Haproxy logging each call twice? - haproxy

I'm using awslogs to send my haproxy logs to Cloudwatch from an EC2 instance running Ubuntu, and it's working fine, except that each log message is appearing twice.
This post seems to indicate that it's because log global is in global as well as defaults, but I can't find anything else about it.
Here's the log bits of the current configuration:
#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
log 127.0.0.1 local2
...
defaults
mode http
log global
...
I commented out 'log global' in defaults but I'm still seeing double log entries in Cloudwatch.
editing to add rsyslog 49-haproxy.conf:
# Create an additional socket in haproxy's chroot in order to allow logging via
# /dev/log to chroot'ed HAProxy processes
$AddUnixListenSocket /var/lib/haproxy/dev/log
# Send HAProxy messages to a dedicated logfile
if $programname startswith 'haproxy' then /var/log/haproxy.log
&~

Related

Weblogic Server contains NONE value during session ID generation

We have setup weblogic 12.2.1.4 clustered environment with 2 nodes in a cluster. We use session ID as part of authentication mechanism to log our user session info to the database. When both managed servers are up, the server generates this session ID:
MrvgJEMe6NG95XNsflnhsWjspl52GXPdl33whbIfGkgaEQm7Rk0X!1974917613!-533469515!1605782630842
When we tried to test session replication, by bringing down the server that currently serves the HTTP request, we have noticed that the session ID has changed and contains NONE as part of the generated ID.
MrvgJEMe6NG95XNsflnhsWjspl52GXPdl33whbIfGkgaEQm7Rk0X!1974917613!NONE!1605782630842
This has caused session replication inconsistency. Has anyone encountered the same issue and how did you resolve it? Your inputs are highly appreciated.
Thank you in advance for the help.
Enable the Debug Flags to Track Session Replication Failures
To gather more logging information about session replication failures, you should enable the flags DebugCluster, DebugClusterAnnouncements, DebugFailOver, DebugReplication, and DebugReplicationDetails.
To Enable:
In WebLogic Server 9.x and higher, the reccommended approach is to use the admin console. For each server in the domain, navigate to Servers -> -> Debug and enable the desired flag(s).
You can use the weblogic.Admin command line utility to dynamically turn the debug options on and off.
For example, to turn on DebugCluster on all administration instances of ServerDebug Mbean (i.e., Admin Server or a Managed Server):
java weblogic.Admin -url t3://localhost:7001 -username system -password weblogic SET -type ServerDebug -property DebugCluster true
Alternatively, you can edit the config.xml and the Mbean element in the stanza for each server that you want to debug and set the value to "true" to enable or "false" to disable. Then you must restart the Admin Server. Managed Servers will reconnect to the Admin Server and the debug flags will then dynamically take effect. Example:
At the end, with all the flags set, in your config.xml the ServerDebug tag would like below:
Make sure the stdOutSeverity level of the server is INFO and StdoutDebugEnabled is set to "true". The debug information will be logged into the server log as well as to the standard out.
Validate the Weblogic.xml entries
Make sure weblogic.xml has all the parameters that need to be set for each Session Replication type. For example, when using in-memory replication the sample weblogic.xml would look like:

Grafana gives error message' Server error' when trying to configure InfluxDB

I'm creating a new user. Still, Grafana gives me an error
pi#raspberrypi:~ $ influx
Connected to http://localhost:8086 version 1.8.0
InfluxDB shell version: 1.8.0
> CREATE USER "todd" WITH PASSWORD '123456'
> CREATE DATABASE toddDb
> quit
pi#raspberrypi:~ $ hostname -I
192.168.0.14
How do I get the frafana connection to InfluxDB working?
EDIT
my conf file /etc/influxdb/influxdb.conf is configured as following:
[http]
# Determines whether HTTP endpoint is enabled.
enabled = true
# The bind address used by the HTTP service.
bind-address = ":8086"
# Determines whether user authentication is enabled over HTTP/HTTPS.
auth-enabled = true
# Determines whether the pprof endpoint is enabled. This endpoint is used for
# troubleshooting and monitoring.
pprof-enabled = true
# Enables authentication on pprof endpoints. Users will need admin permissions
# to access the pprof endpoints when this setting is enabled. This setting has
# no effect if either auth-enabled or pprof-enabled are set to false.
pprof-auth-enabled = true
# Enables authentication on the /ping, /metrics, and deprecated /status
# endpoints. This setting has no effect if auth-enabled is set to false.
ping-auth-enabled = true
Oh that was a ridiculous problem.
In the URL field, the address needs to be prefixed with http://
Either http://192.168.0.14:8086 or http://localhost:8086 worked

