Page tree

Contents

NIOS appliances generate syslog messages that you can view through the Syslog viewer and download to a directory on your management station. For more information about syslog, see Using a Syslog Server.

Following are the events that are logged and examples of their corresponding syslog messages:
Establishment/Termination of an HTTPS Session
Event: Generation of RSA key failed.
Message: "Oct 19 09:15:01 EPBYMINW0065T1 httpd[2115]: cryptographic key generation failed"
Event: Session is terminated.
Message: "Oct 19 09:15:01 EPBYMINW0065T1 httpd[2115]: Session terminated (remote address: 10.6.11.249)"
Event: Failed to establish a session.
Message: "Oct 19 08:50:21 EPBYMINW0065T1 httpd[2314]: Failed to establish a session (remote address: 10.6.11.249), error 1115 (SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed)"
Event: Session is established.
Message: "Oct 19 08:54:42 EPBYMINW0065T1 httpd[2314]: Session has been established (remote address: 10.6.11.249)"
Establishment/Termination of a TLS Session
Event: Generation of RSA key failed.
Message: "Oct 19 08:38:08 EPBYMINW0065T1 openvpn[1415]: cryptographic key generation failed"
Event: Session has been established.
Message: "Oct 19 08:38:08 EPBYMINW0065T1 openvpn[1552]: Session has been established (remote address: 10.6.11.249)"
Event: HMAC failure:
Message: "Oct 19 08:41:01 EPBYMINW0065T1 openvpn[1567]: cryptographic key generation failed: HMAC"
Event: Signing failure (constructed message, it is not trivial to obtain it into the syslog).
Message: "Oct 19 08:45:01 EPBYMINW0065T1 openvpn[1582]: cryptographic operation failed: signature"
Event: Encryption failure.
Message: "Oct 19 08:46:41 EPBYMINW0065T1 openvpn[1612]: cryptographic operation failed: encryption"
Event: Decryption failure.
Message: "Oct 19 08:46:41 EPBYMINW0065T1 openvpn[1612]: cryptographic operation failed: decryption"
Event: Session was not established.
Message: "Oct 19 08:50:21 EPBYMINW0065T1 openvpn[1701]: Failed to establish a session (remote address: 10.6.11.249), error 1115 (SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed)"
Event: Packet was not verified.
Message: "Oct 19 08:55:25 EPBYMINW0065T1 openvpn[1815]: Packet verification fails (remote address: 10.6.11.249)"
Random Number Generation Process
[2011/10/19 10:13:46.282] (26360 /infoblox/one/bin/ib_prngd_control) : ib_prngd daemon is not running while CC mode is enabled
[2011/10/19 10:13:46.324] (26368 /infoblox/one/bin/ib_prngd) main.c:202 main(): ib_prngd daemon starting up...
[2011/10/19 10:13:46.700] (26368 /infoblox/one/bin/ib_prngd) main.c:214 main(): Setting FIPS mode OK [2011/10/19 10:13:48.400] (26368 /infoblox/one/bin/ib_prngd) main.c:214 main(): Setting FIPS mode FAILED [2011/10/19 10:13:46.700] (26368 /infoblox/one/bin/ib_prngd) main.c:125 rename_rnd_dev(): Moving
/dev/random to /dev/random_backup OK
[2011/10/19 10:13:46.700] (26368 /infoblox/one/bin/ib_prngd) main.c:127 rename_rnd_dev(): Moving
/dev/urandom to /dev/urandom_backup OK
[2011/10/19 10:13:46.700] (26368 /infoblox/one/bin/ib_prngd) main.c:234 main(): Creating FIFO
/dev/ib_random OK
[2011/10/19 10:13:46.700] (26368 /infoblox/one/bin/ib_prngd) main.c:158 symlink_rnd_dev(): Symlinking
/dev/random to /dev/ib_random OK
[2011/10/19 10:13:46.700] (26368 /infoblox/one/bin/ib_prngd) main.c:160 symlink_rnd_dev(): Symlinking
/dev/urandom to /dev/ib_random OK
[ TIME NOT KNOWN ] (26368) main.c:signal_handler{}: ib_prngd received SIGTERM signal....exiting. [ TIME NOT KNOWN ] (26368) main.c:signal_handler{}: ib_prngd received SIGINT signal....exiting.
[ TIME NOT KNOWN ] (26368) main.c:signal_handler{}: ib_prngd received SIGQUIT signal....exiting.
