Custom Logger plugin not receiving the logs from osquery - osquery

Custom logger plugin is written using osquery-go. When the osquery daemon is auto-loaded with this extension, then the logs are received by the custom logger plugin.
But if the osqueryd is running as a daemon and custom logger plugin is run independently, then it is not receiving the logs from osqueryd.
Implemented a custom logger plugin using osquery-go. https://github.com/osquery/osquery-go#creating-logger-and-config-plugins.
After receiving the log, it just prints the event.
Build this logger with .ext and changed the owner to 'root' & gave appropriate permissions
Configured osqueryd to capture file-events
Started the osquery daemon.
Ran the .ext --socket /var/osquery/osquery.em --timeout 3
In the /var/log/osquery/osqueryd.INFO can see that registered to osquery daemon.
When any file activity is done, can see the FILE_EVENTS in /var/log/osquery/osqueryd.results.log
but
same result is not seen in the custom logger plugin which is also registered to osquery daemon.
If the osquery daemon is run using auto load extension, then the extension receives the FILE_EVENTS log.
When osqueryd and extension are running as separate process, then why isn't the osqueryd not redirecting the logs to extension?
Environment: MacOS Monterey. Have added both osquery and the custom logger extension in Security Preferences -> Full Disk Access

Generally, I would expect this pattern to work... However, I see a couple of things you did not discuss.
Running the extension registers it with osquery. As you point out, it's in the logs. You should be able to confirm this inside osquery, with select * from osquery_registry where registry = 'logger';. (Note that you need to use osqueryi --connect to connect to the socket of the osqueryd to see what's registered with it)
However, just being registered with osquery does not configure osquery to send logs there. You will also need to configure the logger appropriately. Take a look at the CLI flags --logger_plugin and --extensions_require. The former sets the logger to use, and the latter tells osquery to wait for an extension. Otherwise, osquery will try to configure the logger before your extension is in place.

Related

RestComm build and run on MAC OS from source

I am new to restcomm two days ago i start following getting start guide and build restcomm from source. I am able to build successfully on my Mac machine but when i am trying to run JBoss server to run the application it is giving me some errors which i am not sure why. So my question is can i run restcomm application on MAC OS ?as mostly i see there are lot of answers are about linux OS.
MacBook-Pro:restcomm bilal$ ./start-restcomm.sh
BASEDIR: /Users/muhammadbilal/Restcomm-Connect/release/Restcomm-JBoss-AS7-7.0.2/bin/restcomm
RESTCOMM_HOME: /Users/muhammadbilal/Restcomm-Connect/release/Restcomm-JBoss-AS7-7.0.2
Looking for the appropriate interface
Looking for the IP Address, subnet, network and broadcast_address
Use of uninitialized value $ARGV[0] in concatenation (.) or string at /usr/local/bin/ipcalc line 136.
RestComm automatic configuration started:
Executing configuration file /Users/muhammadbilal/Restcomm-Connect/release/Restcomm-JBoss-AS7-7.0.2/bin/restcomm/autoconfig.d/config-dialogic-xms.sh...
Configuring Dialogic XMS...MS_MODE: mms
...activated Dialogic XMS...
...finished configuring Dialogic XMS!
