Admin API

Admin API is the process that supports administration for the appliance via REST.

Facility Keyword

Software Process

Log File

local5

AdminAPI

lunalogs

Expected Log Messages

The following log messages are normal and expected entries in the log files when the webserver for the REST API is running.

Web Server Started

2012 Feb 29 12:05:01 myLuna  local5 info  AdminAPI[1234]: info : 0 : Server is setting up on 192.168.0.79:8443
2012 Feb 29 12:05:01 myLuna  local5 info  AdminAPI[1234]: info : 0 : Server cipher set:
2012 Feb 29 12:05:01 myLuna  local5 info  AdminAPI[1234]: info : 0 : Server is using TLS1.2 only
2012 Feb 29 12:05:01 myLuna  local5 info  AdminAPI[1234]: info : 0 : Server is loading key file: ssl_key.pem
2012 Feb 29 12:05:01 myLuna  local5 info  AdminAPI[1234]: info : 0 : Server is loading cert file: ssl_cert.pem
2012 Feb 29 12:05:01 myLuna  local5 info  AdminAPI[1234]: info : 0 : Server is loading dh file dh2048.pem
2012 Feb 29 12:05:01 myLuna  local5 info  AdminAPI[1234]: info : 0 : Server is using NID_X9_62_prime256v1 named curve
2012 Feb 29 12:05:01 myLuna  local5 info  AdminAPI[1234]: info : 0 : Server finished setting up
2012 Feb 29 12:05:01 myLuna  local5 info  AdminAPI[1234]: info : 0 : Request hashing set: hmac_sha256
2012 Feb 29 12:05:01 myLuna  local5 info  AdminAPI[1234]: info : 0 : Asymmetric encryption set: rsa_pkcs1
2012 Feb 29 12:05:01 myLuna  local5 info  AdminAPI[1234]: info : 0 : Symmetric encryption set: aes_256_cfb

These messages indicate that web server started successfully. The web server does not run by default. Rather, an administrator must configure and start it from the Luna administrative shell.

Client Connected

2012 Feb 29 12:05:01 myLuna  local5 info  AdminAPI[1234]: info : 0 : Client 192.168.0.120:52500 connected
2012 Feb 29 12:05:01 myLuna  local5 info  AdminAPI[1234]: info : 0 : Parsed client 192.168.0.120's request
2012 Feb 29 12:05:01 myLuna  local5 info  AdminAPI[1234]: info : 0 : Client 192.168.0.120-SESSION_ID=413ef8fe-3667-4083-ae2f-44e66e1ac70e requested POST:/lunasa/services/ntls/clients
2012 Feb 29 12:05:01 myLuna  local5 info  AdminAPI[1234]: info : 0 : 192.168.0.120 successfully logged in as admin with session id of 413ef8fe-3667-4083-ae2f-44e66e1ac70e

These messages indicate that a client connected without issue to the web server and that the web server was able to fulfill the client’s request.

Client Disconnected

2012 Feb 29 12:05:01 myLuna  local5 info  AdminAPI[1234]: info : 0 : Session 7e33c7bb-54a0-4a92-a031-4e08fc90cfa5 logged out

This message indicates that a client disconnected without issue from the web server.

NOTE   If you are using Luna Appliance Software 7.7.1 or older, this message is categorized as an error even though the client disconnects without issue from the web server.

Unexpected Log Messages

Under normal circumstances, you should not see any of these log messages. If you do, please contact Thales Technical Support to report the message and seek guidance on what to do next.

Web Server Busy

2012 Feb 29 12:05:01 myLuna  local5 err  AdminAPI[1234]: error : 0 : Client 192.168.0.120 connection refused because server is busy

This message indicates that the queue of client connections is full and the web server is unable to respond to any additional request.

Client Session Problems

2012 Feb 29 12:05:01 myLuna  local5 err  AdminAPI[1234]: error : 0 : Client 192.168.0.120 submitted a request without a session token
2012 Feb 29 12:05:01 myLuna  local5 err  AdminAPI[1234]: error : 0 : Client 192.168.0.120 submitted a bad cookie
2012 Feb 29 12:05:01 myLuna  local5 err  AdminAPI[1234]: error : 0 : Client 192.168.0.120 has no session
2012 Feb 29 12:05:01 myLuna  local5 err  AdminAPI[1234]: error : 0 : Client 192.168.0.120-7e33c7bb-54a0-4a92-a031-4e08fc90cfa5 session keys do not match an active session
2012 Feb 29 12:05:01 myLuna  local5 err  AdminAPI[1234]: error : 0 : Client 192.168.0.120-7e33c7bb-54a0-4a92-a031-4e08fc90cfa5 requested access to GET:/api/lunasa/hsms/4343343 and access was denied
2012 Feb 29 12:05:01 myLuna  local5 err  AdminAPI[1234]: error : 0 : Client 192.168.0.120-7e33c7bb-54a0-4a92-a031-4e08fc90cfa5 failed to decrypt packet
2012 Feb 29 12:05:01 myLuna  local5 err  AdminAPI[1234]: error : 0 : Client 192.168.0.120-7e33c7bb-54a0-4a92-a031-4e08fc90cfa5 requested a non-existent resource
2012 Feb 29 12:05:01 myLuna  local5 err  AdminAPI[1234]: error : 0 : Client 192.168.0.120-7e33c7bb-54a0-4a92-a031-4e08fc90cfa5 sent a bad payload
2012 Feb 29 12:05:01 myLuna  local5 err  AdminAPI[1234]: error : 0 : Client 192.168.0.120-7e33c7bb-54a0-4a92-a031-4e08fc90cfa5 failed to include authentication token
2012 Feb 29 12:05:01 myLuna  local5 err  AdminAPI[1234]: error : 0 : Client 192.168.0.120:52500 failed to establish SSL connection
2012 Feb 29 12:05:01 myLuna  local5 err  AdminAPI[1234]: error : 0 : 192.168.0.120 login attempt failed
2012 Feb 29 12:05:01 myLuna  local5 err  AdminAPI[1234]: error : 0 : Session 7e33c7bb-54a0-4a92-a031-4e08fc90cfa5 timed out

These messages indicate problems with the client session.

Unknown Resource

2012 Feb 29 12:05:01 myLuna  local5 err  AdminAPI[1234]: error : 0 : Internal action requested a non-existent resource

This message indicates that the REST framework could not find the resource requested.

Denylisted Clients

2012 Feb 29 12:05:01 myLuna  local5 warn  AdminAPI[1234]: warning : 0 : Added 192.168.0.120 to the blacklist
2012 Feb 29 12:05:01 myLuna  local5 crit  AdminAPI[1234]: critical : 0 : Blacklisted user 192.168.0.120 attempted to connect

These messages indicates that the REST server has denylisted a client. The first indicates the action of adding a client to the denylist; the second indicates a subsequent attempt by a denylisted client to connect.