Admin API
Admin API is the process that supports administration for the appliance via REST.
Facility Keyword |
Software Process |
Log File |
---|---|---|
|
|
|
Expected Log Messages
The following log messages are normal and expected entries in the log files when the webserver for the REST API is running.
Web Server Started
2012 Feb 29 12:05:01 myLuna local5 info AdminAPI[1234]: info : 0 : Server is setting up on 192.168.0.79:8443 2012 Feb 29 12:05:01 myLuna local5 info AdminAPI[1234]: info : 0 : Server cipher set: 2012 Feb 29 12:05:01 myLuna local5 info AdminAPI[1234]: info : 0 : Server is using TLS1.2 only 2012 Feb 29 12:05:01 myLuna local5 info AdminAPI[1234]: info : 0 : Server is loading key file: ssl_key.pem 2012 Feb 29 12:05:01 myLuna local5 info AdminAPI[1234]: info : 0 : Server is loading cert file: ssl_cert.pem 2012 Feb 29 12:05:01 myLuna local5 info AdminAPI[1234]: info : 0 : Server is loading dh file dh2048.pem 2012 Feb 29 12:05:01 myLuna local5 info AdminAPI[1234]: info : 0 : Server is using NID_X9_62_prime256v1 named curve 2012 Feb 29 12:05:01 myLuna local5 info AdminAPI[1234]: info : 0 : Server finished setting up 2012 Feb 29 12:05:01 myLuna local5 info AdminAPI[1234]: info : 0 : Request hashing set: hmac_sha256 2012 Feb 29 12:05:01 myLuna local5 info AdminAPI[1234]: info : 0 : Asymmetric encryption set: rsa_pkcs1 2012 Feb 29 12:05:01 myLuna local5 info AdminAPI[1234]: info : 0 : Symmetric encryption set: aes_256_cfb
These messages indicate that web server started successfully. The web server does not run by default. Rather, an administrator must configure and start it from the Luna administrative shell.
Client Connected
2012 Feb 29 12:05:01 myLuna local5 info AdminAPI[1234]: info : 0 : Client 192.168.0.120:52500 connected 2012 Feb 29 12:05:01 myLuna local5 info AdminAPI[1234]: info : 0 : Parsed client 192.168.0.120's request 2012 Feb 29 12:05:01 myLuna local5 info AdminAPI[1234]: info : 0 : Client 192.168.0.120-SESSION_ID=413ef8fe-3667-4083-ae2f-44e66e1ac70e requested POST:/lunasa/services/ntls/clients 2012 Feb 29 12:05:01 myLuna local5 info AdminAPI[1234]: info : 0 : 192.168.0.120 successfully logged in as admin with session id of 413ef8fe-3667-4083-ae2f-44e66e1ac70e
These messages indicate that a client connected without issue to the web server and that the web server was able to fulfill the client’s request.
Client Disconnected
2012 Feb 29 12:05:01 myLuna local5 info AdminAPI[1234]: info : 0 : Session 7e33c7bb-54a0-4a92-a031-4e08fc90cfa5 logged out
This message indicates that a client disconnected without issue from the web server.
NOTE If you are using Luna Appliance Software 7.7.1 or older, this message is categorized as an error even though the client disconnects without issue from the web server.
Unexpected Log Messages
Under normal circumstances, you should not see any of these log messages. If you do, please contact Thales Technical Support to report the message and seek guidance on what to do next.
Web Server Busy
2012 Feb 29 12:05:01 myLuna local5 err AdminAPI[1234]: error : 0 : Client 192.168.0.120 connection refused because server is busy
This message indicates that the queue of client connections is full and the web server is unable to respond to any additional request.
Client Session Problems
2012 Feb 29 12:05:01 myLuna local5 err AdminAPI[1234]: error : 0 : Client 192.168.0.120 submitted a request without a session token 2012 Feb 29 12:05:01 myLuna local5 err AdminAPI[1234]: error : 0 : Client 192.168.0.120 submitted a bad cookie 2012 Feb 29 12:05:01 myLuna local5 err AdminAPI[1234]: error : 0 : Client 192.168.0.120 has no session 2012 Feb 29 12:05:01 myLuna local5 err AdminAPI[1234]: error : 0 : Client 192.168.0.120-7e33c7bb-54a0-4a92-a031-4e08fc90cfa5 session keys do not match an active session 2012 Feb 29 12:05:01 myLuna local5 err AdminAPI[1234]: error : 0 : Client 192.168.0.120-7e33c7bb-54a0-4a92-a031-4e08fc90cfa5 requested access to GET:/api/lunasa/hsms/4343343 and access was denied 2012 Feb 29 12:05:01 myLuna local5 err AdminAPI[1234]: error : 0 : Client 192.168.0.120-7e33c7bb-54a0-4a92-a031-4e08fc90cfa5 failed to decrypt packet 2012 Feb 29 12:05:01 myLuna local5 err AdminAPI[1234]: error : 0 : Client 192.168.0.120-7e33c7bb-54a0-4a92-a031-4e08fc90cfa5 requested a non-existent resource 2012 Feb 29 12:05:01 myLuna local5 err AdminAPI[1234]: error : 0 : Client 192.168.0.120-7e33c7bb-54a0-4a92-a031-4e08fc90cfa5 sent a bad payload 2012 Feb 29 12:05:01 myLuna local5 err AdminAPI[1234]: error : 0 : Client 192.168.0.120-7e33c7bb-54a0-4a92-a031-4e08fc90cfa5 failed to include authentication token 2012 Feb 29 12:05:01 myLuna local5 err AdminAPI[1234]: error : 0 : Client 192.168.0.120:52500 failed to establish SSL connection 2012 Feb 29 12:05:01 myLuna local5 err AdminAPI[1234]: error : 0 : 192.168.0.120 login attempt failed 2012 Feb 29 12:05:01 myLuna local5 err AdminAPI[1234]: error : 0 : Session 7e33c7bb-54a0-4a92-a031-4e08fc90cfa5 timed out
These messages indicate problems with the client session.
Unknown Resource
2012 Feb 29 12:05:01 myLuna local5 err AdminAPI[1234]: error : 0 : Internal action requested a non-existent resource
This message indicates that the REST framework could not find the resource requested.
Denylisted Clients
2012 Feb 29 12:05:01 myLuna local5 warn AdminAPI[1234]: warning : 0 : Added 192.168.0.120 to the blacklist 2012 Feb 29 12:05:01 myLuna local5 crit AdminAPI[1234]: critical : 0 : Blacklisted user 192.168.0.120 attempted to connect
These messages indicates that the REST server has denylisted a client. The first indicates the action of adding a client to the denylist; the second indicates a subsequent attempt by a denylisted client to connect.