How should I set up logger for Splunk in PingFederate? - splunk

I wish to set up PingFederate to log to Splunk.
Ping describes it nicely here https://ping.force.com/Support/Configuring-PingFederate-with-Splunk but the referenced sections to be uncommented can't be found in my PF instance -- it may have been removed before my time as part of a clean-up.
What should the contents of the log4j2.xml be?
I'm using PingFederate 8.4.1.

Some additional information on configuring PingFederate's log4j2.xml is available here: https://support.pingidentity.com/s/document-item?bundleId=pingfederate-93&topicId=qst1564002981075.html
If you do not have a SecurityAudit2Splunk appender defined in your log4j2.xml, it should look something like:
<RollingFile name="SecurityAudit2Splunk" fileName="${sys:pf.log.dir}/splunk-audit.log"
filePattern="${sys:pf.log.dir}/splunk-audit.%d{yyyy-MM-dd}.log"
ignoreExceptions="false">
<PatternLayout>
<pattern>%d trackingid="%X{trackingid}" event=%X{event} subject="%X{subject}" ip=%X{ip} app=%X{app} connectionid=%X{connectionid} protocol=%X{protocol} pfhost=%X{host} role=%X{role} status=%X{status} adapterid=%X{adapterid} description="%X{description}" responsetime=%X{responsetime} %n</pattern>
</PatternLayout>
<Policies>
<TimeBasedTriggeringPolicy />
</Policies>
</RollingFile>
If you want to see an original log4j2.xml configuration file, you can always download PingFederate again to compare: https://www.pingidentity.com/en/resources/downloads/pingfederate.html
Also note that there is a PingFederate App for Splunk that can be a useful starting point for reporting: https://splunkbase.splunk.com/app/976/

Related

JNDI lookup error for name: java:comp/env/jdbc/DynaPropDB

Am getting below error while starting the liberty server:
[ERROR ]
com.it.properties.PropertyResourceException for user [UnKnown] self logged on Jan 23, 2019 12:43:12 PM.
Exception instance reference code [13EE91EC-BCA0-49C1-7ABC-5F537ABC5F53].
I have DynaPropAdminWeb Access for the application
Correctly placed lookup-name and binding-name in web.xml file and ibm-web-bnd.xml file
It would be helpful if you provide the relevant web.xml, ibm-web-bnd.xml, and server.xml config snippets for the resource reference and data source. Absent that, taking your word that the deployment descriptor and binding file are correct, then the problem will be in the server config, either in incorrectly specifying the dataSource/jdbcDriver/library or with feature enablement. A common mistake in Liberty is forgetting to enable the jndi-1.0 feature (which is needed for JNDI lookups) alongside the jdbc-4.x feature. In case that is the problem, here is an example,
<server>
<featureManager>
<feature>jdbc-4.2</feature>
<feature>jndi-1.0</feature>
<feature>servlet-4.0</feature>
</featureManager>
<dataSource jndiName="jdbc/DynaPropDB">
<jdbcDriver libraryRef="jdbcLib"/>
<properties serverName="localhost" portNumber="1234" databaseName="exampleDB"/>
</dataSource>
<library id="jdbcLib">
<file name="C:/drivers/jdbc/myJdbcDriver.jar"/>
</library>
</server>
Also, here is a link to a knowledge center page with configuration examples for various commonly-used databases.

Can Apache NiFi configure logback.xml file to send logs to remote server over UDP?

I have an Apache NiFi instance that needs to log messages to a remote Graylog server. I want the outputs to nifi-app.log, nifi-bootstrap.log, and nifi-user.log to all be sent to this server, as well as their default local policy.
I'm trying to get the logs to the server over UDP, as the network configuration requires UDP connections.
My questions:
Does logback support sending logs over UDP?
If so, what does that configuration look like?
Is there a better way to configure Apache NiFi to send it's logs over UDP?
As far as I know, Logback does not provide an out-of-the-box UDP appender so you would need to add the necessary JARs for some UDP appender, possibly the logstash one:
https://github.com/logstash/logstash-logback-encoder
This might work, but adding JARs to NiFi's lib directory is a bit dangerous as they end up on the classpath of all NiFi processors and could have unintended consequences.
Other options...
1) Use TCP
logback already has an socket appender provided:
https://logback.qos.ch/manual/appenders.html#SocketAppender
2) Use a separate NiFi instance that is used to monitor the logs of the first NiFi instance. The flow would be TailFile -> PutUDP, where TailFile points at nifi-app.log of the first NiFi.
How about a simple solution of using LogMessage processor & make sure all the LogMessage log entries goes to a particular file (flow-events.log) & then tail on it?
<appender name="EVENTS_FILE" class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>${org.apache.nifi.bootstrap.config.log.dir}/flow-events.log</file>
<rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
<fileNamePattern>${org.apache.nifi.bootstrap.config.log.dir}/flow-events_%d.log</fileNamePattern>
<maxHistory>30</maxHistory>
</rollingPolicy>
<encoder class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
<pattern>%date %level [%thread] %logger{40} %msg%n</pattern>
</encoder>
</appender>
<logger name="org.apache.nifi.processors.standard.LogMessage" level="INFO" additivity="false">
<appender-ref ref="EVENTS_FILE" />
</logger>

