Monit is monitoring a log file with very long lines and when a content match is occuring, only part of the log line is displayed (both on the email alert and on /var/log/monit.log). I looked into the documentation and couldn't find anything helpful, any ideas?
Thanks!
Related
With some Uploads in Moodle (3.9) Uploads are not successful, mainly pdf.
The message that comes up is: "An error occured whilst communicating with the server".
not successful requests show
POST /course/dndupload.php undefined
successful requests show
POST /course/dndupload.php HTTP/1.1
When a pdf is reexported with libre office for example the same pdf can be uploaded without problems.
any ideas?
Is the LibreOffice pdf smaller? It could be PHP timing out.
https://docs.moodle.org/311/en/File_upload_size#Modifying_the_php.ini_file
What is the value for max_execution_time ? You can check the PHP values here -
Site administration > Server > PHP info
Also, try switching debug to developer level and see what the error message is.
Site administration > Development > Debugging
Debug messages = Developer
Display debug messages = checked
Although be cautious changing the debug level if its a production site. If you have access to the config.php file then you can specify a user.
// You can specify a comma separated list of user ids that that always see
// debug messages, this overrides the debug flag in $CFG->debug and $CFG->debugdisplay
// for these users only.
// $CFG->debugusers = '2';
Thanks for the response, in the meantime a solution to the problem was found. On the server a measurement against log4j2-vulnerability has been implemented: https://support.f5.com/csp/article/K59329043#proc2. This caused the misbehaviour, the iRule has been removed, now it works again.
I've recently started using Monit to monitor some production machines. And it does this well. But the annoying issue I have is that part of the routine is to restart the servers once a day on a rotating basis and each of those restarts generates a unmonitor and monitor message.
I can't find a specific alert setting to turn this off and consequently I'm bombarded by correct but unnecessary messages. There does not seem to be a specific event related to this.
Does anyone know of a way to do this? To be clear, I want to tell monit to unmonitor a server/task, restart or do something, then restart the server/task, then monitor it again. But I don't want to know about the unmonitor or monitor, only failure situations.
You can disable alerts for user actions in general, like the monitrc states:
## Do not alert when Monit starts, stops or performs a user initiated action.
## This filter is recommended to avoid getting alerts for trivial cases.
#
# set alert your-name#your.domain not on { instance, action }
Documentation: https://mmonit.com/monit/documentation/monit.html#Setting-an-event-filter
I'm wondering if there is some way in ModSecurity Apache2 module (version 2.9.1) how to log error messages into log file specified by the SecDebugLog option but don't duplicate them into the standard Apache error log file?
According to ModSecurity documentation the error messages are always doubled in both log files: Messages with levels 1–3 are designed to be meaningful, and are copied to the Apache’s error log. But I'd like to keep the ModSecurity stuff separate and don't mess the standard error log.
You can remove log from any of the Rules and just leave auditlog.
If using the OWASP CRS then change the default action from this:
SecDefaultAction "phase:1,deny,log"
SecDefaultAction "phase:2,deny,log"
to this:
SecDefaultAction "phase:1,deny,nolog,auditlog"
SecDefaultAction "phase:2,deny,nolog,auditlog"
Which will turn off all logging, but then turn on auditlogging again.
You may also want to add similar for phase 3 and 4 depending on whether you are also checkout outbound traffic.
However I would really, really, really caution against this for a number of reasons:
You will eventually block something with a ModSecurity rule and wonder why it's happening and skip over the Audit log and blame Apache. Trust me. "Why is this request returning 403 when I can see the page exists?!?!" At least if in the error log then you've another chance to see why this is so.
The entry in the error log is in one line. This makes it much easier to collect, parse and deal with errors in tools like Splunk. The audit log is spread over several lines so is less machine readable. And you should be reviewing your WAF logs regularly and not just assuming it's working correctly and only look at logs when something goes wrong. Maybe not in detail at each log level but in summary. Ivan Ristic, the original creator of ModSecurity, recently tweeted:
"If you’re not using your WAF as an IDS, you’re doing it wrong."
These are errors. And the error log is therefore the right place for them. The audit log is then a useful place to get extra detail if you cannot explain the errors.
I'm not able to find the logs of application I have submitted on the the yarn on ambari cluster via log search service.
You can access logs from CLI using yarn logs -applicationId <application ID>
Try to find the log file associated with the log message that you are searching for. Then see if this particular component is configured in log search. Maybe it's not configured. That is one reason why log search is not picking up the log message
If it is configured there could be additional reasons why log search is not picking the log message
1) Check the filter set for the component. Maybe the filter is set to pick up only ERROR and WARN and the log message you are trying to see could be INFO
2)While configuring log search components you can set a filter. Make sure the log message matches the filter
I have deployed a system integrated with weblogic, but until now I faced a problem is the weblogic increasing the stdout.out size heavily(by GB per week), it caused the system to load slowly and slowly.
Any way to prevent it increase the size heavily or redirect into .log?
Thanks alot
As David Herget says above, using the WebLogic Scripting Tool (WLST) to redirect StdOut and StdErr did not actually work for me either; I had to also do so through the web console (even though they appear to be set on the console) and restart the relevant jvms.
I can't reply to David's comment above due to being a newbie. [Edited since for clarity]
Not totally sure to understand fully your question.
Are you talking about the {server_name}.out file located in the {Domain_Path}/servers/{server_name}/logs ?
If so, I've never found anyway to rotate those logs automatically so I run a script each day to rotate it (basically copying it to another name, zip it and echoing a NULL in the orginal file...erasing the older one after).
If you are talking about redirecting StdOut to the logs though, that can be done within the console for each server in the logging tab by checking "Redirect stdout logging enabled". Configuration to rotate those logs can also be done within that tab.
On that, StdErr can also be redirected, but not from the console (in WL9). You have to put "RedirectStderrToServerLogEnabled" at true in the MBean tree by wlst (it's located at /Servers/{server_name}/Log/{server_name}
I know the question was ask long time ago but hoping it would help nonetheless
Weblogic provides features of log files rotation based on the size and time interval.
You can try rotating the log files based on the size. You would need to configure the log rotation policy from the admin console. Please refer the below link for further details.
http://docs.oracle.com/cd/E12840_01/wls/docs103/ConsoleHelp/taskhelp/logging/RotateLogFiles.html
If you want to rotate the log files on demand, you can use the below WSLT script.
C:\>java weblogic.WLST
#connect WLST to an Administration Server
wls:/offline> connect('username','password')
#navigate to the ServerRuntime MBean hierarchy
wls:/mydomain/serverConfig> serverRuntime()
wls:/mydomain/serverRuntime>ls()
#navigate to the server LogRuntimeMBean
wls:/mydomain/serverRuntime> cd('LogRuntime/myserver')
wls:/mydomain/serverRuntime/LogRuntime/myserver> ls()
-r-- Name myserver
-r-- Type LogRuntime
-r-x forceLogRotation java.lang.Void :
#force the immediate rotation of the server log file
wls:/mydomain/serverRuntime/LogRuntime/myserver> cmo.forceLogRotation()
wls:/mydomain/serverRuntime/LogRuntime/myserver>
http://docs.oracle.com/cd/E12840_01/wls/docs103/logging/config_logs.html#wp1001654