Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Timothy_Hall
Legend Legend
Legend

Show Current Gaia API Sessions?

To see current Management API sessions one can look under Manage & Settings...Sessions...View Sessions in SmartConsole.  How is this accomplished for the Gaia API?  In other words how can I see if there is an active Gaia API session at the moment?

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
0 Kudos
5 Replies
Bob_Zimmerman
Authority
Authority

[Expert@DallasSA]# mgmt_cli -f json -r true show sessions details-level full | jq -c '.objects[]|[."user-name",.application,."read-only"]'
["WEB_API","WEB_API",false]
["BobZ","SmartConsole",false]

API sessions show the application name "WEB_API". SmartConsole sessions show "SmartConsole".

A '-r true' session shows up with the username "WEB_API" as well.

0 Kudos
Timothy_Hall
Legend Legend
Legend

Is this for Gaia API connections or Management API?  It looks like the Management API.

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
0 Kudos
Bob_Zimmerman
Authority
Authority

Yeah, just realized a few minutes ago I misunderstood the question. Can't seem to edit or delete my post, which is fun.

0 Kudos
Art_Zalenekas
Employee
Employee

https://sc1.checkpoint.com/documents/latest/GaiaAPIs/index.html#introduction~v1.6%20

We don't have native API call for showing sessions.

You can see how many sessions you have with gaia_api status:

# gaia_api status

API Status:
---------------------
Build: cp991255050
Uptime: 0:07:45
Current Sessions: 0
Latest Version: 1.6

 

0 Kudos
Bob_Zimmerman
Authority
Authority

From poking at this for a few minutes, I can see /var/log/gaia_api_server.log contains interesting data:

17/06/22 15:50:30: MainThread: infra.urlGeneratorIS: DEBUG: Handle request: <class 'requests.sessions.LoginRequest'>
17/06/22 15:50:30: MainThread: infra.urlGeneratorIS: DEBUG: Execute validators
17/06/22 15:50:30: MainThread: infra.urlGeneratorIS: DEBUG: requestData = {'user': 'admin', 'password': '1qaz!QAZ'}
17/06/22 15:50:30: MainThread: validate: DEBUG: _validate json = {'user': 'admin', 'password': '1qaz!QAZ'}
17/06/22 15:50:30: MainThread: infra.urlGeneratorIS: DEBUG: All Active type: {'user': 'non_empty_ascii', 'password': 'non_empty_ascii'}
17/06/22 15:50:30: MainThread: infra.urlGeneratorIS: DEBUG: Verify permissions
17/06/22 15:50:30: MainThread: infra.pipeline: DEBUG: Execute commit function for class <class 'requests.sessions.LoginRequest'>
17/06/22 15:50:31: MainThread: infra.pipeline: DEBUG: Handling output
17/06/22 15:50:31: MainThread: objects.sessions: INFO: Remote authentication succeed for user:admin
17/06/22 15:50:31: MainThread: app: INFO: Request for endpoint /v1.6/login [method: POST], for source 10.0.3.18, SUCCEEDED [duration 329ms]

17/06/22 15:50:46: MainThread: infra.urlGeneratorIS: DEBUG: Handle request: <class 'requests.sessions.LogoutRequest'>
17/06/22 15:50:46: MainThread: infra.urlGeneratorIS: DEBUG: Execute validators
17/06/22 15:50:46: MainThread: infra.urlGeneratorIS: DEBUG: requestData = {}
17/06/22 15:50:46: MainThread: validate: DEBUG: _validate json = {}
17/06/22 15:50:46: MainThread: infra.urlGeneratorIS: DEBUG: All Active type: {}
17/06/22 15:50:46: MainThread: infra.urlGeneratorIS: DEBUG: Verify permissions
17/06/22 15:50:46: MainThread: infra.pipeline: DEBUG: Execute commit function for class <class 'requests.sessions.LogoutRequest'>
17/06/22 15:50:46: MainThread: infra.pipeline: DEBUG: Instantiate response class
17/06/22 15:50:46: MainThread: app: INFO: Request for endpoint /v1.6/logout [method: POST], for source 10.0.3.18, SUCCEEDED [duration 10ms]

I added a newline between the login and logout. Logins record when the user authentication works, but no unique session identifier. Logouts don't record who logged out or any kind of session identifier. Passwords are recorded in cleartext (twice!), which is ... not great.

/var/log/audit/audit.log shows logins, but no session identifier and no logouts.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events