I have configured a syslog-handler in WildFly-10 Standalone.xml as below
<syslog-handler name="mysyslog">
<level name="INFO"/>
<hostname value="localhost"/>
<app-name value="myappserver"/>
<facility value="local-use-7"/>
</syslog-handler>
I have added rules in rsyslog.d as
if $programname == 'myappserver' then /tmp/mysyslog.log
When i check the mysyslog file i could see <feff> characters
These characters are appended by Wildfly itself before sending it to rsyslog.
Can you please let me know how to get rid of these from my logs
I referred this link https://en.wikipedia.org/wiki/Byte_order_mark and it indicated that these are BOM characters
That is per the RFC 5424 spec that the BOM is added. A simple workaround is to override the encoding. Unfortunately the standard syslog server management resource doesn't allow for an encoding to be set. There is an issue filed to fix this though.
However you could use a custom-handler to override this and use an encoding like US-ASCII to change the encoding which would remove the BOM. The following CLI commands should create a syslog handler similar to the one you have configured.
/subsystem=logging/pattern-formatter=syslog-pattern:add(pattern="(%t) %s%e")
/subsystem=logging/custom-handler=syslog:add(module=org.jboss.logmanager, class=org.jboss.logmanager.handlers.SyslogHandler, named-formatter=syslog-pattern, level=INFO, properties={hostname=localhost, appName="myappserver", facility="LOCAL_USE_7", encoding="US-ASCII", syslogType=RFC5424})
Related
TL;DR
I'd like to prevent BIML from wrapping my ODBC driver in double quotes when it creates my dtsx package.
More info
I have a very simple BIML file, shown below after the BIML code header, which connects to Composite Information Server (CIS). I don't think the datasource is important, but I thought I'd include in case it's pertinent to the question/problem.
The CIS ODBC driver is installed with a driver name of Cisco Information Server 7.0.
As below, I'm entering the driver name correctly, but when BIML generates the dtsx package, it wraps quotes round the name, so, for a connection like this:
<OdbcConnection Name="CIS" ConnectionString="Driver={Cisco Information Server 7.0};Server=xxxxxxxxxx;Port=xxxxxxxxxx;Domain=xxxxxxxxxx;dataSource=xxxxxxxxxx;database=src;User=xxxxxxxxxx;Password=xxxxxxxxxx;Encrypt=yes;" />
...I end up with a connection string, like this:
Driver={"{Cisco Information Server 7.0}}"};server=xxxxxxxxxx;port=xxxxxxxxxx;domain=xxxxxxxxxx;datasource=xxxxxxxxxx;database=xxxxxxxxxx;user=xxxxxxxxxx;encrypt=yes
If I remove the curly braces and use a connection string like this:
<OdbcConnection Name="CIS" ConnectionString="Driver=Cisco Information Server 7.0;Server=xxxxxxxxxx;Port=xxxxxxxxxx;Domain=xxxxxxxxxx;dataSource=xxxxxxxxxx;database=src;User=xxxxxxxxxx;Password=xxxxxxxxxx;Encrypt=yes;" />
...I still end up with a connection string like this:
Driver={"Cisco Information Server 7.0"};server=xxxxxxxxxx;port=xxxxxxxxxx;domain=xxxxxxxxxx;datasource=xxxxxxxxxx;database=xxxxxxxxxx;user=xxxxxxxxxx;encrypt=yes
Edit Just for clarity (as it was missing from the original post) the extra quotes added by the BIML compiler mean the driver is unrecognised and executing the generated package throws this error:
Execute SQL Task: Failed to acquire connection "CIS". Connection may
not be configured correctly or you may not have the right permissions
on this connection.
I have a working solution (more of a workaround) by creating a duplicate registry entry for the driver in HKEY_LOCAL_MACHINE\SOFTWARE\ODBC\ODBCINST.INI, with the non-alphanumeric chars removed, then referencing this in BIML.
However, I'd like to know if there's a way to stop the BIML compiler wrapping quotes round my ODBC driver.
Thanks in advance for any suggestions!
