We have a Scala Play app and we are using the LogglyBatchAppender. But, all our environments (dev, staging, prod) logs are being mixed up on loggly. This says we can group by sources or hostnames or tags but hostname info is not being attached to outgoing loggly messages and this wiki page says nothing about how to attach tags in the LogglyBatchAppender (it does mention how to tag using the slower LogglyAppender). What is the best way to see different host/env logs in loggly if we are using the LogglyBatchAppender?
Hi you can set the endpointUrl in LogglyBatchAppender. When you set the URL make sure the include the tag at the end of it. You can tag them for dev/staging/prod. This way you can use Loggly's source groups.
Example with a prod tag. Remember to replace with your own customer token:
<configuration>
<appender name="logglyAppender" class="ch.qos.logback.ext.loggly.LogglyBatchAppender">
<endpointUrl>http://logs-01.loggly.com/inputs/YOUR-CUSTOMER-TOKEN/tag/prod/</endpointUrl>
...
</appender>
</configuration>
Related
This appeared for two larger requests, neither of which failed/errored, in a test case with a single user run.
However, this does not appear for the five-user run of the same test case.
I haven't been able to find any documentation on Apache regarding the appearance of infinity during test runs.
Has anyone faced this? If so, did you find a way to get the reporting tool list the true numeric value?
Example of "infinity" appearing in the statistics.json 1
If you have "Infinity" in the statistics.json it means that the relevant Sampler has failed somewhere somehow (it hasn't been executed for some reason).
The reason can be found in:
.jtl results file, take a look at "responseMessage" column
jmeter.log file
If you want to see where the values are coming from and how the statistics are being built and processed - increase JMeter's logging verbosity for the HTML Reporting Dashboard packages by adding the next line to log4j2.xml file:
<Logger name="org.apache.jmeter.report.dashboard" level="debug" />
The easiest way to reproduce the issue is just creating a "bad" request, for example adding a HTTP Request sampler like this:
it won't be executed because you cannot have :// characters in the DNS hostname and this transaction will be having "Infinity" values in the statistics.json
Wanted to integrate with VirusTotal and Yara but it seems like active response doesn't work as expected by following the steps in the link below:
https://documentation.wazuh.com/current/user-manual/capabilities/active-response/ar-use-cases/removing-malware.html
After adding/downloading eicar.com in /root directory, and read ossec.log, I get the following output:
About VirusTotal
I just followed the documentation and it worked well for me in Wazuh Manager 4.3.4 and a Wazuh Agent of the same version.
I got those same messages in /var/ossec/logs/ossec.log of the Wazuh Agent, those appear when the files do not exist or the proper permissions are not assigned, those files were replaced already in 4.2 but still show up in the log, since you are trying to use the script from the documentation then do not worry about those messages.
If you check under /var/ossec/logs/active-responses.log do you get any error?
What version of Wazuh Manager and Wazuh Agent are you using?
About Yara
It shouldn't be related to VirusTotal and probably deserves a different post, there is an issue open here but seems it is working, probably this comment helps you troubleshooting that one
The Active Response module is managed from the Wazuh Manager in /var/ossec/etc/ossec.conf, from here you can enable the response you need to execute using an <active response> configuration block that will use a "command" as a response. For example, if you are going to enable "remove-threat" as an Active Response on any agent that triggers the VirusTotal rule, you should have a <command> block and also an <active-response> block for that particular case, the same goes for any other AR case you may want to use.
<command>
<name>remove-threat</name>
<executable>remove-threat.sh</executable>
<timeout_allowed>no</timeout_allowed>
</command>
<active-response>
<disabled>no</disabled>
<command>remove-threat</command>
<location>local</location>
<rules_id>87105</rules_id>
</active-response>
The Response (script) needs to be present on each agent under /var/ossec/active-response/bin/. If you are only using the "remove-threat" Active Response, you should only have a single <active-response> block on the Manager's configuration file. Each <active-response> block within the Manager's "ossec.conf" must have a matching <command> block that is basically the response (script) the module is going to use. Perhaps you can share with us this configuration file so we can take a look.
Also, the following output from the Manager will be useful to see if the integration with Virustotal is being activated:
cat /var/ossec/logs/ossec.log | grep wazuh-integratord
I hope this helps,
Let us know
Trying to configure a custom theme based on the service has been quite an undertaking in CAS 6.2.0. We use the car-overlay-template (https://github.com/apereo/cas-overlay-template) to configure and build the project.