fail2ban logging only mode before banning ip's

I would like to implement fail2ban on critical production systems and wondering if there is a 'monitoring' mode possible where ip's are not banned but logged to review fail2ban operation first to prevent outages because of config failures?
We have an action dummy that can be used for this purposes.
So configure it like this in your jail.local for [jail] you want test or [DEFAULT] section for all jails:
[jail]
banaction = dummy[target=/some/path/to/fail2ban.dummy.txt]
This works for v.0.10 and higher.
If you have still v.0.9, use action instead banaction (with all expected parameters) or banaction = dummy without [target=...] (it would use default target path /var/run/fail2ban/fail2ban.dummy).

Jboss ON installation waiting for server

I'm trying to install Jboss Operations Network server and have issues during the step where installer tries to connect to local Jboss server. Hence, I'm constantly getting this info message:
INFO [org.rhq.server.control.command.Install] Still waiting for server to start...
Exact defect in redhat hub is described here
Thing is, I believe my properties file is correctly set up and certainly both jboss.bind.address and jboss.bind.address.management are set. Tried 0.0.0.0 and 127.0.0.1 bindings, also tried to not set it at all, however then the installation wouldn't start at all - rhs-server.properties validation error with reason null.
According to server.log the server itself did start correctly. Although strangely enough password doesn't work when logging in to management console, but that's other issue.
#################### RHQ Server Configuration Properties ####################
#############################################################################
# Database Settings
# -----------------
# INSTALLATION ACTION REQUIRED!
# All properties must be explicitly set for the desired database vendor.
#
# These should point to the database that your RHQ Server will use as
# its backend RDBMS storage.
# If you are using Oracle:
# - comment out the Postgres settings
# - uncomment the Oracle settings below
# - adjust the values to match your environment
#
# NOTE: rhq.server.database.password is not to be set to the actual password
# but instead should be the encoded password value as generated by:
# rhq-encode-value.sh(.bat)
#############################################################################
# PostgreSQL database
# rhq.server.database.connection-url=jdbc:postgresql://127.0.0.1:5432/rhq
# rhq.server.database.user-name=rhqadmin
# rhq.server.database.password=1eeb2f255e832171df8592078de921bc
# rhq.server.database.type-mapping=PostgreSQL
# rhq.server.database.server-name=127.0.0.1
# rhq.server.database.port=5432
# rhq.server.database.db-name=rhq
# hibernate.dialect=org.hibernate.dialect.PostgreSQLDialect
# rhq.server.quartz.driverDelegateClass=org.quartz.impl.jdbcjobstore.PostgreSQLDelegate
# Oracle database
rhq.server.database.connection-url=jdbc:oracle:thin:#localhost:1521:jon
rhq.server.database.user-name=rhqadmin
rhq.server.database.password=1eeb2f255e832171df8592078de921bc
rhq.server.database.type-mapping=Oracle10g
hibernate.dialect=org.hibernate.dialect.Oracle10gDialect
rhq.server.quartz.driverDelegateClass=org.quartz.impl.jdbcjobstore.oracle.OracleDelegate
#############################################################################
# Server Settings
# ---------------
# UPGRADE ACTION REQUIRED! The following property must be explicitly set:
# rhq.server.high-availability.name
#
# These are miscellaneous settings that the server will use to customize itself
# to the environment in which it is running. These are settings you usually
# want to change or at least be aware of.
#############################################################################
# Defines what this server's name is to be known as to the RHQ system.
# It doesn't necessarily have to be an IP address or hostname, but it can be.
# If left blank, the RHQ Server will pick a name for itself based on the
# hostname it is running on.
# NOTE! If you are upgrading an existing server, this must be the same name
# as the server being upgraded.
rhq.server.high-availability.name=localhost
# Email settings used to connect to an SMTP server to send alert emails.
rhq.server.email.smtp-host=localhost
