QuickFIX/n Bloomberg configuration - tls1.2

I'm trying to connect to Bloomberg through the FIX protocol (4.4) using QuickFIX/n.
Bloomberg requires to use the TLS 1.2 protocol. I have installed the PFX certificate following the instructions.
My current FIX config file looks as follows:
[DEFAULT]
ConnectionType=initiator
ReconnectInterval=2
FileStorePath=store
FileLogPath=fixlog
StartTime=06:00:00
StartDay=monday
EndTime=22:00:00
EndDay=friday
SocketConnectHost=xxx.xx.xxx.xx
SocketConnectPort=8228
# standard config elements
[SESSION]
BeginString=FIX.4.4
SenderCompID=MY_COMP_ID
TargetCompID=BBG_COMP_ID
HeartBtInt=60
ValidateFieldsOutOfOrder=N
UseDataDictionary=Y
DataDictionary=FIX_BBG.xml
CheckLatency=N
[SSL]
SSLEnable=Y
SSLProtocols=Tls12
SSLValidateCertificates=Y
SSLCheckCertificateRevocation=N
SSLCertificate=C:\Services\FixEngineService\cert\pkcs12\cert.pfx
SSLCertificatePassword=xxxxxxxxxxxx
When I open the session, I immediately get disconnected.
Actually, it's not a network problem as the server is reached.
Bloomberg tells me that they have an "Unknown Protocol" message.
I don't get any log on my side.
Do you see something wrong in my configuration?
Is there someone that successfully set up a quickfix connection with Bloomberg? If yes what could be wrong in my settings from your experience?

You should put the SSL options under the session that it applies to. In your case:
[SESSION]
BeginString=FIX.4.4
SenderCompID=MY_COMP_ID
TargetCompID=BBG_COMP_ID
HeartBtInt=60
ValidateFieldsOutOfOrder=N
UseDataDictionary=Y
DataDictionary=FIX_BBG.xml
CheckLatency=N
SSLEnable=Y
SSLProtocols=Tls12
SSLValidateCertificates=Y
SSLCheckCertificateRevocation=N
SSLCertificate=C:\Services\FixEngineService\cert\pkcs12\cert.pfx
SSLCertificatePassword=xxxxxxxxxxxx

I post the config that worked for me. In case other people struggle with the same configuration issue.
[DEFAULT]
ConnectionType=initiator
ReconnectInterval=2
FileStorePath=store
FileLogPath=fixlog
StartTime=06:00:00
StartDay=monday
EndTime=22:00:00
EndDay=friday
SocketConnectHost=xxxx.xx.xxx.32
SocketConnectPort=8228
# standard config elements
[SESSION]
BeginString=FIX.4.4
SenderCompID=MAP_MY_BETA
TargetCompID=MAP_BLP_BETA
HeartBtInt=60
ValidateFieldsOutOfOrder=N
UseDataDictionary=Y
DataDictionary=FIX_BBG.xml
CheckLatency=N
SSLEnable=Y
SSLProtocols=Tls12
SSLValidateCertificates=N
SSLCheckCertificateRevocation=N
SSLCertificate=C:\Services\FixEngineService\cert\pem\cert.pem
SSLCertificatePassword=xxxxxxxxxx
SSLCACertificate=C:\Services\FixEngineService\cert\pem\CACerts.pem
SSLRequireClientCertificate=Y
Also don't forget to import the pfx certificat for the right user.
Best,

Related

Rsyslog: imfile does not switch to inotify mode

I'm trying to send multiple nginx logs to loggly...
Config file: /etc/rsyslog.d/21-nginx.conf
$ModLoad imfile
#$InputFilePollInterval 10
$InputFileMode inotify
$WorkDirectory /var/spool/rsyslog
$PrivDropToGroup adm
# nginx access file:
$InputFileName /var/log/nginx/*access.log
$InputFileTag nginx-access:
$InputFileStateFile stat-nginx-access
$InputFileSeverity info
$InputFilePersistStateInterval 20000
$InputRunFileMonitor
# other stuff continues......
after restart i get this error in log syslog:
imfile: The to-be-monitored file "/var/log/nginx/*access.log" contains wildcards. This is not supported in polling mode. [v8.16.0 try http://www.rsyslog.com/e/2420 ]
activation of module imfile failed [v8.16.0 try http://www.rsyslog.com/e/-3 ]
did i make something wrong?
Are there other places in your rsyslog configuration where the file mode is changed to pulling or the file poll interval is active? The problem with using this kind of legacy syntax is that all the configuration is loaded globally, so things in other configuration files can interact. You might consider using the new action syntax so that the inotify mode is applied to the specific source. You can see an example of it here http://www.rsyslog.com/doc/v8-stable/configuration/modules/imfile.html

