diff --git a/cmd/ja4sentinel/main.go b/cmd/ja4sentinel/main.go
index 87e4732..2bc749e 100644
--- a/cmd/ja4sentinel/main.go
+++ b/cmd/ja4sentinel/main.go
@@ -167,7 +167,11 @@ func main() {
 				clientHello, err := parser.Process(pkt)
 				if err != nil {
 					appLogger.Warn("tlsparse", "Failed to parse TLS ClientHello", map[string]string{
-						"error": err.Error(),
+						"error":    err.Error(),
+						"src_ip":   "unknown",
+						"src_port": "unknown",
+						"dst_ip":   "unknown",
+						"dst_port": "unknown",
 					})
 					continue
 				}
@@ -186,7 +190,12 @@ func main() {
 				fingerprints, err := fingerprintEngine.FromClientHello(*clientHello)
 				if err != nil {
 					appLogger.Warn("fingerprint", "Failed to generate fingerprints", map[string]string{
-						"error": err.Error(),
+						"error":    err.Error(),
+						"src_ip":   clientHello.SrcIP,
+						"src_port": fmt.Sprintf("%d", clientHello.SrcPort),
+						"dst_ip":   clientHello.DstIP,
+						"dst_port": fmt.Sprintf("%d", clientHello.DstPort),
+						"conn_id":  clientHello.ConnID,
 					})
 					continue
 				}
diff --git a/internal/fingerprint/engine.go b/internal/fingerprint/engine.go
index 5baf55a..ca4f9df 100644
--- a/internal/fingerprint/engine.go
+++ b/internal/fingerprint/engine.go
@@ -18,17 +18,19 @@ func NewEngine() *EngineImpl {
 }
 
 // FromClientHello generates JA4 (and optionally JA3) fingerprints from a TLS ClientHello
-// Note: JA4Hash is populated for internal use but should NOT be serialized to LogRecord
+// Note: JA4 hash portion is extracted for internal use but NOT serialized to LogRecord
 // as the JA4 format already includes its own hash portions (per architecture.yml)
 func (e *EngineImpl) FromClientHello(ch api.TLSClientHello) (*api.Fingerprints, error) {
 	if len(ch.Payload) == 0 {
-		return nil, fmt.Errorf("empty ClientHello payload")
+		return nil, fmt.Errorf("empty ClientHello payload from %s:%d -> %s:%d",
+			ch.SrcIP, ch.SrcPort, ch.DstIP, ch.DstPort)
 	}
 
 	// Parse the ClientHello using tlsfingerprint
 	fp, err := tlsfingerprint.ParseClientHello(ch.Payload)
 	if err != nil {
-		return nil, fmt.Errorf("failed to parse ClientHello: %w", err)
+		return nil, fmt.Errorf("failed to parse ClientHello from %s:%d -> %s:%d (conn_id=%s, payload_len=%d): %w",
+			ch.SrcIP, ch.SrcPort, ch.DstIP, ch.DstPort, ch.ConnID, len(ch.Payload), err)
 	}
 
 	// Generate JA4 fingerprint