The documentation is pretty clear about where to put the themes and what properties to use in the cas.properties file: https://apereo.github.io/cas/development/ux/User-Interface-Customization-Views.html
The property value to specify the templates location is set to:
#spring.thymeleaf.encoding=UTF-8
#spring.thymeleaf.prefix=file:///etc/cas/templates/
cas.view.templatePrefixes=file:///etc/cas/templates/
and I have the appropriate directory in the templates directory above specified in the service configuration but I continue to get the error:
2020-04-19 06:35:06,268 WARN [org.apereo.cas.services.web.RegisteredServiceThemeResolver] - <Custom theme [foobar] for service [AbstractRegisteredService(serviceId=^(https|imaps)://.*, name=HTTPS and IMAPS, theme=epc, informationUrl=null, privacyUrl=null, responseType=null, id=10000001, description=This service definition authorizes all application urls that support HTTPS and IMAPS protocols., expirationPolicy=DefaultRegisteredServiceExpirationPolicy(deleteWhenExpired=false, notifyWhenDeleted=false, notifyWhenExpired=false, expirationDate=null), acceptableUsagePolicy=DefaultRegisteredServiceAcceptableUsagePolicy(enabled=true, messageCode=null, text=null), proxyPolicy=org.apereo.cas.services.RefuseRegisteredServiceProxyPolicy#1, proxyTicketExpirationPolicy=null, proxyGrantingTicketExpirationPolicy=null, serviceTicketExpirationPolicy=null, singleSignOnParticipationPolicy=null, evaluationOrder=10000, usernameAttributeProvider=org.apereo.cas.services.DefaultRegisteredServiceUsernameProvider#87297e2, logoutType=BACK_CHANNEL, environments=[], attributeReleasePolicy=ReturnAllowedAttributeReleasePolicy(super=AbstractRegisteredServiceAttributeReleasePolicy(attributeFilter=null, principalAttributesRepository=DefaultPrincipalAttributesRepository(), consentPolicy=DefaultRegisteredServiceConsentPolicy(enabled=true, excludedAttributes=null, includeOnlyAttributes=null, order=0), authorizedToReleaseCredentialPassword=false, authorizedToReleaseProxyGrantingTicket=false, excludeDefaultAttributes=false, authorizedToReleaseAuthenticationAttributes=true, principalIdAttribute=null, order=0), allowedAttributes=[]), multifactorPolicy=DefaultRegisteredServiceMultifactorPolicy(multifactorAuthenticationProviders=[], failureMode=UNDEFINED, principalAttributeNameTrigger=null, principalAttributeValueToMatch=null, bypassEnabled=false, forceExecution=false, bypassTrustedDeviceEnabled=false, bypassPrincipalAttributeName=null, bypassPrincipalAttributeValue=null, script=null), logo=null, logoutUrl=null, redirectUrl=null, accessStrategy=DefaultRegisteredServiceAccessStrategy(order=0, enabled=true, ssoEnabled=true, unauthorizedRedirectUrl=null, delegatedAuthenticationPolicy=DefaultRegisteredServiceDelegatedAuthenticationPolicy(allowedProviders=[], permitUndefined=true, exclusive=false), requireAllAttributes=true, requiredAttributes={}, rejectedAttributes={}, caseInsensitive=false), publicKey=null, authenticationPolicy=DefaultRegisteredServiceAuthenticationPolicy(requiredAuthenticationHandlers=[], criteria=null), properties={}, contacts=[])] cannot be located. Falling back to default theme...>
Nowhere in the documentation does it mention directory structure for the theme/filenames or format. I understand the project is using Thymeleaf but we still need filenames and I guess a better understanding of how to set the theme path so the CAS can find the theme.
If you had any luck configuring this it would be great if you shared the part of your configuration we are missing.
After a LOT of testing and playing around with the configuration I finally got it to work as I expected it to work. I have put a small project together just in case someone else had this issue and needs a quick tutorial. You can see the project at: https://github.com/dannymk/cas-dynamic-style
► Problem: Anyone can access a webpage, but I only want logged in users to be authorized to access it.
Background:
Web Server = IIS 8
Server OS = Windows Server 2012
Framework = .NET 4.5
Environment = .\WebFolder\logon.aspx, .\WebFolder\inside.html
Website = Simple logon page ("logon.aspx") that guards an html page ("inside.html").
Users = External people (ie, non-intranet)
Sample URLs:
A. "www.webpage.com/logon.aspx"
B. "www.webpage.com/inside.html"
Desired Outcome:
Everyone can access the "logon.aspx" page
Only logged on users can access the "inside.html" page
Any direct attempts to access "B" will trigger a redirect to "A"
No additional use of program code
Prior Attempts:
I've been fiddling with the web.config file (authentication & authorization), but to no avail (501 Server Error, 401 Authorization Error, Runtime Application Error).
