I want to monitor the console activities such as who login, Any new users got created and new hosts got added for my PCI Activity.
Unable to figure out in which logs the above mentioned info is present
I have looked into /var/log/ipaserver-install.log but this log does not give me the required information.
Please help.
All operations over IPA framework are visible in /var/log/httpd/error_log on each IPA master. This includes adding users, removing them, etc.
There is a prototyped demo on gathering all logs together and visualizing different flows available at https://www.freeipa.org/page/Centralized_Logging. It is not a complete solution but rather a sketch on how it would look like and it has a detailed description on which logs need to be gathered and how to configure a log forwarding specific to IPA on RHEL 7/CentOS 7: https://github.com/pschiffe/ipa-log-config
Related
I have a cluster of machines hosting hadoop (MapR) and have install streamsets on one of the nodes (say node002) following the RPM documentation. However, I am accessing the web UI for the data collector from another node, node001.
My question is, when I specify files paths (eg. an origin directory), which file system is the web UI going to be referring to? Eg. if I put an origin directory as /home/myuser/mydata, will the pipeline created in the web UI be looking for that directory in node001 or node002? New to using streamsets, so a more detailed answer would be appreciated. Thanks.
** Ultimately I am asking this because I am currently getting "FileNotFound" and "permission denied" errors while trying to follow the documentation's tutorial and am trying to debug the situation.
From the streamsets community forums: It will be the path to the local file on the machine running that particular SDC instance.
The FileNotFound and permission errors have to do with the fact that the default user for the sdc service is a user called sdc. Still working on how to fix this part, but can produce a workable prototype by setting the read and write access for the directories in question to allow public access (still need to work on this part, but this answers the posted question).
I have created a gMSA like this:
New-ADServiceAccount -name Cust00000 -DNSHostName Cust00000.domain.com -PrincipalsAllowedToRetrieveManagedPassword "IIS_IUSRS" -ManagedPasswordIntervalInDays 60
And life seems to be good. However, when I run
Test-ADServiceAccount Cust00000
This is what I get:
False
WARNING: Test failed for Managed Service Account Cust00000. If standalone Managed Service Account, the account is
linked to another computer object in the Active Directory. If group Managed Service Account, either this computer does
not have permission to use the group MSA or this computer does not support all the Kerberos encryption types required
for the gMSA. See the MSA operational log for more information.
I checked event viewer -> Application and Services Logs -> Microsoft -> Windows -> Apps -> Microsoft-Windows-TWinUI/Operational but this does not appear to be correct. Where (and possibly what) is the MSA operational log?
EDIT: For the overall issue, I had tried Install-ADServiceAccount but it wasn't working. I gave up on that and finally got it working (for a gMSA named Domain\sirdank$) with Set-ADServiceAccount sirdank -PrincipalsAllowedToRetrieveManagedPassword "$env:computername$" I've also had luck with passing "Domain Computers" instead of "$env:computername$".
Having a similar issue right now. I think the log you are looking for is in Event Viewer under Microsoft/Windows/Security-Netlogon/Operational log; you might see some 9001/9002 events (Task Category of MSA) which might give you some color on what is happening.
Got this from a recent TechNet blog post that describes troubleshooting gMSA account creation/testing issues. Take a look, it might be relevant to your overall issue: https://blogs.technet.microsoft.com/joelvickery/cannot-install-service-account-the-provided-context-did-not-match-the-target/
Alternate link (it appears the same post was cross-posted with a different title): https://blogs.technet.microsoft.com/runcmd/the-rc4-removal-files-part-1-whats-in-an-error-message/
I'm building a hybrid app that speaks to a Bluemix app. I've got Mobile Application Security and Mobile Quality Assurance as a service. I'm using IBMLogger to send log messages, like so:
IBMBluemix.getLogger().info("Device successfully registered: "+ JSON.stringify(response));
I was under the impression that the MobileFirst-style services on Bluemix acted somewhat like the same components for a local MF install. I'm trying to find where I can see my log files in the BM console but have not been able to find them.