[ TIME NOT KNOWN ] (26368) main.c:signal_handler{}: ib_prngd received an unknown signal....exiting. [2011/10/19 10:13:49.205] (26368 /infoblox/one/bin/ib_prngd) main.c:135 rename_rnd_dev(): Renaming
/dev/random back OK
[2011/10/19 10:13:49.205] (26368 /infoblox/one/bin/ib_prngd) main.c:141 rename_rnd_dev(): Renaming
/dev/urandom back OK
[2011/10/19 10:13:49.205] (26368 /infoblox/one/bin/ib_prngd) main.c:255 main(): Removing custom FIFO
/dev/ib_random OK
[2011/10/19 10:13:49.205] (26368 /infoblox/one/bin/ib_prngd) main.c:255 main(): Removing custom FIFO
/dev/ib_random FAILED
[2011/10/19 10:13:49.205] (26368 /infoblox/one/bin/ib_prngd) main.c:141 rename_rnd_dev(): Renaming
/dev/urandom back FAILED
[2011/10/19 10:13:49.205] (26368 /infoblox/one/bin/ib_prngd) main.c:135 rename_rnd_dev(): Renaming
/dev/random back FAILED
[2011/10/19 10:25:22.931] (26557 /infoblox/one/bin/ib_prngd) main.c:189 main(): Error!
/infoblox/one/bin/ib_prngd is already running
[2011/10/19 10:26:58.107] (26560 /infoblox/one/bin/ib_prngd) main.c:52 self_test(): OpenSSL FIPS mode functionality self test OK
[2011/10/19 10:26:58.107] (26560 /infoblox/one/bin/ib_prngd) main.c:52 self_test(): OpenSSL FIPS mode functionality self test FAILED
Failures on Invoking Functionality
Event: Invalid size specified for algorithm HMAC-SHA256.
Message:2011-10-19T17:57:12-04:00 user EPBYMINW2856 httpd[]: err TSIG key generation failure: Size 512 can not be used with algorithm HMAC-SHA256
Event: Invalid algorithm specified in Common Criteria mode.
Message: 2011-10-19T18:12:22-04:00 user EPBYMINW2856 httpd[]: err TSIG key (keylen = 256, algname = HMAC-MD5) generation error : Only HMAC-SHA256 available in CC mode.
Open VPN
Event: Generation of RSA key failed
Message: Oct 19 08:38:08 EPBYMINW0065T1? openvpn[1415]: cryptographic key generation failed
Event: Session has been established
Message: Oct 19 08:38:08 EPBYMINW0065T1? openvpn[1552]: Session has been established (remote address: 10.6.11.249)
Event: HMAC failure
Message: Oct 19 08:41:01 EPBYMINW0065T1? openvpn[1567]: cryptographic key generation failed: HMAC
Event: Signing failure
Message: Oct 19 08:45:01 EPBYMINW0065T1? openvpn[1582]: cryptographic operation failed: signature
Event: Encryption failure
Message: Oct 19 08:46:41 EPBYMINW0065T1? openvpn[1612]: cryptographic operation failed: encryption Event: Decryption failure
Message: Oct 19 08:46:41 EPBYMINW0065T1? openvpn[1612]: cryptographic operation failed: decryption
Event: Session was not established
Message: Oct 19 08:50:21 EPBYMINW0065T1? openvpn[1701]: Failed to establish a session (remote address: 10.6.11.249), error 1115 (SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed)
Event: Packet was not verified
Message: Oct 19 08:55:25 EPBYMINW0065T1? openvpn[1815]: Packet verification fails (remote address: 10.6.11.249)
HTTPS
Event: Generation of RSA key failed
Message: Oct 19 09:15:01 EPBYMINW0065T1? httpd[2115]: cryptographic key generation failed
Event: Session is terminated
Message: Oct 19 09:15:01 EPBYMINW0065T1? httpd[2115]: Session terminated (remote address: 10.6.11.249)
Event: Failed to establish a session
Message: Oct 19 08:50:21 EPBYMINW0065T1? httpd[2314]: Failed to establish a session (remote address: 10.6.11.249), error 1115 (SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed)
Event: Session is established
Message: Oct 19 08:54:42 EPBYMINW0065T1? httpd[2314]: Session has been established (remote address: 10.6.11.249)
Event: HMAC failure
Message: Oct 19 08:55:56 EPBYMINW0065T1? httpd[2356]: cryptographic key generation failed: HMAC
DNS
Message: 2011-10-18T13:37:33+00:00 daemon (none) named[4456]: err client 10.32.2.108#47160: request has invalid signature: TSIG sha256cc: tsig verify failure (BADKEY) 2011-10-18T13:37:33+00:00 daemon (none) named[4456]: err client 10.32.2.108#47160: request has invalid signature: TSIG sha256cc: tsig verify failure (BADKEY)
DHCP
Message: 2011-10-18T11:18:38+00:00 daemon (none) dhcpd[20440]: err No tsec for use with key sha128cc Message: 2011-10-31T18:32:17+00:00 daemon (none) dhcpd[20440]: err Invalid operation in ddns code.
Upgrade
Message: 2011-10-26T12:33:30-04:00 user EPBYMINW2994t1 infoblox_crypt[]: err cryptographic operation failed: decryption
Message: 2011-10-26T12:34:33-04:00 user EPBYMINW2994t1 infoblox_crypt[]: err cryptographic operation failed: encryption
Message: 2011-10-26T12:35:53-04:00 user EPBYMINW2994t1 infoblox_crypt[]: err cryptographic operation failed: RSA verify signature
Message: 2011-10-26T12:38:56-04:00 user EPBYMINW2994t1 infoblox_crypt[]: err cryptographic operation failed: RSA signing
Quotas
Event: When the administration backend is overloaded by too much combined GUI and API traffic, a message like this is logged to syslog (it is not associated with any user).