Weblogic 12C sending logs to syslog

I want to send my weblogic log to syslog. here is what I have done so far.
1.Included following log4j.properties in managed server classpath -
log4j.rootLogger=DEBUG,syslog
log4j.appender.syslog=org.apache.log4j.net.SyslogAppender
log4j.appender.syslog.Threshold=DEBUG
log4j.appender.syslog.Facility=LOCAL7
log4j.appender.syslog.FacilityPrinting=false
log4j.appender.syslog.Header=true
log4j.appender.syslog.SyslogHost=localhost
log4j.appender.syslog.layout=org.apache.log4j.PatternLayout
log4j.appender.syslog.layout.ConversionPattern=[%p] %c:%L - %m%n
2. added following command to managed server arguments -
-Dlog4j.configuration=file :<path to log4j properties file> -Dorg.apache.commons.logging.Log=org.apache.commons.logging.impl.Log4JLogger -Dweblogic.log.Log4jLoggingEnabled=true
3. Added wllog4j.jar and llog4j-1.2.14.jar into domain's lib folder.
4.Then, from Admin console changed logging information by doing the following. "my_domain_name"--->Configuration--->Logging--->(Advanced options)-->Logging implementation: Log4J
Restart managed server.
I used this as refernce. But didnt get anaything in syslog(/var/log/message). What am I doing wrong?
I would recommend a couple items to check:
Remove the space in DEBUG, syslog in the file
Your last two server arguments have a space between the - and the D so make sure that wasn't just a copy and paste error in this post.
Double check that the log files are in the actual classpath.
Double check from a ps command, that the -D options made it correctly into the start command that was executed.
Make sure that the managed server has a copy of the JARs correctly as they would get synchornized from admin during the restart.
Hopefully something in there will help or give an idea of what to look for.
--John
I figured out the problem. My appender was working fine, the problem was in rsyslog.conf. Just uncommented following properties
# Provides UDP syslog reception
#$ModLoad imudp
#$UDPServerRun 514
We were appending the messages, but the listner was abesnt, so it didnt knew what to do with it.
and from *.debug;mail.none;authpriv.none;cron.none /var/log/messages it figures out where to redirect any (debug in this case) information to messages file.

SBT not passing credentials when publishing to Artifactory

I am coding a Java project and I'm automating the build and the publishing to JFrog Artifactory using SBT.
Whenever it's time to publish to Artifactory I want to do it using the Ivy directory layout and obviously publish the Ivy XML file along with the jar. I managed to achieve this by using the following lines in the build.sbt file:
crossPaths := false
publishTo := Some("Artifactory Realm" at "http://<Artifactory IP>:<Artifactory Port>/artifactory/org.project.my")
credentials += Credentials(Path.userHome / ".ivy2" / ".credentials")
publishMavenStyle := false
However it only works when anonymous users are allowed to deploy into Artifactory. I realized that sbt is not really passing my credentials to Artifactory but, instead, logging in as anonymous.
My $HOME/.ivy2/.credentials file looks like this:
realm=Artifactory Realm
host=http://<Artifactory IP>:<Artifactory Port>/artifactory/org.project.my
user=<my user name>
password=<my user name>
However, if I change the Artifactory configuration in order to prevent anonymous users from deploying new Artifacts, when I run "sbt publish" I get the following output:
[error] Unable to find credentials for [Artifactory Realm # <Artifactory IP>].
java.io.IOException: Access to URL http://<Artifactory IP>:<Artifactory Port>/artifactory//org.project.my/org/project/my/project-my/1.0.0/project-my-1.0.0.jar was refused by the server: Unauthorized
The Artifactory request.log file then contains:
20160219011657|319|REQUEST|10.0.2.2|anonymous|PUT|/org.project.my/org/project/my/project-my/1.0.0/project-my-1.0.0.jar|HTTP/1.1|401|24978
I have also tried passing the credentials manually instead of using a file:
credentials += Credentials("Artifactory Realm", "localhost", "<USERNAME>", "<PASS>")
But I am getting the same result.
Any idea what I might be missing?
try:
host=<Artifactory IP>
old answer (doesn't work):
host=<Artifactory IP>:<Artifactory port>
I had a different problem: I had the wrong realm set on my .credentials file.
Looking at the error output from sbt, I was able to figure out that I should use:
realm=Artifactory Realm
Error shows the expected values for realm and host:
[error] Unable to find credentials for [Artifactory Realm # myhost].