rhq.server.email.smtp-port=25
rhq.server.email.from-address=xxxxx#yyyyy.no
#############################################################################
# Host and Port Bindings
# ----------------------
# INSTALLATION ACTION REQUIRED! The following property must be explicitly set:
# jboss.bind.address
#
# These define the ports the RHQ Server will bind to. Most of the time
# you can leave these alone. You can change these default values to
# conform to your own environment's requirements, such as the IP address
# the RHQ Server will bind to (jboss.bind.address) and the ports
# browsers will use to access the RHQ web application
# (rhq.server.socket.binding.port.http, rhq.server.socket.binding.port.https)
# If you change the binding address, you might also want to change
# "rhq.autoinstall.public-endpoint-address" as well.
#############################################################################
# The bind address for the RHQ server (jboss server). To bind the server on
# all network interfaces set to 0.0.0.0, otherwise a specific IP address.
# jboss.bind.address=0.0.0.0
jboss.bind.address=0.0.0.0
# By default only local management connections
jboss.bind.address.management=0.0.0.0
jboss.socket.binding.port-offset=0
jboss.management.native.port=6999
jboss.management.http.port=6990
jboss.management.https.port=6443
rhq.server.socket.binding.port.ajp=7009
rhq.server.socket.binding.port.http=7080
rhq.server.socket.binding.port.https=7443
rhq.server.socket.binding.port.jacorb=2528
rhq.server.socket.binding.port.jacorb-ssl=2529
rhq.server.socket.binding.port.messaging=4449
rhq.server.socket.binding.port.messaging-throughput=4455
rhq.server.socket.binding.port.osgi-http=7090
rhq.server.socket.binding.port.remoting=3447
rhq.server.socket.binding.port.txn-recovery-environment=3712
rhq.server.socket.binding.port.txn-status-manager=3713
#############################################################################
# Installer Settings
# ------------------
# INSTALLATION ACTION REQUIRED! Review the default settings:
#
# These enable the installer when starting for the first time. To do so,
# first ensure all values in this properties file are appropriately set
# for your environment. Once you are sure all values are as you want them,
# set rhq.autoinstall.enabled=true and run the server then run the installer.
#
# rhq.autoinstall.enabled
# This must be true to trigger the automatic install.
# rhq.autoinstall.database
# Allowed values: auto, overwrite, skip:
# auto : create a new schema if one does not exist, otherwise
# upgrade the existing schema as needed (keep existing data).
# overwrite: create a new schema even if one exists (lose existing data).
# skip : leave existing database as is. WARNING! You must ensure your
# database schema already exists and is up to date.
# rhq.autoinstall.public-endpoint-address
# The public IP/hostname that all agents will use to talk to this server.
# If not set, a value to use is determined at auto-install time.
# rhq.autoinstall.public-endpoint-port
# rhq.autoinstall.public-endpoint-secure-port
# The public ports that all agents will use to talk to this server.
# If not set, values to use will be determined at auto-install time.
# You can normally leave these empty unless you have a special setup
# where the server's bind ports are exposed differently to remote
# clients (e.g. within a Docker container).
# rhq.autoinstall.server.admin.password
# The password for the built-in "rhqadmin" superuser. If not set the
# password will be prompted for by the "rhqctl install" command.
#
# NOTE: rhq.autoinstall.server.admin.password is not to be set to the
# actual password but instead should be the encoded password value
# as generated by: rhq-encode-value.sh(.bat)
#############################################################################
rhq.autoinstall.enabled=true
rhq.autoinstall.database=auto
#rhq.autoinstall.public-endpoint-address=
#rhq.autoinstall.public-endpoint-port=
#rhq.autoinstall.public-endpoint-secure-port=
rhq.autoinstall.server.admin.password=1eeb2f255e832171df8592078de921bc
#############################################################################