Message: 2011-10-31T23:42:21+00:00 user (none) httpd[]: warning Too many administration connections Event: Disk space limit was changed and is below the disk usage.
Message: 2011-11-02T00:24:54+00:00 user manojk-vm httpd[]: err Storage Limit has been lowered and usage now exceeeds the limit, Usage: 150 MB, Limit :100 MB
Event: Disk space limit reached.
Message: 2011-11-02T00:24:54+00:00 user manojk-vm httpd[]: err Exceed the TFTP Storage limit, User name:user1, Used Storage:2048 B, File name :a.zip, File size :272629904 B, Limit :102400 B
Open SSL
Event: FIPS self test failed.
Message: FIPS routines:EVP_DigestInit_ex:fips selftest failed:digest.c:18: Event: Tried to use non-FIPS algorithm in FIPS mode.
Message: 140576691959464:error:140A9129:SSL routines:SSL_CTX_new:only tls allowed in fips mode:ssl_lib.c:1527:
Message: 139852903503528:error:0A07C06E:dsa routines:func(124):reason(110):dsa_key.c:131: Event: Used DES-CBC-SHA cipher suite in FIPS mode.
Message: 140418599392936:error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher match:ssl_lib.c:1282:
Event: Error setting digest MD5.
Message: 140403566474920:error:060800A0:digital envelope routines:EVP_DigestInit_ex:unknown cipher:digest.c:248:
Replay Detection
Event: OpenVPN
Message: Mon Oct 22 22:30:00 2007 us=939054 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #0 / time = (4196958004) Wed Nov 23 16:11:48 1966 ] silence this warning with --mute-replay-warnings, error_prefix, packet_id_net_print (&pin, true, &gc)
Event: OpenVPN
Message: Mon Oct 22 22:30:00 2007 ACK reliable_can_send is a replay : [1] 0 Event: HTTPS
Message: Mon Oct 22 22:30:00 2007 Digest: Warning possible replay attack: nonce-count check failed: 12345678
= 123456789
GSS-TSIG
Message: 2011-10-18T13:37:33+00:00 named[4456]: err signature invalid: message integrity
Message: 2011-10-18T14:32:22+00:00 named[4456]: err authentication failed for aes128-cts-hmac-sha1-96: unknown principal
Message: 2011-10-18T14:42:12+00:00 named[4456]: err signature failed to verify(1) Message: 2011-10-18T14:45:54+00:00 named[4456]: err signature is in the future
User Login
Message: 2011-10-19T08:27:23-04:00 user spradhan-vm serial_console[]: info User admin set_repsafe_mode: On Message: 2011-10-19T08:29:54-04:00 user spradhan-vm serial_console[]: info User admin set_repsafe_mode: Off
Message: 2011-10-19T08:38:02-04:00 user spradhan-vm serial_console[]: info audit has been truncated to approximately 2011-10-19T08:29:00-04:00
Message: 2011-10-19T08:41:47-04:00 user spradhan-vm serial_console[]: info syslog has been truncated to approximately 2011-10-19T08:41:00-04:00
File Rotation
Event: Audit log is rotated.
Message: 2011-11-01T18:23:00-07:00 user manojk-vm perl[18990]:info audit has been truncated to approximately 2011-11-01T18:23:00-07:00
Event: Syslog is rotated.
Message: 2011-11-01T18:23:00-07:00 user manojk-vm perl[18990]:info syslog has been truncated to approximately 2011-11-01T18:23:00-07:00
Zeroization
Event: Logged in case of error
Message: 2011-11-01T15:32:59-04:00 daemon manojk-vm ntpd[18990]:err Error erasing /storage/etc/ntp.keys using shred
First Login
Message: [2011/10/19 08:44:45.866] (32289 /usr/bin/httpd)
/infoblox/common/lib/python/infoblox/one/admin_conn/userauth.py:415 _log(): [user] First_Login to=AdminConnector auth=LOCAL group=admin-group apparently_via=GUI
Password Expired
Message: [2011/10/20 09:17:29.257] (15750 /usr/bin/httpd)
/infoblox/common/lib/python/infoblox/one/admin_conn/userauth.py:415 _log(): [user] Password_Expired to=AdminConnector ip=127.0.0.1 auth=LOCAL group=admin-group apparently_via=GUI
Password Reset
Message: [2011/10/19 08:44:45.962] (32289 /usr/bin/httpd)
/infoblox/common/lib/python/infoblox/one/admin_conn/userauth.py:415 _log(): [user] Password_Reset to=AdminConnector auth=LOCAL group=admin-group apparently_via=GUI
Failed Password Reset
Message: [2011/10/19 09:07:33.343] (32526 /usr/bin/httpd)
/infoblox/common/lib/python/infoblox/one/admin_conn/userauth.py:415 _log(): [user] Password_Reset_Error to=AdminConnector auth=LOCAL group=admin-group apparently_via=GUI



This page has no comments.