Alfresco Share - Unable to change the default port number

I am trying to configure Alfresco Community 3.3 on a port other than its default port of 8080. I need it to run on 8989. I think I have change all instances of 8080 (where it is mentioned in configuration files) to 8989, and I am able to access Alfresco Explorer okay. So far so good.
But, when I try to access http://localhost:8989/share I get the following error
java.io.IOException: Unable to test document path:
alfresco/site-data/configurations/slingshot.site.configuration.xml in
remote store: alfresco due to error: 404
The files I have changed are as follows:
tomcat/conf/server.xml
tomcat/shared/classes/alfresco/web-extension/share-config-custom.xml
tomcat/webapps/alfresco/WEB-INF/classes/alfresco/file-severs.xml
tomcat/webapps/alfresco/WEB-INF/classes/alfresco/repository.properties
tomcat/webapps/alfresco/WEB-INF/classes/alfresco/subsystem/sysAdmin/default/sysadmin-parameter.properties
tomcat/webapps/alfresco/wsdl/access-control-service.wsdl
tomcat/webapps/alfresco/wsdl/administration-service.wsdl
tomcat/webapps/alfresco/wsdl/action-service.wsdl
tomcat/webapps/alfresco/wsdl/authentication-service.wsdl
tomcat/webapps/alfresco/wsdl/authoring-service.wsdl
tomcat/webapps/alfresco/wsdl/classification-service.wsdl
tomcat/webapps/alfresco/wsdl/content-service.wsdl
tomcat/webapps/alfresco/wsdl/dictionary-service.wsdl
tomcat/webapps/alfresco/wsdl/repository-service.wsdl
virtual-tomcat/conf/server-minimal.xml
virtual-tomcat/conf/server.xml
Have I missed something obvious?
(Please make no suggestions about upgrading......)
I think you have overdone it.
According to
http://wiki.alfresco.com/wiki/Changing_Default_Port_Configuration
you should only change it in share-config-custom.xml
Change all the files back but share-config-custom.xml
Four are the files to be changed in Alfresco 5.2 in order to set the various ports:
[alfresco-community_instDir]\properties.ini
[alfresco-community_instDir]\tomcat\conf\server.xml
[alfresco-community_instDir]\tomcat\shared\classes\alfresco-global.properties
[alfresco-community_instDir]\tomcat\webapps\share\WEB-INF\classes\alfresco\share-cmis-config.xml

Apache 2.2.16: client denied by server configuration

I have problem with my server configuration. I use Apache 2.216, PHP 5.3.3 and wordpress 3.4.2 with Shopperpress. Time to time I receive error "client denied by server configuration: path/to/file" in apache log file. It is path to _tbs.php file, but it is not problem in rights of file, because this file is called 12 times on page for getting thumbs of photos and there is error only several times. I think that it has no connection to concrete photo, because once this photo is displayed corectly and next time same photo produce error.
Do you have any idea what can be reason?
Thank you for all advices.
Viktor
I think thats a problem by the configuration of MaxClients or MaxRequestsPerChild.
Try to restore the default configuration and try it again. If that not works, reinstall Apache and purge the old configuration.
You have given very little information. It is not clear under what conditions do you work (OS, installed modules, Log entrys,...).
WordPress 3.4.2 is very old and safety-relevant. Please update WordPress and your WP-Plugins.
Go to you VHOST-file and replace:
Deny from all
Allow from 127.0.0.0/255.0.0.0
with:
Require all granted
This cause for old Config-Files and newer Apache-Version. Since Apache 2.4.3 a new security feature is added.

Resources