BIML code
<Biml xmlns="http://schemas.varigence.com/biml.xsd">
<Connections>
<OdbcConnection Name="CIS" ConnectionString="Driver={Cisco Information Server 7.0};Server=xxxxxxxxxx;Port=xxxxxxxxxx;Domain=xxxxxxxxxx;dataSource=xxxxxxxxxx;database=src;User=xxxxxxxxxx;Password=xxxxxxxxxx;Encrypt=yes;" />
</Connections>
<Packages>
<Package Name="TestPackage" ConstraintMode="Parallel" ProtectionLevel="EncryptSensitiveWithUserKey" DelayValidation="true">
<Variables>
<Variable Name="TestResult" DataType="Int32">0</Variable>
</Variables>
<Tasks>
<ExecuteSQL Name="ConnectionTest" ConnectionName="CIS" ResultSet="SingleRow">
<DirectInput>SELECT COUNT(*) FROM SCHEMA.TABLE</DirectInput>
<Results>
<Result Name="1" VariableName="User.TestResult" />
<!-- ODBC requires a 1-based param number -->
</Results>
</ExecuteSQL>
</Tasks>
</Package>
</Packages>
</Biml>
Does ConnectionString="Driver={{{Cisco Information Server 7.0}}};... fix the problem?
I ran into a different issue in Biml where braces were being expanded as formatters and the solution is to double up the braces in .net at least
I have another workaround (instead of creating an alphanumeric-only copy of the ODBC registry entry).
#billinkc's answer, unfortunately, didn't help, as this related to escaping curly braces within a C# string.
The workaround is to create an ADO.NET ODBC connection, like this:
<AdoNetConnection Name="CISADO" Provider="System.Data.Odbc.OdbcConnection, System.Data, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" ConnectionString="Driver=Cisco Information Server 7.0;Server=xxxxxxxxxx;Port=xxxxxxxxxx;Domain=xxxxxxxxxx;dataSource=xxxxxxxxxx;database=xxxxxxxxxx;User=xxxxxxxxxx;Password=xxxxxxxxxx;Encrypt=yes;" />
For some reason, the BIML compiler 'likes' this connection string and doesn't try to wrap it in quotes and/or curly braces.
I'll leave the question open, as I'd really like someone to give an answer and solution to prevent the unwanted quotes & curly braces being added by the BIML compiler. This answer will hopefully be useful to someone (and me!) in the future.
I would like to use VS Code for python development. For this I need to install an extension, but searching for extensions results in an "ECONNREFUSED" error (407 when I'm using the Insiders build).
My settings.json file contains the following two lines:
"http.proxy": "http://username:password#proxyurl:port",
"http.proxyStrictSSL": false
The password does contain the # symbol, but that's escaped with %40.
I have already double-checked for any spelling mistakes, and I'm still getting the same error. I also tried leaving out either of the two lines or both, but to no avail.
Check the official documentation about proxy-server-support.
As it's written, VS Code has exactly the same proxy server support as Google Chromium, refer the chromium network-settings for more detais.
Assume the proxy uri is http://127.0.0.1:8118, use command like bellow:
code --proxy-server="http=127.0.0.1:8118;https=127.0.0.1:8118"
Or a simple trick with alias if you are in linux, put following line at the end of you ~/.bashrc or ~/.profile file.
alias code='code --proxy-server="http=127.0.0.1:8118;https=127.0.0.1:8118"'
When I try to debug or run a PHP script on my test Windows server using Aptana and PHP 5.4.24 (or the latest 5.4.x, 5.4.40), I am told "Malformed \uxxxx encoding" has occurred.
Given most material online about this error (with any Java code) refers to paths, I've tried installing this PHP version in two locations (and with an additionally different path), with no change. None of the paths contain the string "\u".
If I use PHP 5.5.12 instead, there's no error.
My production server uses 5.4.24, and I would prefer to leave it the way it is for the time being. I would like to debug using the same version of PHP.
A certain Igor appears to have had the same problem as me in July 2014: http://php.tutorialhorizon.com/how-to-debug-php-in-aptana-studio/#comment-2225
The offered solution "check your paths" hasn't helped me.
Log:
ENTRY org.eclipse.core.jobs 4 2 2015-04-21 13:44:19.026
!MESSAGE An internal error occurred during: "Launching website".
!STACK 0
java.lang.IllegalArgumentException: Malformed \uxxxx encoding.
at java.util.Properties.loadConvert(Unknown Source)
at java.util.Properties.load0(Unknown Source)
at java.util.Properties.load(Unknown Source)
at org2.eclipse.php.internal.debug.core.launching.XDebugExeLaunchConfigurationDelegate.isXDebugFunctional(XDebugExeLaunchConfigurationDelegate.java:310)
at org2.eclipse.php.internal.debug.core.launching.XDebugExeLaunchConfigurationDelegate.launch(XDebugExeLaunchConfigurationDelegate.java:86)
at org2.eclipse.php.internal.debug.core.launching.PHPLaunchDelegateProxy.launch(PHPLaunchDelegateProxy.java:71)
at org.eclipse.debug.internal.core.LaunchConfiguration.launch(LaunchConfiguration.java:858)
at org.eclipse.debug.internal.core.LaunchConfiguration.launch(LaunchConfiguration.java:707)
at org.eclipse.debug.internal.ui.DebugUIPlugin.buildAndLaunch(DebugUIPlugin.java:1018)
at org.eclipse.debug.internal.ui.DebugUIPlugin$8.run(DebugUIPlugin.java:1222)
at org.eclipse.core.internal.jobs.Worker.run(Worker.java:53)
Look at the property file or the file displayed in the error message and change the backslash to forwardslash:
...\user_projects... to .../user_projects...