Openfire setup page

I'm trying to install Openfire 4.0.2 . My problem is that after restarting Openfire and pressing Admin Console I always see Setup Page. What should I do to fix it?
This is my openfire.xml file
<?xml version="1.0" encoding="UTF-8"?>
<!--
This file stores bootstrap properties needed by Openfire.
Property names must be in the format: "prop.name.is.blah=value"
That will be stored as:
<prop>
<name>
<is>
<blah>value</blah>
</is>
</name>
</prop>
Most properties are stored in the Openfire database. A
property viewer and editor is included in the admin console.
-->
<!-- root element, all properties must be under this element -->
<jive>
<adminConsole>
<!-- Disable either port by setting the value to -1 -->
<port>7090</port>
<securePort>7091</securePort>
</adminConsole>
<locale>en</locale>
<!-- Network settings. By default, Openfire will bind to all network interfaces.
Alternatively, you can specify a specific network interfaces that the server
will listen on. For example, 127.0.0.1. This setting is generally only useful
on multi-homed servers. -->
<!--
<network>
<interface>127.0.0.1</interface>
</network>
-->
<!-- SPDY Protocol is npn.
(note: npn does not work with Java 8)
add -Xbootclasspath/p:/OPENFIRE_HOME/lib/npn-boot.jar to .vmoptions file -->
<!--
<spdy>
<protocol>npn</protocol>
</spdy>
-->
<!-- XEP-0198 properties -->
<stream>
<management>
<!-- Whether stream management is offered to clients by server. -->
<active>true</active>
<!-- Number of stanzas sent to client before a stream management
acknowledgement request is made. -->
<requestFrequency>5</requestFrequency>
</management>
</stream>
</jive>
Thank you.
In a file like this you miss the database part, so probably you never finished the setup really.
However there are 2 flags you must add:
in openfire.xml <setup>true</setup>
as child of <jive> tag
and in ofProperty table of database
INSERT INTO OFPROPERTY (NAME,PROPVALUE) VALUES ('setup','true');
The answer is, you have to uninstall Openfire and after delete Openfire folder which is situated in C:/ProgramFiles(x86)/ and reinstall Openfire.
The setup procedure of Openfire will, if it runs successfully, modify the content of the openfire.xml file. The most typical reason for this to fail is a file permission problem. Make sure that the user that is executing Openfire is allowed to read & write all files under the Openfire home folder.