# Advanced Settings
# -----------------
# The settings below can usually be left as-is. These are advanced settings
# and should only be changed if you know what you are doing.
#############################################################################
# Enable debug messages from RHQ code
rhq.server.log-level=INFO
# Set this to true to have the server reject agent requests upon startup.
rhq.server.maintenance-mode-at-startup=false
# RHQ Server's remote endpoint for agents to talk to
# bind-address and bind-port are derived from the HA server definition,
# if you set the address/port here, they will override the HA server
# definition found in the database
rhq.communications.connector.transport=servlet
rhq.communications.connector.bind-address=
rhq.communications.connector.bind-port=
rhq.communications.connector.transport-params=/jboss-remoting-servlet-invoker/ServerInvokerServlet
# Multicast detector configuration for auto-discovery
rhq.communications.multicast-detector.enabled=false
rhq.communications.multicast-detector.bind-address=
rhq.communications.multicast-detector.multicast-address=224.16.16.16
rhq.communications.multicast-detector.port=16162
# Server-side SSL Security Configuration for HTTPS thru Tomcat
# These are used for browser https access and
# for incoming messages from agents over sslservlet transport.
# [Due to issue https://issues.jboss.org/browse/WFLY-1177, you cannot change
# rhq.server.tomcat.security.keystore.file or rhq.server.tomcat.security.truststore.file
# after you install RHQ. If you need to change those again, you must manually do so in standalone-full.xml.]
# Note that security algorithm settings are commented out - the defaults will be determined at runtime
# based on the JVM the server is running in (for IBM JVMs, the algorithm will default to "IbmX509",
# for all other JVMs, the algorithm will default to "SunX509"). If you need a specific algorithm value,
# you may hardcode it here in this file by uncommenting the lines and setting the values explicitly.
rhq.server.tomcat.security.client-auth-mode=false
rhq.server.tomcat.security.secure-socket-protocol=TLS
#rhq.server.tomcat.security.algorithm=SunX509
rhq.server.tomcat.security.keystore.alias=RHQ
rhq.server.tomcat.security.keystore.file=${jboss.server.config.dir}/rhq.keystore
rhq.server.tomcat.security.keystore.password=RESTRICTED::5fb458952ebdaa86aa0b4e8d3eac5d13
rhq.server.tomcat.security.keystore.type=JKS
rhq.server.tomcat.security.truststore.file=${jboss.server.config.dir}/rhq.truststore
rhq.server.tomcat.security.truststore.password=RESTRICTED::5fb458952ebdaa86aa0b4e8d3eac5d13
rhq.server.tomcat.security.truststore.type=JKS
# Server-side SSL Security Configuration (for incoming messages from agents)
# These are used when secure transports other than sslservlet are used
rhq.communications.connector.security.secure-socket-protocol=TLS
rhq.communications.connector.security.keystore.file=${jboss.server.config.dir}/rhq.keystore
#rhq.communications.connector.security.keystore.algorithm=SunX509
rhq.communications.connector.security.keystore.type=JKS
rhq.communications.connector.security.keystore.password=RESTRICTED::5fb458952ebdaa86aa0b4e8d3eac5d13
rhq.communications.connector.security.keystore.key-password=RESTRICTED::5fb458952ebdaa86aa0b4e8d3eac5d13
rhq.communications.connector.security.keystore.alias=RHQ
rhq.communications.connector.security.truststore.file=${jboss.server.config.dir}/rhq.truststore
#rhq.communications.connector.security.truststore.algorithm=SunX509
rhq.communications.connector.security.truststore.type=JKS
rhq.communications.connector.security.truststore.password=RESTRICTED::5fb458952ebdaa86aa0b4e8d3eac5d13
rhq.communications.connector.security.client-auth-mode=none
# Client-side SSL Security Configuration (for outgoing messages to agents)
rhq.server.client.security.secure-socket-protocol=TLS
rhq.server.client.security.keystore.file=${jboss.server.config.dir}/rhq.keystore
#rhq.server.client.security.keystore.algorithm=SunX509
rhq.server.client.security.keystore.type=JKS
rhq.server.client.security.keystore.password=RESTRICTED::5fb458952ebdaa86aa0b4e8d3eac5d13
rhq.server.client.security.keystore.key-password=RESTRICTED::5fb458952ebdaa86aa0b4e8d3eac5d13
rhq.server.client.security.keystore.alias=RHQ
rhq.server.client.security.truststore.file=${jboss.server.config.dir}/rhq.truststore
