I have been researching on the concept of how event logs are collected from cloud based applications like dropbox without deploying agents...i haven't found any clear explanation based on this...it would be grateful if someone could explain.
This is a very broad topic and can be very confusing because everyone logs differently, so while i cannot answer the question definitively, I can hopefully help you along.
A good heuristic is to see if the cloud service supports one of the oldest logging standard, Syslog. Typically if they do, you will not need to deploy an agent, but configure log forwarding and listen for messages on Linux server you control (which already has a logging service running though it might need additional configuration). Also if the cloud service has a Syslog service running on the remote service, you potentially can use that service to forward logs to your Syslog server.
The mechanism used for transportation should be TLS because logs can unknowingly contain very sensitive data (Twitter just recently put out a security warning concerning this). You can see how to configure a Linux Syslog server with TLS here
Related
I was reading this article from Microsoft and in step 5 it says: The WWW Service uses the configuration information to configure HTTP.sys.
What exactly is the WWW service configure in HTTP.sys?
What is the purpose of the WWW service?
How is it different from the Windows Process Activation Service (WAS)?
Thank you!
In short, WWW service gets the configuration elements from applicationHost.config and applies the portion related to Windows HTTP API to the driver HTTP.sys.
The purpose of WWW service is roughly documented in https://learn.microsoft.com/en-us/iis/get-started/introduction-to-iis/introduction-to-iis-architecture#how-the-www-service-works-in-iis
Don't try to acquire a deep understanding of such components at the beginning. They are not open sourced so he documentation is rather vague.
The same applies to WAS, https://learn.microsoft.com/en-us/iis/get-started/introduction-to-iis/introduction-to-iis-architecture#windows-process-activation-service-was
If you are taking a course, just memorize the facts at this stage. Once you get more familiar with IIS daily operations, you will get more insights.
Not sure if this is a Docusign or ngix question.I'm working on integrating an application with Docusign and I keep seeing this somewhat vague error below in the Docusign Connect logs. In our nginx logs I see that a POST to our application's /webhook endpoint was attempted but doesn't go through. I've specified TLS 1.2 and have tried increasing our nginx timeout but that doesn't seem to fix it.
One theory I have is that our server's certificate isn't chained to a Microsoft trusted CA but I would expect a different error if that was the case.
Any help or guidance would be greatly appreciated.
This most likely would require you to get the IT folks managing this server and networking involved. And yes, they may need to install a certificate, but other errors can be related to the firewall blocking certain requests, an anti-virus blocking requests and even DNS related error preventing the HTTP request from being sent and received by the server.
We highly recommend to use a public cloud for Connect and we have plenty of examples how this can work, while still having your code run on your own IT server.
I belong to a team of several people, divided throughout the world.
We are building software for a certain platform, lets call it "Platform S". To develop for this platform there are 2 resources that are necessary. One is the SDK, which can be installed only using certain installer, that connects directly with the Platform S centrail server, and install it in out machine. The other resource is the developer website, where people post their questions and doubts about the SDK and hardware it operates on itself.
The problem comes that to connect to these resources, both the forums and to download/update the SDK, I need to have always the same IP address.
To solve this problem, I initially created a server with a fixed IP and installed proxy software in it, so that we could configure our local machines to connect to the proxy, and all have the same IP address.
Of course, to avoid that this proxy were used with nefarious purposes by hackers, and others, I protected the proxy with a password. When accessing the forums, this was no problem, as the browser opened a small dialogue window, to ask me for the user and password. But the installer that is in charge of installing/updating the SDK does not offer me this dialogue window. The last time, I disabled the password for a while, since SDK updating is not a task that one does that often, but after just a couple hours, I already got a notice from my server provider to warn me that the server was being used for malicious purposes. So that meant that this solution was not appropiate.
What approach could I take to solve my problem? Is the proxy idea the wrong way to go?
I have a two node BTS2010 group with a separate SQL Server hosting the BTS databases including SSODB; Biz01, Biz02 and Sql01. This environment was configured by a previous employee and I have no documentation available.
There seems to be something not right with the SSO config but I'm not sure how to resolve it.
When I run ssoconfig -status on Biz02 all looks good - it tells me that the SSO Server is Biz02 and the SQL Server is Sql01 plus a load of other stuff. However, when I run the same command on Biz01 I get the message: "Error 0xC0002A0F: Could not contact the SSO server 'Sql01'. Check that SSO is configured and that the SSO service is running on that server'
I'm not clear on what Biz01 is trying to do here - is it trying to reach the EntSSO windows service on Biz02 via an RPC call, before ultimately attempting to retrie config info from Sql01?
I have checked that the ENTSSO service is running on Biz01, Biz02 and that the RPC service is running on each of the three servers.
Can anyone help advise what further steps I can take to determine the root cause of this configuration problem?
Many thanks
Rob.
I'm not sure if you have your servers clustered or not but I've run into something similar before within a cluster. Your SSO name should be your network name and not the individual computers name. Here's an post about the issue I had. Hope it helps.
Microsoft's Enterprise SSO server is bundled with BizTalk Server - I'm fairly familiar with how to configure it, make sure it's working, etc. My questsion is, what exactly does it do, and how does it do it?
My best understanding is that it is used to securely store configuration for things like ports and adapters, because configuration items often include things like credentials, passwords, connection strings, etc. In terms of "how it works", my best guess is that the configuration values are stored encrypted in an SSO database, and the "master secret" is simply the encryption key that only privileged credentials (like the one running the BizTalk hosts) have access to, so they can use it to access the encrypted configuration.
Can someone shine some light on this and point out where this is right/wrong?
You're pretty close overall. EntSSO is used by BizTalk internally to store any sensitive data. This includes particularly the adapter-specific part of any send port/receive location configuration.
But that's not all EntSSO does; it can also be used to provide credential mapping services between Windows and non-windows systems, by storing sets of encrypted credentials for other applications and mapping within them. Basically, this can be used to provide single sign-on services when building BizTalk solutions so that BizTalk can "act as" a specific user when doing stuff on their behalf.
For example, you could have BizTalk receive a message over an HTTP/SOAP receive location set up with Windows Integrated authentication, and then let BizTalk flow that authentication information over to an FTP send port where the Windows user credential is mapped to a specific username/password combination associated to it so that BizTalk can authenticate as said user to the FTP server. With this, different Windows Users sending messages to BizTalk would result in separate FTP connections created with different credentials on the other end (this is different from the default BizTalk behavior of using a single credential for all operations on a send port).
Obviously EntSSO offers a bunch of other options beyond this, but that's kinda the big deal.
BTW, the BizTalk docs actually contain a fairly extensive section on EntSSO that is pretty useful.