Search |
PlanetLab LogsPlanetLab logs are in two parts: I) PLC API access control logs, II) Per-node SSH logs. I)PLC API access control logsEach record in the 'events' file is a specific operation call made at PLC. Record fields are: 1) event_id: Unique identifier for the event. Event is a synonym for a remote operation call. 2) person_id: Unique ID belonging to the PlanetLab user who performed the call. 3) node_id: Unique ID belonging to the PlanetLab node which performed the call. A valid call has either the person_id or node_id field set. 4) fault_code: Indicates the result of a call, success or failure. Possible values for failure:
5) call_name: The operation name. Refer to documentation for PLC API operations: http://www.planet-lab.org/doc/plc_api 6) call: The specific operation call parameters which are anonymized. 7) message: Optional message given by PLC after execution. 8) runtime: Time in seconds to perform the call. 9) time: Timestamp of the call. 10) auth_type: The method of authentication that the caller uses. (check out: http://www.planet-lab.org/doc/plc_api#Authentication) Example: Record in the 'events' file: “1727553 8 \N 0 AddSliceToNodes (ANON, 13938, [10834]) \N 0.15730190277100001 2008-12-19 15:22:43.635522 password” Explanation: 1) event_id: 1727553 2) person_id: 8 3) node_id: N/A 4) fault_code: 0 5) call_name: AddSliceToNodes 6) (ANON, 13938, [10834]) 7) message: 8) runtime: 0.157301902771 9) time: 2008-12-19 15:22:43.635522 10) auth_type: password Using PLC API method prototype: In order to understand what the operation does, we check the description at http://www.planet-lab.org/doc/plc_api : The point to note here is that, the “AddSliceToNodes” operation gets three arguments. Whenever we see 'ANON' in an event record, that means the original log record has been altered for anonymity. Here, the actual 'auth' Python structure provided by the caller is deleted. In some other operation parameters, the user emails are replaced by their Ids in order to perform anonimization, but still to be able to identify the user record being changed, looked up, etc. So if we see a dictinary parameter such as “{'email': 15398}”, this is because we replaced actual email address with user ID, which are both unique identifiers for a user. The ID's for slices, persons, nodes are related to ID's of sites such that, each of those objects belongs to a site. This mapping is provided in this page as well. It is important to read the PLC API page, and also to have a knowledge of Python lists and dictionaries to understand the way parameters are passed into the operation calls. II) Per-node SSH logsSSH logs are kept at every PlanetLab node. The content of those logs are made up of both SSH related logs, and also PlanetLab specific logging. Here is some information about the format and meaning of different log entries that can be found inside the provided SSH log files. Some different types of messages, indicated with their first two words, are as follows: Bad protocol Connection closed delete user Did not fatal: Read input_userauth_request: invalid Invalid user new user: Postponed publickey Received disconnect reverse mapping
Bad protocol version identification 'POST http://tabletme.com/pills/cialis.php HTTP/1.1' from 94.76.199.10 Connection closed by 128.84.96.58 delete user `arizona_stork_install' Did not receive identification string from 68.181.236.70 fatal: Read from socket failed: Connection reset by peer input_userauth_request: invalid user uw_iplane Invalid user uw_iplane from 128.208.3.157 new user: name=arizona_stork_install, UID=1421, GID=504, home=/home/arizona_stork_install, shell=/bin/vsh Postponed publickey for pl_netflow from 128.112.139.45 port 45239 ssh2 Received disconnect from 202.121.135.4: 11: Bye Bye Received disconnect from 80.223.117.241: 11: Closed due to user request. reverse mapping checking getaddrinfo for arizona [134.193.129.81] failed - POSSIBLE BREAK-IN ATTEMPT!
|
PlanetLab loginAnnouncements
|