Web.Config File:
<system.web>
<authentication>
<forms name=".ASPXFORMSAUTH" loginUrl="logon.aspx" protection="All" timeout="1" path="/" slidingExpiration="true" requireSSL="false" />
</authentication>
<authorization></authorization>
</system.web>
Bottom line: I'm sure this is a very basic/easy thing to configure, it's just that I haven't been able to do it so far. Plus, I do not want to write any additional code in order to accomplish a seemingly fundamental task.
Thanks in advance!
Okay, I figured it out (after 7 hours). It requires four things (based on the example file structure):
1. Using the FormsAuthentication module
VS2012 → Project → Your credentials/authentication code → Use FormsAuthentication.RedirectFromLogin(_var1_, _var2_) instead of Response.Redirect(inside.html)
2. Adding a new node in the web.config file
<system.webServer><handlers><add name="HTMLHandler" type="System.Web.StaticFileHandler" path="*.html" verb="GET" /></handlers>
3. Including the 'defaultUrl' attribute in the Forms tag
<forms name=".ASPXFORMSAUTH" loginUrl="logon.aspx" defaultUrl="inside.html" protection="All" timeout="1" path="/" slidingExpiration="false" requireSSL="false" />
4. Adding a location tag authorization restriction to the 'web.config' file
<location path="inside.html"><system.web><authorization><deny users="?" /></authorization></system.web></location>
See my comments (below) for an explanation of each of these four pieces.
Is there an API to determine whether a given job is currently running or not?
Ideally, I'd also like to be able to determine its estimated % complete and get the details of the SVN revision number and commit comment too!
EDIT:
I found the answer. http://host/job/project/lastBuild/api/ has almost all of what I need in it somewhere! If you kick off a manual build, it won't tell you the SCM changesets, but that makes sense. It does still tell you the latest SCM revision though, so that's good. All in all, good enough for my purposes right now.
As gareth_bowles and Sagar said, using the Jenkins API is the way to know.
If you put the depth to 1, you will see what you're looking for:
http://host/job/project/lastBuild/api/xml?depth=1
You will see there's a <building> tag to tell if that build is running
...
<build>
<action>
<cause>
<shortDescription>Started by user Zageyiff</shortDescription>
<userId>Zageyiff</userId>
<userName>Zageyiff</userName>
</cause>
</action>
<building>true</building>
<duration>0</duration>
<estimatedDuration>-1</estimatedDuration>
<fullDisplayName>Project #12</fullDisplayName>
<id>2012-08-24_08-58-45</id>
<keepLog>false</keepLog>
<number>12</number>
<timestamp>123456789</timestamp>
<url>
http://host/job/project/12
</url>
<builtOn>master</builtOn>
<changeSet/>
<mavenVersionUsed>3.0.3</mavenVersionUsed>
</build>
...
I'm using the Groovy plug-in, and run the following snippet as system:
import hudson.model.*
def version = build.buildVariableResolver.resolve("VERSION")
println "VERSION=$version"
def nextJobName = 'MY_NEXT_JOB'
def nextJob = Hudson.instance.getItem(nextJobName)
def running = nextJob.lastBuild.building
if (running) {
println "${nextJobName} is already running. Not launching"
} else {
println "${nextJobName} is not running. Launching..."
def params = [
new StringParameterValue('VERSION', version)
]
nextJob.scheduleBuild2(0, new Cause.UpstreamCause(build), new ParametersAction(params))
}
It works like a charm.
If you go to your job's page, and add "api" to the end of the URL, you'll get information on using the API.
http://yourjenkins/job/job_name/api
More information on using the Jenkins API:
https://wiki.jenkins-ci.org/display/JENKINS/Remote+access+API
If you're comfortable with digging through the Jenkins Java API, you could write a system Groovy script to get this data. The Job class is the place to start.
As stated on the /api page of your build (chapter "Accessing Progressive Console Output"), you can poll the console output with a GET request by calling <url-to-job>/lastBuild/logText/progressiveText. To quote the API doc:
If the response also contains the X-More-Data: true header, the server is indicating that the build is in progress
And there you go. You can test this behaviour by simply calling the respective URL in your browser and then inspecting the response headers with your browser's developer tools (usually accessed by pressing F12). In Firefox, the respective tab is called "network analysis" (assuming my translation is correct, my browser is not set to English). In Chrome, navigate to the "Network" tab.
This answer is based on Jenkins version 2.176.3.
It is also possible to look at the color attribute. I know it is not the wanted way. But maybe someone can make use of it.
get the overview xml via "/job/api/xml" and then check the color attribute for "anim".