Archive
Elasticsearch – Parse WildFly Application server Logs
To parse WildFly Application server logs in Elastic search, do the following:
- Create new pipleline and GROK Processor, here is a a GROK rule to parse it:
%{DATESTAMP:transactionDate},%{INT:LEVEL} %{WORD:Type} %{GREEDYDATA:CodePath}
- Create a new file stream log integration in Elastic agent, point to the new processor and enjoy.
Have fun.
Elasticsearch – how to parse MySQL general log
Elasticsearch provides native integration using beats or Agent to collect MySQL errors/slow logs, however if you want detailed auditing via MySQL general log, you can parse the log as following:
- Configure a new Pipeline and Processor using GROK, here is the GROK to parse MySQL Logs:
%{TIMESTAMP_ISO8601:transactionDate} %{INT:LogId} %{WORD:Type}\t%{WORD:Type1} %{GREEDYDATA:Type3}
NOTE: please review the spaces properly , make sure to review it before deployment.
- Create a new file stream integration in Elastic Agent, point the stream to the proper path where MySQL general logs are kept and configure the pipleline to be the newly created custom pipleline.
Have fun.
Elasticsearch stops immediately after enabling network.host settings in elasticseach.yml file
Case:
After enabling network.host: 0.0.0.0 or dedicated IP to allow other nodes to join Elasticsearch cluster.
Solution:
You must increase the max VM map using:
sudo sysctl -w vm.max_map_count=262144
You Receive “Unable to Launch Browser input/output error” on Ubuntu Xfce Desktop
Case:
You access your Ubuntu machine over VNC using Xfce4 desktop, everything works perfectly but when launching Default web nrowser your receive the error:
“Unable to Launch Browser input/output error”
Solution:
Install chrome browser and set it as default browser, this happens because default server installation deoesn’t include a web browser:
- download it using this command:
wget https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb - execute the downloaded installer:
sudo apt install ./google-chrome-stable_current_amd64.deb - launch the browser:
google-chrome
- run
xfce4-settings-manager - find “Default Applications”
- under “Web Browser”, click “Chrome”
You Recieve Connection Closed when connecting from Fortigate VPN SSL to Windows Server RDP 2012/2016/2019/2022
Scenario:
You configured SSL VPN access through Fortigate (Either V6 or 6.5) and you configured a bookmark RDP connection, when connecting to servers you receive error Connection closed although traffic is allowed to the server via policy and RDP connection works localy
Solution:
Configure Group Policy to allow Encryption Oracle Remediation seto to vulenrable, older versions from FGT doesn’t support remediate option.
How to configure the GPO:
Computer Configuration -> Administrative Templates -> System -> Credentials Delegation then set Encryption Oracle Remediation to Vulnerable.
RADZEN published application or Blazor WASM works only for localhosts
Today I faced another cool issue, I have a Blazor app build via Radzen, the application works fine in VS Studio and Blazor studio.
When I published the application, I placed it on IIS server and it worked great, the issue that I can login only if I open the application from localhost on IIS, if I try using the FQDN or the IP it won’t, same for HTTP and HTTPS as well.
It took me a while to fiddle in the logs then I found:
Authorization failed. These requirements were not met:
DenyAnonymousAuthorizationRequirement: Requires an authenticated user
So, what is the issue, after some troubleshooting, I found that I enabled multitenancy in the app, all users where placed in the main tenant for the time being, but the base URL or hosts for the tenant was set to http://localhost:5000
after editing the Hosts in the tenant field to change it to my IP address, the application worked perfect, had to read this:
https://learn.microsoft.com/en-us/ef/core/miscellaneous/multitenancy
Linked In
the New Experts-Exchange.com
Share This Blog
Recent Visitors Traffic
Be Busbared 