Getting request and creating HTTP response using Tomcat

I am currently trying to use embeded Tomcat for my application and am trying to set it up to get the URL of the http request.
Some Background:
I am using the same code as in the first answer for the post here : Howto embed Tomcat 6?
The only change I have made is :
private String catalinaHome = "/home/xyz/tomcat"; // This dir is created and has full access permissions
Also , I am looking at: http://tomcat.apache.org/tomcat-5.5-doc/catalina/docs/api/org/apache/catalina/startup/Embedded.html
There are no server.xml and tomcat-users.xml that I could find, so I created a tomcat-users.xml since I was getting an exception :Memory database file /home/xyz/tomcat/conf/tomcat-users.xml cannot be read .
tomcat-users.xml:
<?xml version='1.0' encoding='utf-8'?>
<tomcat-users>
<role rolename="tomcat"/>
<role rolename="role1"/>
<user username="tomcat" password="tomcat" roles="tomcat"/>
<user username="both" password="tomcat" roles="tomcat,role1"/>
<user username="role1" password="tomcat" roles="role1"/>
</tomcat-users>
The code uses container.setRealm(new MemoryRealm());
It appears from here : http://tomcat.apache.org/tomcat-4.1-doc/catalina/funcspecs/fs-memory-realm.html that I should have a server.xml file and there should already be one created by default.
1] Do I need to create a server.xml, what should be the default in it ?
I have put a file with default from here : http://www.akadia.com/download/soug/tomcat/html/tomcat_server_xml.html , but just want to know what is the right thing to do ?
2]When I access http://localhost:8089/mywebapp/index.html, all i get is The requested resource () is not available, though I have an index.html page at the "webappDir" in the code
3] My only need from the embedded tomcat is to intercept so as to get the URL passed to tomcat in my code. I can then parse the URL [do my stuff] and then create a http payload and send an http response back.
I would appreciate any pointers, especially for 3] ?
Thanks!
Ok, for your first question, yo do not need server.xml. If you check the code of your initial post they are setting the parameters there. So that is what server.xml would encapsulate. In reality what happens is that Tomcat will parse server.xml for the properties you are defining on your java file where you instanciate the catalina call to start. But since it is embedded you are setting all those parameters on you class instead.
For your second question, check your logs directory and see what is being parsed. Something is happening after your service starts because it should already redirect you once you call the port. either way, just try http://localhost:8089 and see what you get back in return from tomcat. It should give you some kind of response back from the server itself.
if you do it like this "http://localhost:8089/mywebapp/index.html" you are trying to access a created context, and that might not be configured correctly, but that is just a guess right now.
Try this first and tell me what you get back. we can troubleshoot from this point and see if I can help more in that sense.
Quick question, is this windows or linux you are installing on?
If it is linux the configurations filea are located usually on /etc/tomcat6. (at least on ubuntu they are). Reply back with the version you have installed. I might be able to help you out.
I guess I should also elaborate here a little more. Tomcat is a service in linux as well, so in ubuntu you have to start tomcat in order to access it.
$: sudo service tomcat6 start
then it starts tomcat on port 8080 (usually if not changed) of your localhost. hence you type localhost:8080 to access the website for configuration of tomcat that gives you a It works prompt for you.
Let me know if you have more questions, I will try to respond to the best of my knowledge

NLog in WCF Service

Can I use NLog in a WCF Service? I am trying to but cannot get it to work.
First I set up a simple configuration in a Windows Forms application to check that I was setting up correctly and this wrote the log file fine (I am writing to a network location using name and not IP address).
I then did exactly the same thing in the WCF Service. It did not work.
To check permissions I then added some code to use a TextWriter.
TextWriter tw = new StreamWriter(fileName);
tw.WriteLine(DateTime.Now);
tw.Close();
This worked OK so I know I can write to the location.
Check that your NLog.config file is in the same directory as your .svc file and NOT the Bin directory.
If you've just added the config file to the WCF project, then published it you will probably find your config file has been copied to the bin directory which is why NLog can't find it. Move it to up a level then restart the website hosting the service (to make sure the change is picked up).
This had me stumped for a while this morning!
Put your NLog config in the web.config file. Like so:
<?xml version="1.0"?>
<configuration>
<configSections>
<section name="nlog" type="NLog.Config.ConfigSectionHandler, NLog"/>
</configSections>
. . . (lots of web stuff)
<nlog>
<targets>
<target name="file" xsi:type="File" fileName="${basedir}/logs/nlog.log"/>
</targets>
<rules>
<logger name="*" minlevel="Trace" writeTo="file" />
</rules>
</nlog>
</configuration>
See my comment to your original question for how to turn on NLog's internal logging.
To turn on NLog's internal logging, modify the top of you NLog config to look like this:
<nlog xmlns="http://www.nlog-project.org/schemas/NLog.mono2.xsd"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
autoReload="true"
internalLogLevel="Trace"
internalLogFile="nlog_log.log"
>
The key parts are internalLogLevel and internalLogFile.
You can also set internalLogToConsole to true or false to direct the internal logging to the console.
There is another setting, throwExceptions, that tells NLog whether or not to throw exceptions. Ordinarily, this is set to false once logging is successfully configured and working. You can set it to true to help determine if your problem is due to an NLog error.
So, if you had all of those options enabled, the top of your NLog configuration might look like this:
<nlog xmlns="http://www.nlog-project.org/schemas/NLog.mono2.xsd"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
autoReload="true"
internalLogLevel="Trace"
internalLogFile="nlog_log.log"
internalLogToConsole="true"
throwExceptions="true"
>
My first guess is that NLog is not finding the config information. Are you using an external config file (NLog.config) or "inline" configuration (in your app.config or web.config)? In your project, is(are) your config file(s) marked (in Properties) as Copy Always?