Changing bro logging Defaults - hostname

I want to enable logging of MAC adresses as well as hostnames using Bro. I have been using Bro for a while, but I am still a bit new to it.
Version: Bro 2.5.1
From researching this a bit, I found that I can log this by enabling policy/protocols/dhcp/known-devices-and-hostnames.bro but for this, I also need to enable policy/misc/known-devices.log.
This will then log to a devices.log.
Now the problem I am experiencing is that from those files, is that this will only be logged once a day (by default).
I need this to be logged more frequently (as soon as there is the specific connection, I want that connections mac address and hostname to be logged. Is this possible?
If possible, do I need to change the defaults and where?
Or did I possibly miss something?

Try a redef of Log::default_rotation_interval (docs here) to something that suits your need. If you're running a cluster, consider the LogRotationInterval in BroControl.

Related

Rpi4 and Ejabberd external registration

Some friends and I want to leave WhatsApp for good and as I've been playing around with my Rpi4 for years now, I thought I'd use that to set up an XMPP-Server for us to use, to have a secure and customizable experience.
I've tried it with ejabberd and installed it from the repo. I also tried to compile the newest version, but I get an error output every time.
It works fine so far, but it differs from what I've seen online.
My problem is, that registration from outside doesn't work at all. I can register from ejabberdctl, but that's it. On the tested clients it says "server doesn't allow registration", although I have enabled everything that says anything about registration allowance.
System: Raspberry Pi 4 (4GB)
OS: TwisterOS 1.9.6 (Based on Raspbian 32bit)
Ejabberd Version: 18.12.1-2
Config files:
Ejabberd.yml https://textuploader.com/18mqx
Ejabberdctl.cfg https://textuploader.com/18mqz
When the "mod_register" line is enabled/uncommented (or any other not by default enabled mod), ejabberdctl live gives following output: [error] Cannot load /etc/ejabberd/ejabberd.yml: Syntax error on line 272 at position 2: did not find expected key
I am very thankful for any help, whether it's getting my current version to allow registration or compiling the current version which seems easier to work with, as all of the solutions I've seen on the internet won't work with my version.
Kind Regards,
Arokan
I figured it out. You won't believe it...
The prewritten spaces in
" ## mod_register: "
seem to not have been spaces but something else, though they weren't wide as tabs but exactly as spaces.
So I deleted the spaces before mod_register: and hammered the space key myself. After that, everything worked out perfectly and other modules do as well in the same way.
tl;dr: Replace the pseudo spaces with own spaces.

DNS unable to resolve canonical hostname

I'm unable to solve the below error since hours in Solr Admin. Please help me.
Unable to resolve canonical hostname for local host,​ possible DNS misconfiguration. Set the 'solr.dns.prevent.reverse.lookup' sysprop to true on startup to prevent future lookups if DNS can not be fixed.
The standard JVM accepts -D<param name>=<value> to set global configuration values available to the running application.
Depending on how you're starting Solr, you can edit solr.in.cmd in Windows or solr.in.sh in Linux or OS X.
Search for SOLR_OPTS and see how it uses -D... parameters to set new values. -Dsolr.dns.prevent.reverse.lookup=true is what you'd add as a setting like this.
Fixing DNS would be to make sure that localhost resolves locally at least.
The most direct way to fix this issue is to start Solr with the system property solr.dns.prevent.reverse.lookup=true in the command line.
For instance under Windows in a PowerShell console :
bin\solr.cmd start "-Dsolr.dns.prevent.reverse.lookup=true"

Forcing a DNS failure

I need to test a change in our application's DNS retry behavior.
It previously switched into another mode to report the issue to the end user, but we've found a bug when the retry attempt worked, it would proceed to try loading the now-found far-end service in that "error reporting" mode.
To fix this, we have disabled the switch to the error reporting mode, and expect that on a successful retry we will load into the expected mode.
Thus, I need DNS (rndc/named) to fail once, and only once, and provide a successful result on the second attempt.
The only thing I can think is to run a large load test, and hope DNS fails like this at some point... But I am hoping someone on here might know of a better solution.
Maybe a way to block the connection attempt once ? The DNS server is part of the application, though, so it would be blocking the connection to localhost.
for sure you can use docker/vm/dedicated os, change its dns settings and use it as a dns resolver. it will be probably a lot of work to script it but it seems possible. but before it i would look for some dns mock service/server

how to prevent the stdout.out in weblogic to increasing the size heavily (Windows)

