I am interested in specifying filters for ELMAH, when any one of these 2 exceptions occurs in my asp.net app.
Exception message contains 'This is an invalid webresource request'
Exception Message contains 'A potentially dangerous... value...'
I used the following in my web.config, but it only filters invalid websresource request if its placed as the first filter, but if its placed as second filter then it doesn't apply. The config file 'errorfilter' element is as given below. How can I specify both these conditions in web config, and do I need to use BaseException.Message or Exception.Message?
<errorFilter>
<test>
<or>
<and>
<regex binding="Exception.Message" pattern="(?ix: \b potentially \b.+?\b
dangerous \b.+?\b value \b.+?\b detected \b.+?\b client \b )" />
</and>
</or>
<or>
<and>
<equal binding="BaseException.Message" value="This is an invalid webresource
request." type="String" />
</and>
</or>
</test>
</errorFilter>
The test element can have only one child element. Since you have two or conditions under it, only the first one is ever being applied. The correct way to or your two conditions would be to group them under a single or element, under test, like this:
<errorFilter>
<test>
<or>
<regex binding="Exception.Message"
pattern="(?ix: \b potentially \b.+?\b
dangerous \b.+?\b value \b.+?\b
detected \b.+?\b client \b )" />
<equal binding="BaseException.Message"
value="This is an invalid webresource request."
type="String" />
</or>
</test>
</errorFilter>
Related
I got the task to log user access to datasets in certain libraries.
To solve this I use the SAS Audit logger, which already provides the desired output.
To get this desired output, i use the start parameter logconfigloc with the following XML-file:
<?xml version="1.0" encoding="UTF-8"?>
<logging:configuration xmlns:logging="http://www.sas.com/xml/logging/1.0/">
<!-- Log file appender with immediate flush set to true -->
<appender name="AuditLog" class="FileAppender">
<param name="File" value="logconfig.xml.win.audit.file.xml.log"/>
<param name="ImmediateFlush" value="true" />
<filter class="StringMatchFilter">
<param name="StringToMatch" value="WORK"/>
<param name="AcceptOnMatch" value="false"/>
</filter>
<filter class="StringMatchFilter">
<param name="StringToMatch" value="Libref"/>
<param name="AcceptOnMatch" value="true"/>
</filter>
<!-- The DenyAllFilter filters all events not fullfilling the criteria of at least one filters before -->
<filter class="DenyAllFilter">
</filter>
<layout>
<param name="ConversionPattern"
value="%d - %u - %m"/>
</layout>
</appender>
<!-- Audit message logger -->
<logger name="Audit" additivity="false">
<appender-ref ref="AuditLog"/>
<level value="trace"/>
</logger>
<!-- root logger events not enabled -->
<root>
</root>
</logging:configuration>
My Problem is, that by using the logconfigloc parameter, the log parameter is not working any more hence I get no "conventional" SAS log.
I allready tried to enable the root logger, but it´s output only looks similar to the original logfiles but has some diffrences.
Is there an (easy) way to get the "conventional" SAS log in addition the to the afforementioned special access logging output?
Kind Regards,
MiKe
I found the answer to the question how to obtain the conventional log.
For this purpose the SAS logger named "App" with message level "info" can be used.
So the following XML does the trick:
<?xml version="1.0" encoding="UTF-8"?>
<logging:configuration xmlns:logging="http://www.sas.com/xml/logging/1.0/">
<appender name="AppLog" class="FileAppender">
<param name="File" value="D:\Jobs_MK\SAS_Logging_Facility\Advanced_Logging_Test_with_XML\logconfig_standard_log.log"/>
<param name="ImmediateFlush" value="true" />
<layout>
<param name="ConversionPattern"
value="%m"/>
</layout>
</appender>
<!-- Application message logger -->
<logger name="App" additivity="false">
<appender-ref ref="AppLog"/>
<level value="info"/>
</logger>
<!-- root logger events not enabled -->
<root>
</root>
</logging:configuration>
In my springboot application, I configure to write logs to AWS CloudWatch, but the application also generates a log file log on the server itself in the folder /var/log/, now the log file is even larger than 19G
How can I disable the log in the server itself, and only write logs to CloudWatch?