Finished executing configuration file /Users/muhammadbilal/Restcomm-Connect/release/Restcomm-JBoss-AS7-7.0.2/bin/restcomm/autoconfig.d/config-dialogic-xms.sh!
Executing configuration file /Users/muhammadbilal/Restcomm-Connect/release/Restcomm-JBoss-AS7-7.0.2/bin/restcomm/autoconfig.d/config-jboss-as.sh...
Configuring JBoss AS...
...disabled JBoss splash screen...
Finished configuring JBoss AS!
Finished executing configuration file /Users/muhammadbilal/Restcomm-Connect/release/Restcomm-JBoss-AS7-7.0.2/bin/restcomm/autoconfig.d/config-jboss-as.sh!
Executing configuration file /Users/muhammadbilal/Restcomm-Connect/release/Restcomm-JBoss-AS7-7.0.2/bin/restcomm/autoconfig.d/config-load-balancer.sh...
Deactivated Load Balancer on SIP stack configuration file
Finished executing configuration file /Users/muhammadbilal/Restcomm-Connect/release/Restcomm-JBoss-AS7-7.0.2/bin/restcomm/autoconfig.d/config-load-balancer.sh!
Executing configuration file /Users/muhammadbilal/Restcomm-Connect/release/Restcomm-JBoss-AS7-7.0.2/bin/restcomm/autoconfig.d/config-mobicents-ms.sh...
TRUSTSTORE_FILE is not set
Configuring Mobicents Media Server... MS_ADDRESS BIND_ADDRESS NETWORK 192.168.1.0 SUBNET_MASK RTP_LOW_PORT 34534 RTP_HIGH_PORT 65535
Configured UDP Manager
Updated log configuration
Finished configuring Mobicents Media Server!
Finished executing configuration file /Users/muhammadbilal/Restcomm-Connect/release/Restcomm-JBoss-AS7-7.0.2/bin/restcomm/autoconfig.d/config-mobicents-ms.sh!
Executing configuration file /Users/muhammadbilal/Restcomm-Connect/release/Restcomm-JBoss-AS7-7.0.2/bin/restcomm/autoconfig.d/config-restcomm.sh...
Configuring RestComm...
Updated mobicents-dar properties
Updated RestComm configuration
Configured Fax Service credentials
Configured Sms Aggregator using OUTBOUND PROXY
Configured the Speech Recognizer
Configured Acapela Speech Synthesizer
Configured VoiceRSS Speech Synthesizer
Disabled TeleStax Proxy
sed: 1: "/Users/muhammadbilal/Re ...": invalid command code m
Configured SMPP Account Details
Configured RestComm!
Finished executing configuration file /Users/muhammadbilal/Restcomm-Connect/release/Restcomm-JBoss-AS7-7.0.2/bin/restcomm/autoconfig.d/config-restcomm.sh!
Executing configuration file /Users/muhammadbilal/Restcomm-Connect/release/Restcomm-JBoss-AS7-7.0.2/bin/restcomm/autoconfig.d/config-sip-connectors.sh...
Configuring Application Server...
Configured SIP Connectors and Bindings
sed: 1: "/Users/muhammadbilal/Re ...": invalid command code m
Configured gather-statistics
TRUSTSTORE_FILE is not set
Finished configuring Application Server!
Finished executing configuration file /Users/muhammadbilal/Restcomm-Connect/release/Restcomm-JBoss-AS7-7.0.2/bin/restcomm/autoconfig.d/config-sip-connectors.sh!
RestComm automatic configuration finished!
./start-restcomm.sh: line 182: ${MS_EXTERNAL^^}: bad substitution
TelScale RestComm started running on standalone mode. Screen session: restcomm.
Using IP Address:
Yes you can run Restcomm on Mac OSX, the main difference is that you need to do some more configuration manually since the auto configuration scripts don't work there as well as they do for GNU/Linux.
Please check this guide:
https://github.com/RestComm/Restcomm-Connect/wiki/Restcomm-OSX-native-installation
If you still have issues after trying such configuration, please post back here.
Best regards,
Antonis Tsakiridis