Or
...\uxxxx... to .../uxxxx...
\u is a reserved keyword and throws the system off.
Note: "..." and "xxxx" are depicting anything in this case. Usually the error displays a line number one line below the actual line with the issue or so-called ...\u...
Reference: http://bugs.java.com/bugdatabase/view_bug.do?bug_id=6555979
It is really disappointing that so many of these issues with java plague many of us and so many articles send people on a wild goose chase. Hope this helps someone.
Are there paths with /usr in them somewhere? The windows version of PHP can do odd things with slashes and backslashes. Without seeing your config it is hard to say.
I do not know if the question is considered to be related to programming, but I'll try anyway. I'm new to the Alienvault OSSIM System.
I'm trying to learn how to make my own rules, but unfortunately I am having some difficulty.
I created a simple rule in the rules file "local.rules" inside of the Snort rules folder.
alert icmp any any <> any any (msg:"simple ping rule."; icode:0; itype:0; classtype:icmp-event; sid:250888; rev:5;)
This rule triggers after an icmp ping from any machine to any machine.
I checked if Snort deals with this rule, and indeed its records appear in the snort log file.
From The searches I've done about this, I realized that after a change in the rules files I must run the script below for the purpose of mapping rules files.
perl /usr/share/ossim/scripts/create_sidmap.pl /etc/snort/rules/
Then I created the following OSSIM rule in local_rules.xml file:
<group name="local,syslog,">
<rule id="100020" level="2">
<if_sid>250888</if_sid>
<description>it's a new rule that i write myself!!</description>
</rule>
</group>
After a system reboot I sent some pings to the machine, but the rule did not appear as an occurrence in the alert log. And in the OSSIM system error log this appears:
2014/08/06 11:30:59 rules_list: Signature ID '250888' not found. Invalid 'if_sid'.
Can someone explain to me what I am doing wrong?
I'm not familiar with Alienvault OSSIM System, but from a snort standpoint, this is an invalid sid for a local rule. SIDs for local rules must be >= 1,000,000 as these are reserved for rules included with the Snort distribution (See documentation on this here). Perhaps try changing the sid to 1000000 (or 1250888 if you want to keep the 250888 part).
If you create a rule in snort you don't need to create a rule local_rules.xml
after you change the local.rules of snort
any any (msg:"simple ping rule."; icode:0; itype:0; classtype:icmp-event; sid:250888; rev:5;)
and do this command
perl /usr/share/ossim/scripts/create_sidmap.pl /etc/snort/rules/
go to web interface > configuration > THREAT INTELLIGENCE > Data source > Data source id 1001
In Search input write the sid of your rule (250888) and you will find you're rule
I have my receive ports/locations set up, schemas deployed and RAD party set up to allow trailing deliminters.
If I send a message to BizTalk with no trailing delimiters everything works fine:
MSH|^~\&|RAD|TEST|ITS||201304111010||ORU^R01|J1908877|D|2.3|||AL|NE
If I send a message to BizTalk with trailing delimiters, which is how it looks coming out of our HCIS:
MSH|^~\&|RAD|TEST|ITS||201304111010||ORU^R01|J1908877|D|2.3|||AL|NE|||||||||
I get the following ACK from BizTalk:
MSH^1^21^102&Data type error&HL7nnnn:
MSH|^~\&|ITS||RAD|TEST|201304111010||ACK^R01^ACK|7788091J|D|2.3
MSA|CR|J1908877 ERR|MSH^1^21^102&Data type error&HL7nnnn
and an error in the eventlog:
Error happened in body during parsing Error # 1
Alternate Error Number: 301 Alternate Error Description: Schema
http://microsoft.com/HealthCare/HL7/2X#ORU_R01_23_GLO_DEF not found
Alternate Encoding System: HL7-BTA
I know the problem isn't the schema, because if I manually remove the trailing deliminters it works fine...
The Allow Trailing Delimiters setting allows delimiters for optional fields, but not for extra fields. There are only 19 fields in the MSH segment in HL7 2.3.