The following is my current logback-spring.xml configuration. Any ideas will appreciate. Thanks in advance.
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<include resource="org/springframework/boot/logging/logback/base.xml" />
<springProperty scope="context" name="ACTIVE_PROFILE" source="spring.profiles.active" />
<property name="clientPattern" value="payment" />
<logger name="org.springframework">
<level value="INFO" />
</logger>
<logger name="com.payment">
<level value="INFO" />
</logger>
<logger name="org.springframework.ws.client.MessageTracing.sent">
<level value="TRACE" />
</logger>
<logger name="org.springframework.ws.client.MessageTracing.received">
<level value="TRACE" />
</logger>
<logger name="org.springframework.ws.server.MessageTracing">
<level value="TRACE" />
</logger>
<appender name="CONSOLE" class="ch.qos.logback.core.ConsoleAppender">
<layout class="ch.qos.logback.classic.PatternLayout">
<pattern>%d{yyyy-MM-dd HH:mm:ss.SSS} [${HOSTNAME}:%thread] %-5level%replace([${clientPattern}] ){'\[\]\s',''}%logger{50}: %msg%n
</pattern>
</layout>
<filter class="ch.qos.logback.classic.filter.ThresholdFilter">
<level>TRACE</level>
</filter>
</appender>
<springProfile name="local,dev">
<root level="INFO">
<appender-ref ref="CONSOLE" />
</root>
</springProfile>
<springProfile name="prod,uat">
<timestamp key="date" datePattern="yyyy-MM-dd" />
<appender name="AWS_SYSTEM_LOGS" class="com.payment.hybrid.log.CloudWatchLogsAppender">
<filter class="ch.qos.logback.classic.filter.ThresholdFilter">
<level>TRACE</level>
</filter>
<layout>
<pattern>%d{yyyy-MM-dd HH:mm:ss.SSS} [${HOSTNAME}:%thread] %-5level%replace([${clientPattern}] ){'\[\]\s',''}%logger{50}:
%msg%n
</pattern>
</layout>
<logGroupName>${ACTIVE_PROFILE}-hybrid-batch</logGroupName>
<logStreamName>HybridBatchLog-${date}</logStreamName>
<logRegionName>app-northeast</logRegionName>
</appender>
<appender name="ASYNC_AWS_SYSTEM_LOGS" class="ch.qos.logback.classic.AsyncAppender">
<appender-ref ref="AWS_SYSTEM_LOGS" />
</appender>
<root level="INFO">
<appender-ref ref="ASYNC_AWS_SYSTEM_LOGS" />
<appender-ref ref="CONSOLE" />
</root>
</springProfile>
</configuration>
The most likely fix is to remove this line:
<appender-ref ref="CONSOLE" />
I say "most likely" because this is just writing output to the console. Which means that there's something else that redirects the output to /var/log/whatever, probably in the startup script for your application.
It's also possible that the included default file, org/springframework/boot/logging/logback/base.xml, because this file defines a file appender. I don't know if the explicit <root> definition will completely override or simply update the included default, but unless you know you need the default I'd delete the <include> statement.
If you need to recover space from the existing logfile, you can truncate it:
sudo truncate -s 0 /var/log/WHATEVER
Deleting it is not the correct solution, because it won't actually be removed until the application explicitly closes it (which means restarting your server).
As one of the commenters suggested, you can use logrotate to prevent the on-disk file from getting too large.
But by far the most important thing you should do is read the Logback documentation.
This question already has answers here:
How to use sed/grep to extract text between two words?
(14 answers)
Closed 6 years ago.
This is returning incorrect results:
sed -regex -no print '/everythingbetween/,/thesephrases/p'
Cool. Now let me step through my sed command:
'/<literal string...="[collectionofcharacters(I also tried ^ at the beginning)]
.(anycharacter)+(greedy)?(lessgreedy, or until first instance of the following)
DBAppender(string literal)/,/ \/>(another string literal)/p'
My actual statement
sed -rn '/<appender-ref ref="[ET].+?DBAppender/,/\/>/p'
Result.