#rhq.server.client.security.truststore.algorithm=SunX509
rhq.server.client.security.truststore.type=JKS
rhq.server.client.security.truststore.password=RESTRICTED::5fb458952ebdaa86aa0b4e8d3eac5d13
rhq.server.client.security.server-auth-mode-enabled=false
# Operations/controls timeout
# Defines the default timeout for all operations (specified in seconds)
rhq.server.operation-timeout=600
# Additional Quartz settings
rhq.server.quartz.selectWithLockSQL=SELECT * FROM {0}LOCKS ROWLOCK WHERE LOCK_NAME = ? FOR UPDATE
rhq.server.quartz.lockHandlerClass=org.quartz.impl.jdbcjobstore.StdRowLockSemaphore
# Concurrency limits for incoming UI and agent messages
rhq.server.startup.web.max-connections=200
rhq.server.agent-downloads-limit=45
rhq.server.client-downloads-limit=5
rhq.communications.global-concurrency-limit=30
rhq.server.concurrency-limit.inventory-report=5
rhq.server.concurrency-limit.availability-report=25
rhq.server.concurrency-limit.inventory-sync=10
rhq.server.concurrency-limit.content-report=5
rhq.server.concurrency-limit.content-download=5
rhq.server.concurrency-limit.measurement-report=10
rhq.server.concurrency-limit.measurement-schedule-request=10
rhq.server.concurrency-limit.configuration-update=10
# Content Local Filesystem Repository
rhq.server.content.filesystem=${jboss.server.data.dir}/packagebits
# The frequency (in millis) the server checks for updated plugins
rhq.server.plugin-scan-period-ms=300000
# When this is enabled, the server at start up will compare its endpoint
# address to the host name/address found on the host machine. If they differ,
# the server endpoint address will be updated to the value found on the host
# machine. This is targeted for use in cloud deployments where IP addresses
# change frequently, but it can be of use in other deployment settings where
# you have to deal with IP address changes.
rhq.sync.endpoint-address=false
# When this is enabled, the server will request that agents send content for
# for binary files that are being monitored for drift. The content for those
# files will then be persisted on the server. By default, the server does not
# persist content for well known binary file types like .ear, .war, .zip, .so,
# etc. The server does however persist content for text files or any other
# files that are not known binary types.
#rhq.server.drift.store-binary-content=false
# The installer will create a default EAP management user named 'rhqadmin'.
# The password is generated and obfuscated and specified here. This should
# not be edited.
rhq.server.management.password=-7f3686bb1fda3ac207a6df87216de44
#############################################################################
# Storage cluster configuration settings
#
# IMPORTANT NOTE:
# - Storage Node properties will be stored in the database
# after the initial install. The server will use database stored
# properties during operation and after restarts.
# - Additional servers in an HA topology will use database stored Storage
# Node properties. So properties set in this configuration file will be
# overriden on install with the database values.
#############################################################################
# The username RHQ will use to authenticate against the Storage Cluster.
# The value is generated and should not be edited.
rhq.storage.username=qfwrfyor
# The password RHQ will use to authenticate against the Storage Cluster.
# The value is generated and obfuscated and should not be edited.
rhq.storage.password=6565d48c5be26f74df8592078de921bc
# A comma-delimited list of storage nodes. Each Storage node uses this list as
# contact points to find other nodes in the cluster and learn the ring
# topology. The RHQ server(s) use this list to connect to the cluster;
# therefore, this property MUST BE SET in order for RHQ to talk to the Storage.
# Cluster. The of an entry is as follows:
#
# hostname1,hostname2
#
# Note that this is actually an installer setting. Changing the value after
# installation will have no effect.
rhq.storage.nodes=MT3JZ0D5J
# The ports used by storage nodes to communicate with each other
# and used by the RHQ server(s) to communicate with the cluster.
# Both properties are required.
#
rhq.storage.cql-port=9142
rhq.storage.gossip-port=7100