For a local MF install using the hybrid SDK, you have to specifically say you want your logs sent to the server, but I do not see that option when looking at the hybrid docs for BM/MF.
There is some doc here: https://www.ng.bluemix.net/docs/starters/mobile/mobilecloud/nodejsmobile.html#log
I suppose by default the log goes to the console, which you can retrieve through the loggregator, aka do cf logs <yourapp> --recent. You can also use the Monitoring & Analytics service to retain logs - see the above doc.
We have a handful of Ruby (Rails/Sinatra) apps and are looking for an easy means of managing retention, search and analysis of our logs for these applications.
The initial problem was that every time we'd push a new version of our apps the logs would disappear.
We then started streaming our logs to a file via a terminal using:
cf logs AppName
however the logfiles get very big, very fast and quickly become a problem.
We know that the Bluemix Monitoring and Analytics service provides a lot of the function we need. We're looking that over but want to know if there are other recomended/proven options.
Thanks
We found several 3rd party apps that provide the functions we need.
To use any of these we first had to configure third party logging on Bluemix and used the steps below.
Any 3rd party logger that supports the syslog protocol can be used. The initial setup, registration and configuration of the log manegement service, is well covered at Configuring Selected Third-Party Log Management Services.
What will come out of the configuration step is a syslog URL which will be the destination for your logs.
Once the logging service is configured a user-provided service instance needs to be created to stream the logs to the logging service. We did this using:
cf create-user-provided-service <user-provided-service_name> -l <syslog_URL>
Last step is to bind the service instance to our Ruby apps.
cf bind-service AppName <user-provided-service_name>
For the changes to take effcet, we then had to restage our ruby apps:
cf restage AppName
There was a brief delay between when we'd see the logs generated and when they'd show up in the logger service but overall this is working out ok for us so far.
Having a tough time with this issue. Not sure how but my ApplicationPoolIdentity is broken.
Currently I'm running IIS 8 on Windows 8 with Visual Studio 2012. When trying to debug an application from Visual Studio, or just navigating to the site in a browser I get the following error logged and a 503 error.
Application pool 'DefaultAppPool' is being automatically disabled due to a series of failures in the process(es) serving that application pool.
If I check out the Application error logs, I find the following error from the User Profile Service.
Windows cannot log you on because your profile cannot be loaded. Check that you are connected to the network, and that your network is functioning correctly.
DETAIL - The system cannot find the path specified.
Upon looking into the details I find that the User Profile Service is trying to load up a profile with the Id
S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415
Now I opened up the registry to try and find the profile with that UserId. However there's nothing in the Profile list that helps.
So digging around a little more I've found that this issue can be resolved by either
A) Set the Load User Profile of the Application Pool to false.
B) Use a different account for the application pool.
C) Fix the account.
Seeing how this is the built in account, I'd prefer to fix the issue rather than fix the sympton.
What I have tried
aspnet_regiis -i
Removing IIS from windows and reinstalling.
Attempted to follow the guide here but I don't know the account password :P
My hunch
Somehow the ApplicationPoolIdentity got messed up. Is there any physical folders for the built-in accounts? I know that the Network and Local service profiles physical directories exist at C:\Windows\ServiceProfiles\. It is possible to recreate the ApplicationPoolIdentity profile? Or am I way off on what the real issue is?
C) Here is what i did to fix the account
Go in regedit at key
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
There is a setting called "Default". You have to make sure that the data value point to an existing directory on the drive.
By default it contains "%SystemDrive%\Users\Default". In my company the default is changed to a custom profile. Somehow, someone deleted that user profile. So when the defaultAppPool user tryed to create an accound for himself, it was unable to do so because windows cannot provide him with a default user profile.
You can also diagnose this error when looking at the Event Viewer under the Application folder. You will get a message of that type:
Windows cannot find the local profile and is logging you on with a
temporary profile. changes you make to this profile will be lost when
you log off.