How to write log from gemfire function

I have a gemfire function which is ment to be deployed in a gemfire cluster. What is the way to write log from function, so that it goes to server log file.
My gemfire version is 8.2.0
You should use either the LogService.getLogger(String) or LogService.getLogger() method to get a Logger instance. The latter is a convenience method and sets the name of the returned Logger to the name of the calling class. The Logger returned by these methods is a log4j Logger.
I actually figured it out. From Gemfire 8.1.0 the log library they use has changed and it now uses Apache Log4j2. Logs done through this logger goes to the server log file.

Deploy & Debug remote Jetty with IntelliJ 12

I've been hacking and googling for a while now, and I've found several statck overflow threads that seemed like they were written for older versions of intellij, with various application servers. Usually they tell you to enter
java -Xdebug -Xrunjdwp:transport=dt_socket,address=51887,suspend=n,server=y
One answer suggests using something like
-agentlib:jdwp:transport=dt_socket,address=51887,suspend=n,server=y
But then I get this:
Error occurred during initialization of VM
Could not find agent library: libjdwp:transport.jnilib (searched /Library/Java/JavaVirtualMachines/1.6.0_37-b06-434.jdk/Contents/Libraries:/System/Library/Java/Extensions:/Library/Java/Extensions:.)
Then after one or the other of the above they tell you something like "Edit Configurations> jetty > remote and enter localhost, 51887" (the port number varies)
However in 12, the page you land on after you select remote has a plethora of options, and is asking for JNDI ports, not jdwp ports on another tab it actually suggests the jdwp parameters above.
Researching the JNDI port bit, generally yields instructions to add args like this to your command line...
-Dcom.sun.management.jmxremote= \
-Dcom.sun.management.jmxremote.port=1099 \
-Dcom.sun.management.jmxremote.ssl=false \
-Dcom.sun.management.jmxremote.authenticate=false\
I've done that too and I can see port 1099 held by java (using lsof) and I can telnet to 1099, so I know the JVM is listening. (We'll try not to worry about the fact that that appears to say, open up a port by which anyone install arbitrary java code over the network to your computer without a password)
However, in Intellij whenever I try to deploy and debug it gives me the following message:
I can see java RMI communications over 1099 when I snoop port 1099 with wireshark (but they are illegible). Evidently, the communications are not satisfactory for Intellij, so I'm wondering if there's something I need to do to Jetty to get it to play nice. Note that changing the Jetty version is not presently an option, so let's not go there :).
I've also tried removing the artifact, disabling make, and trying to just connect the debugger, but it still gives me the same red baloon and error message, so evidently the JNDI (port 1099) part is required.
Does anyone see something I'm doing wrong, or know of something else I should do to get this to work?
(I'm wondering if it is something similar to this: http://youtrack.jetbrains.com/issue/IDEA-65746 jboss issue)
Edit: Thanks to this google groups post I've discovered that it is possible to get the debugger connected if you don't specify Edit Configurations> + > jetty > remote, but instead choose Edit Configurations > + > remote, but debug and deploy is what I'm after so that's only a half solution.
Jetty remote configuration requires several manual steps which are performed automatically when you start Jetty directly from IDEA using the local configuration instead.
If you absolutely must use the remote configuration, try the following steps:
In the Remote staging section of the Server tab of the IDEA Jetty remote run configuration:
specify Same file system for Type and Host
specify path to the <Jetty home>/contexts folder in the Local path field of the contexts section
(settings will differ if you have Jetty running on another machine than IDEA, but I assume it's the same machine in your case)
Pass the following VM parameters to the Jetty process:
-Dcom.sun.management.jmxremote=
-Dcom.sun.management.jmxremote.port=<JNDI port>
-Dcom.sun.management.jmxremote.authenticate=false
-Dcom.sun.management.jmxremote.ssl=false
-DOPTIONS=jmx
<JNDI port> value should be the same as specified in the JNDI port field of the IDEA Jetty run configuration
Pass the following configuration files to the Jetty process (in the command line):
etc/jetty-jmx.xml
etc/jetty.xml
If you need to debug, you should also pass to Jetty process VM parameters taken from IDEA Jetty run configuration: Startup/Connection tab, select Debug list item under the To debug remote server JVM ...
Here is the sample command line to start Jetty process with all the required options:
java -Xdebug -Xrunjdwp:transport=dt_socket,address=60208,suspend=n,server=y -DSTOP.PORT=0 -Dcom.sun.management.jmxremote= -Dcom.sun.management.jmxremote.port=1099 -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false -DOPTIONS=jmx -Dfile.encoding=UTF-8 -classpath start.jar etc/jetty-jmx.xml etc/jetty.xml

How to enable logging in Apache Ace?

Is it possible to enable logging in Apache Ace? If yes, How?
In the source code, i can see that the LogService is used to write messages to the log. But i am not able to locate the logs when i start the ace devserver.
The LogService is a standard compendium service, and you can use any implementation to actually record the log statements. We use the one from Apache Felix, and there are shell commands to actually retrieve log statements (hint, the command is called "log"). This implementation does not write them to disk though. Based on the specification, it would be easy to do this yourself though. A LogReader exists to read from, and you can register yourself as a LogListener.

How to use java.util.logging in Weblogic?

I have an application that was migrated from Glassfish to Weblogic, and it uses java.util.logging as logging framework.
The only way I have found to make the logs work is by editing the logging.properties file of the JVM and restart the server. This solution is awkward and gives problems because the log is written to a different file than the standard ones for weblogic, so we have to look at too many files for a log in a clustered environment. Besides, for some reason this does not work on some Windows systems.
Is there a way to keep using standard java logging to write messages to weblogic's standard log files? I tried the instructions on this page but it doesn't work either.
WebLogic Server ships with a JDK logging handler which will pick up log messages emitted from JDK logging framework and direct them into the WebLogic Server logging system.
Set the default logging level for new ServerLoggingHandler instances in logging.properties as well as adding the ServerLoggingHandler to the handlers.
handlers = weblogic.logging.ServerLoggingHandler
weblogic.logging.ServerLoggingHandler.level = ALL
http://docs.oracle.com/cd/E14571_01/web.1111/e13739/logging_services.htm#CHDBBEIJ
To direct the JDK logging framework to use the logging.properties file, the standard System property java.util.logging.config.file is used. With WebLogic Server, this can be easily accomplished by setting the JAVA_OPTIONS System property with the corresponding value.
$ export JAVA_OPTIONS="-Djava.util.logging.config.file=/Users/xxx/Projects/Domains/wls1035/logging.properties"
Some more hints here: http://buttso.blogspot.de/2011/06/using-slf4j-with-weblogic-server.html