#############################################################################
# Storage client settings
#
# The following are advanced settings the client (i.e., driver) that
# communicates with the storage cluster
#############################################################################
# The request limit will automatically change by this amount when there is a
# topology change event. The change will be persisted to this file. Topology
# change events include nodes being added/removed and nodes going up/down.
# Defaults 30,000 if undefined.. If specified the value is parsed as a double.
rhq.storage.request.limit.topology-delta=30000
# When a request times out, the request limit as specified by
# rhq.storage.request.limit will be decreased. The change will be persisted to
# this file. The value is parsed as a double and should be expressed as a
# percentage (i.e., a value between 0 and 1). For example, a value of 0.3 means
# that on a request timeout, the the request limit will decrease by 30%.
# Defaults to 0.2 if undefined.
rhq.storage.request.limit.timeout-delta=0.2
# If a request timeout occurs, there is a good possibility that it could be
# followed by successive timeouts due to read/write patterns. This property
# specifies a dampening period such that the request throughput will only be
# decreased once for all timeouts that occur during said period. Defaults to
# 30 seconds if undefined. The value is specified in milliseconds and is parsed
# as a long.
rhq.storage.request.limit.timeout-dampening=30000
# Sets the maximum throttling. In other words, the request limit will not
# decrease lower than this value. Defaults to 5,000 if undefined. The value is
# parsed as a double.
rhq.storage.request.limit.min=5000
##############################################################################
# Metrics aggregation settings
#
# Note that if you commit the RHQ Server into inventory, these settings can be
# managed through the resource configuration of the Measurement Subsystem.
# Changes made through the Measurement Subsystem resource are applied
# dynamically at runtime whereas directly editing these properties requires a
# a server restart for changes to take effect.
##############################################################################
# Specifies the number of schedules for which data will be fetched per thread.
# A higher value can improve aggregation performance at the cost of greater
# memory utilization.
rhq.metrics.aggregation.batch-size=5
# Specifies the number of batches that can be processed in parallel. A higher
# value can improve aggregation performance at the cost of greater memory
# utilization.
rhq.metrics.aggregation.parallelism=3
# The number of threads to use during aggregation. It defaults to
# ceiling(5, num_cores).
rhq.metrics.aggregation.workers=4
# A limit, specified in days, on the age of raw data that is ingested. If raw
# data has a timestamp that is more than limit days old, then it is not stored.
# This prevents raw data that is for example a year old from being stored.
rhq.metrics.data.age-limit=3
This defect was solved in v3.3 update 9. Installing most recent update from here should solve the problem.

How can i send nessus log over syslog?

I've been ask to send the logs from a Nessus scanner remotely on a syslog server,
But I can't find a way to bind it to syslog.
Is there a way to do it ?
You would need to use the imfile module of rsyslog and configure a rule for each Nessus log file.
Here's a suggestion on how to proceed:
Edit /etc/rsyslog.conf
Add the following line:
$ModLoad imfile
Create the imfile rules by adding the below lines for each log file (I suggest including nessusd.messages, nessusd.dump and backend.log. By default, they are in /opt/nessus/var/nessus/logs):
# File 1
$InputFileName path_to_file
$InputFileTag tag:
$InputFileStateFile state_file_name
$InputRunFileMonitor
Restart Rsyslog
There are more optional settings available but the aforementioned ones are required. Refer to the "Using Rsyslog Modules" RedHat guide for more info.
Note that you can also configure these rules in a separate file. Should you choose to do so, you'll need to add the $IncludeConfig directive in /etc/rsyslog.conf/. See the Rsyslog documentation.
.