I have deployed a system integrated with weblogic, but until now I faced a problem is the weblogic increasing the stdout.out size heavily(by GB per week), it caused the system to load slowly and slowly.
Any way to prevent it increase the size heavily or redirect into .log?
Thanks alot
As David Herget says above, using the WebLogic Scripting Tool (WLST) to redirect StdOut and StdErr did not actually work for me either; I had to also do so through the web console (even though they appear to be set on the console) and restart the relevant jvms.
I can't reply to David's comment above due to being a newbie. [Edited since for clarity]
Not totally sure to understand fully your question.
Are you talking about the {server_name}.out file located in the {Domain_Path}/servers/{server_name}/logs ?
If so, I've never found anyway to rotate those logs automatically so I run a script each day to rotate it (basically copying it to another name, zip it and echoing a NULL in the orginal file...erasing the older one after).
If you are talking about redirecting StdOut to the logs though, that can be done within the console for each server in the logging tab by checking "Redirect stdout logging enabled". Configuration to rotate those logs can also be done within that tab.
On that, StdErr can also be redirected, but not from the console (in WL9). You have to put "RedirectStderrToServerLogEnabled" at true in the MBean tree by wlst (it's located at /Servers/{server_name}/Log/{server_name}
I know the question was ask long time ago but hoping it would help nonetheless
Weblogic provides features of log files rotation based on the size and time interval.
You can try rotating the log files based on the size. You would need to configure the log rotation policy from the admin console. Please refer the below link for further details.
http://docs.oracle.com/cd/E12840_01/wls/docs103/ConsoleHelp/taskhelp/logging/RotateLogFiles.html
If you want to rotate the log files on demand, you can use the below WSLT script.
C:\>java weblogic.WLST
#connect WLST to an Administration Server
wls:/offline> connect('username','password')
#navigate to the ServerRuntime MBean hierarchy
wls:/mydomain/serverConfig> serverRuntime()
wls:/mydomain/serverRuntime>ls()
#navigate to the server LogRuntimeMBean
wls:/mydomain/serverRuntime> cd('LogRuntime/myserver')
wls:/mydomain/serverRuntime/LogRuntime/myserver> ls()
-r-- Name myserver
-r-- Type LogRuntime
-r-x forceLogRotation java.lang.Void :
#force the immediate rotation of the server log file
wls:/mydomain/serverRuntime/LogRuntime/myserver> cmo.forceLogRotation()
wls:/mydomain/serverRuntime/LogRuntime/myserver>
http://docs.oracle.com/cd/E12840_01/wls/docs103/logging/config_logs.html#wp1001654

Fail to start Apache Directory Server - Error 04450

While I was trying to start ApacheDS 1.5.7 on windows platform, An Error 04450 occurs and the apacheds-rolling.log contains:
[21:07:27] ERROR [org.apache.directory.shared.ldap.entry.DefaultServerAttribute] - ERR_04450 The value {0} is incorrect, it hasnt been added
[21:07:27] ERROR [org.apache.directory.server.Service] - Cannot start the server : reuseAddress can't be set while the acceptor is bound.
How can i fix this problem? Anybody could help me? many thanks!
The warning log message is a bit misleading, actually this is not a serious issue, the server should be running despite of this warning, this has been fixed a while back in the latest trunk code (which will be released as 2.0 instead of 1.5.8).
According to this post, the dc=example,dc=org context entry is not created by default anymore but no one has updated the documentation to reflect this. I installed 1.5.7 and it looks to me like the partition was created fine, but I'm getting the same error as described above. I suggest installing an older version.
The 2nd error message suggests that the port is already in use. Is there a chance that you already had another ApacheDS process running, or that another program is using the ports?
This isn't a domain controller perchance, is it? If so, the default LDAP ports 389 & 636 are already in use for Active Directory, so you'll need to choose another. However, I believe the defaults for ApacheDS are 10389 (LDAP) and 10636 (LDAPS), in which case they would typically be open on a Windows box.
You can check for processes on the ports with the netstat -abn command, and look through the list for the process listening on port 10389 or whichever custom port you chose.