error?.response?.data)}]`
             );
           } else {
+            errorMessage = (error as Error)?.message ?? "Unknown error";
             logger.error(
               error,
               `audit-log-queue: Failed to stream audit log [auditLogId=${auditLog.id}] [event=${auditLog.eventType}] [provider=${provider}] [orgId=${orgId}] [projectId=${auditLog.projectId}]: ${(error as Error)?.message}`
             );
           }
 
-          await evaluateErrorSlidingWindow(orgId, id, provider);
+          await evaluateErrorSlidingWindow(orgId, id, provider, errorMessage);
         }
       })
     );

backend/src/services/smtp/emails/AuditLogStreamFailedTemplate.tsx

@@ -9,14 +9,18 @@ interface AuditLogStreamFailedTemplateProps extends Omit<BaseEmailWrapperProps,
   windowFailureCount: number;
   windowMinutes: number;
   streamUrl: string;
+  lastErrorMessage?: string;
+  lastErrorTimestamp?: string;
 }
 
 export const AuditLogStreamFailedTemplate = ({
   provider,
   windowFailureCount,
   windowMinutes,
   streamUrl,
-  siteUrl
+  siteUrl,
+  lastErrorMessage,
+  lastErrorTimestamp
 }: AuditLogStreamFailedTemplateProps) => {
   return (
     <BaseEmailWrapper
@@ -32,6 +36,18 @@ export const AuditLogStreamFailedTemplate = ({
         <Text className="text-[14px] mt-[4px]">{provider}</Text>
         <strong>Consecutive failures</strong>
         <Text className="text-[14px] text-red-600 mt-[4px]">{windowFailureCount}</Text>
+        {lastErrorTimestamp && (
+          <>
+            <strong>Last error at</strong>
+            <Text className="text-[14px] mt-[4px]">{lastErrorTimestamp}</Text>
+          </>
+        )}
+        {lastErrorMessage && (
+          <>
+            <strong>Last error message</strong>
+            <Text className="text-[14px] text-red-600 mt-[4px] break-all">{lastErrorMessage}</Text>
+          </>
+        )}
       </Section>
       <Text className="text-[14px]">
         Your stream has logged {windowFailureCount} failures in a row, with no more than {windowMinutes} minutes between
@@ -52,5 +68,7 @@ AuditLogStreamFailedTemplate.PreviewProps = {
   windowFailureCount: 12,
   windowMinutes: 5,
   streamUrl: "https://app.infisical.com/organizations/example-org/settings?selectedTab=tag-audit-log-streams",
-  siteUrl: "https://app.infisical.com"
+  siteUrl: "https://app.infisical.com",
+  lastErrorMessage: "Request failed with status code 401 — {\"errors\":[\"Invalid API key\"]}",
+  lastErrorTimestamp: "2026-05-19T14:32:11.000Z"
 } as AuditLogStreamFailedTemplateProps;

frontend/src/hooks/api/auditLogStreams/types/providers/root-provider.ts

@@ -3,4 +3,6 @@ export type TRootProviderLogStream = {
   orgId: string;
   createdAt: string;
   updatedAt: string;
+  lastErrorMessage?: string | null;
+  lastErrorTimestamp?: string | null;
 };

frontend/src/layouts/OrganizationLayout/components/NetworkHealthBanner/NetworkHealthBanner.tsx

@@ -183,8 +183,8 @@ export const NetworkHealthBanner = () => {
       const ids = visibleStreamNotifications.map((n) => n.id);
       items.push({
         id: "audit-log-stream-failed",
-        message: "Error streaming audit logs.",
-        linkLabel: "View log stream",
+        message: "Unable to stream audit logs.",
+        linkLabel: "Click to view stream configuration.",
         linkTo: visibleStreamNotifications[0].link ?? undefined,
         onDismiss: () => {
           ids.forEach((id) => updateNotification({ notificationId: id, isRead: true }));

frontend/src/pages/organization/SettingsPage/components/AuditLogStreamTab/components/AuditLogStreamRow.tsx