<appender-ref ref="ErrorDBAppender" />
<appender-ref ref="TracingDBAppender" />
<appender-ref ref="ErrorDBAppender" />
<appender-ref ref="RollingFileAppender" />
<appender-ref ref="ErrorDBAppender" />
<appender-ref ref="RollingFileAppender" />
<appender-ref ref="ErrorDBAppender" />
<appender-ref ref="TracingDBAppender" />
<appender-ref ref="ErrorDBAppender" />
<appender-ref ref="TracingDBAppender" />
<appender-ref ref="ErrorDBAppender" />
Please, someone tell my why "Rolling" is showing up when I'm even SPECIFYING the character after the " MUST either be a E or a T, NOT AN R!?
Edit: Please, if you're going to tell me how to do this with another tool, specify why it isn't working with sed first.
You are matching all the lines in a line range, that begins with pattern:
<appender-ref ref="[ET].+?DBAppender
and ends with pattern:
/>
I think your intention was to match the /> on the same line, but once the first pattern is matched it moves on to the next line and will match any line including the />.
I would like to filter the ELMAH results declaratively in my web.config. I'm not getting it to successfully filter out some of the exceptions I would like. HttpStatusCode is succesfully filtering, but I'm still getting ViewStateExceptions through. There are lots of posts about how to configure it, however I'm not sure how to put several filters into the configuration section and documentation seems to be a little thin on this point. Currently I have the below configuration in my web.config. I wondering, can someone point out:
If I have things defined correctly to filter out ViewStateExceptions and
How exactly to define the node structure to process all the filters correctly.
<errorFilter>
<test>
<equal binding="HttpStatusCode" value="404" type="Int32" />
<test>
<test>
<and>
<is-type binding="Exception" type="System.Web.HttpException" />
<regex binding='Exception.Message' pattern='invalid\s+viewstate' caseSensitive='false' />
</and>
</test>
<test>
<and>
<is-type binding="Exception" type="System.Web.UI.ViewStateException" />
<regex binding='Exception.Message' pattern='invalid\s+viewstate' caseSensitive='false' />
</and>
</test>
</errorFilter>
In your last test try binding to BaseException, not Exception.
Re your structure try something like:
<test>
<or>
<regex binding="BaseException.Message" pattern="Request timed out."/>
<and>
<equal binding="Context.Request.ServerVariables['REMOTE_ADDR']" value="::1" type="String"/>
<regex binding="Exception" pattern="hello"/>
</and>
<regex binding="BaseException.Message" pattern="The remote host closed the connection."/>
</or>
</test>
Should work. Wrap all the tests in an <or>, then any tests that must both be true, wrap in an <and>.
I try to ignore the System.Web.HttpException (0x80072746) in Elmah. I tried the following, but they don't work:
<errorFilter>
<test>
<equal binding="HttpStatusCode" value="0x80072746" type="UInt32" />
</test>
</errorFilter>
and
<errorFilter>
<test>
<equal binding="HttpStatusCode" value="0x80072746" type="Int32" />
</test>
</errorFilter>
and
<errorFilter>
<test>
<equal binding="HttpStatusCode" value="0x80072746" type="String" />
</test>
</errorFilter>
I've found this thread, but it tells me to cast it... I don't know how to cast it in Elmah Config:
How to catch a specific HttpException (#0x80072746) in an IHttpHandler
Does anyone has a idea?
Many thanks in advance!
Those are not HTTP status codes you're testing for, they're ASP.Net Error codes. HTTP Status codes are three digits like 404 (Not Found) or 500 (Internal Server Error). To ignore .Net errors like those specified, you could try a match using RegEx on the error message like below:
<errorFilter>
<test>
<regex binding="BaseException.Message" pattern="System.Web.HttpException (0x80072746)" />
</test>
</errorFilter>