@@ -1,5 +1,6 @@
 import { faAsterisk, faEllipsisV, faTrash } from "@fortawesome/free-solid-svg-icons";
 import { FontAwesomeIcon } from "@fortawesome/react-fontawesome";
+import { AlertTriangleIcon } from "lucide-react";
 import { twMerge } from "tailwind-merge";
 
 import { OrgPermissionCan } from "@app/components/permissions";
@@ -13,23 +14,28 @@ import {
   Tooltip,
   Tr
 } from "@app/components/v2";
+import { Tooltip as TooltipV3, TooltipContent, TooltipTrigger } from "@app/components/v3";
 import { OrgPermissionSubjects } from "@app/context";
 import { OrgPermissionActions } from "@app/context/OrgPermissionContext/types";
 import { AUDIT_LOG_STREAM_PROVIDER_MAP, getProviderUrl } from "@app/helpers/auditLogStreams";
 import { TAuditLogStream } from "@app/hooks/api/types";
 
+import { LastErrorSection } from "./LastErrorSection";
+
 type Props = {
   logStream: TAuditLogStream;
   onDelete: (logStream: TAuditLogStream) => void;
   onEditCredentials: (logStream: TAuditLogStream) => void;
 };
 
 export const AuditLogStreamRow = ({ logStream, onDelete, onEditCredentials }: Props) => {
-  const { id, provider } = logStream;
+  const { id, provider, lastErrorMessage, lastErrorTimestamp } = logStream;
 
   const providerDetails = AUDIT_LOG_STREAM_PROVIDER_MAP[provider];
   const url = getProviderUrl(logStream);
 
+  const hasLastError = Boolean(lastErrorMessage || lastErrorTimestamp);
+
   return (
     <Tr
       className={twMerge("group h-12 transition-colors duration-100 hover:bg-mineshaft-700")}
@@ -57,8 +63,24 @@ export const AuditLogStreamRow = ({ logStream, onDelete, onEditCredentials }: Pr
         </div>
       </Td>
       <Td className="max-w-0 min-w-32!">
-        <div className="flex w-full items-center">
+        <div className="flex w-full items-center gap-2">
           <p className="truncate">{url}</p>
+          {hasLastError && (
+            <TooltipV3>
+              <TooltipTrigger>
+                <AlertTriangleIcon
+                  className="size-4 shrink-0 text-yellow-500"
+                  aria-label="Stream is failing"
+                />
+              </TooltipTrigger>
+              <TooltipContent className="max-w-96 min-w-52 px-3">
+                <LastErrorSection
+                  lastErrorMessage={lastErrorMessage ?? null}
+                  lastErrorTimestamp={lastErrorTimestamp ?? null}
+                />
+              </TooltipContent>
+            </TooltipV3>
+          )}
         </div>
       </Td>
       <Td>

frontend/src/pages/organization/SettingsPage/components/AuditLogStreamTab/components/LastErrorSection.tsx

@@ -0,0 +1,37 @@
+import { format } from "date-fns";
+import { ClockIcon, MessageSquareWarningIcon } from "lucide-react";
+
+type Props = {
+  lastErrorMessage: string | null;
+  lastErrorTimestamp: string | null;
+};
+
+export const LastErrorSection = ({ lastErrorMessage, lastErrorTimestamp }: Props) => (
+  <div className="py-1">
+    <div className="mb-2 flex items-center gap-2 border-b border-foreground/25 pb-1">
+      <div className="font-medium">Last Error</div>
+    </div>
+    {lastErrorMessage && (
+      <div className="mb-2 flex items-start gap-2 text-sm">
+        <div className="flex items-center justify-center rounded-sm bg-container/50 p-2">
+          <MessageSquareWarningIcon className="size-5" />
+        </div>
+        <div className="flex flex-col">
+          <div className="text-xs font-medium text-label">Message</div>
+          <div className="text-sm break-words">{lastErrorMessage}</div>
+        </div>
+      </div>
+    )}
+    {lastErrorTimestamp && (
+      <div className="flex items-center gap-2 text-sm">
+        <div className="flex items-center justify-center rounded-sm bg-container/50 p-2">
+          <ClockIcon className="size-5" />
+        </div>
+        <div className="flex flex-col">
+          <div className="text-xs font-medium text-label">Time</div>
+          <div className="text-sm">{format(lastErrorTimestamp, "PPpp")}</div>
+        </div>
+      </div>
+    )}
+  </div>
+);