rejetto forum
Software => HFS ~ HTTP File Server => HTML & templates => Topic started by: Lebjo on March 08, 2009, 10:47:45 AM
-
Hi
I need some info.....
Eg;
Somebody whant access to my 'locked' folder.. if he insert a bad pass/username.... can i see what he inserted? (pass/user) (log .....?? )
-
HFS will show the info only if the username is correct (but wrong password).
if you need more, we must go with scripting. let me know.
-
Yes, i need more info in log, what password and name he typing..
egsample
I have created 1 user named "JUSTTEST"
Somebody what to login and typing: user - "TOM", pass - "123"
and.. in log i want see
"""01:33:05 123 TOM@127.0.0.1:2517 Login failed""" - Bad password/username
-
it cannot be done with current version, sorry.
but next 2.3 beta build #229 will let you put this in the event script file (ALT+F6).
[unauthorized]
{.add to log|Bad login: %user% / %password%.}
-
When #229 will be done? (Release)
-
very soon.
maybe tonight.
or in this week.
-
but next 2.3 beta build #229 will let you put this in the event script file (ALT+F6).
[unauthorized]
{.add to log|Bad login: %user% / %password%.}
Works in regular log, but not apache format. :(
-
apache logs contains only requests.
the "add to log" is a free form of logging, and i guess it should not be included in apache format.
because i guess people using the apache format uses log analyzers. i don't know how they would behave in such situation.
i see 2 paths
- we discuss and see why such "free form" should fit the apache format.
- you don't use "add to log" but "append", and write directly to the apache format what you want.
-
apache logs contains only requests.
the "add to log" is a free form of logging, and i guess it should not be included in apache format.
because i guess people using the apache format uses log analyzers. i don't know how they would behave in such situation.
i see 2 paths
- we discuss and see why such "free form" should fit the apache format.
- you don't use "add to log" but "append", and write directly to the apache format what you want.
You added %z to apache log format. I used it
%h %l %u %t "%r" %>s %b "%{Referer}i %z" "%{User-Agent}i"
inside referer section. It produces result as screenshot attached. It could have been added to Request
section. Can't say what the result would be, of adding something else. But bad password would be nice
to have. Screen shot is of Analog 6.0 and at least lists the ~upload thats made.
When I can find some time I'll try append to see if it might be used some way, but I doubt it. Analog has a pretty narrow focus.
There is a better way, but we've been through that before :(
-
i was partially wrong.
yes, "apache logs contains only requests", but a bad password is actually a request (rejected).
so, my question now is: this "bad" request should already be logged in apache-format when the "only served requests" is disabled.
if you confirm this, i guess the only thing you miss is the "password" information.
am i right?
-
iso, my question now is: this "bad" request should already be logged in apache-format when the "only served requests" is disabled.
if you confirm this, i guess the only thing you miss is the "password" information.
am i right?
Only served requests is disabled.
Bad login is only refered to as 401, or as "failure" in various report sections in Analog.
No reason given. Event scripts don't show with apache format.
I fear apache format is becomming inadequate as HFS evolves.
I'm working on the event scripts and "add to log" (regular log).
I think this may be a better direction, and is showing promise, but I may need help eventually.
It will be some hours before I'll know whats possible.
Is there any hope that you might make a small (but badly needed) change to the regular log?
-
Bad login is only refered to as 401, or as "failure" in various report sections in Analog.
No reason given.
a 401 with a username is a "bad password".
what are you missing?
Is there any hope that you might make a small (but badly needed) change to the regular log?
how can i answer without knowing what you are talking about :)
-
r][m said
Event scripts don't show with apache format
Actually I was partially wrong, if you login by clicking on a protected
folder event scripts show in the HFS log window. If you use /~login
they do not.
Rejetto said
how can i answer without knowing what you are talking about
It might not be needed if I can use special events to make a special log work like...
[unauthorized]
{.unauthorized|{.append|/Server/Admin/log_file/New-Log.txt|Bad login:%date%-%time%-%user%-%password%.}
and it does work, but it appends the text in notepad like...
One line of textOne line of textOne line of text
Instead of...
One line of text
One line of text
Google finds lots of info on this, but I haven't been able to make anything work. Without proper
display, its useless.
Any idea on how to fix this?
-
The solution which is possible is to use \t and \n, they will be converted in tabulation and return to the line
procedure save();
begin result:=if_(saveFile(uri2diskMaybeFolder(p), xtpl(pars[1], ['\\','\|','\t',#09,'\n',CRLF,'\|','\']), name='append'), ' ') end; // mars
\\t and \\n are converted to \t and \n ( no TAB and no CRLF )
the other way is using two macro {.crlf.} {.tab.} to obtain the same result.
if name = 'crlf' then
result:=CRLF;
if name = 'tab' then
result:=#09;
To convert any text in the same way, it is advisable to use the macro {.replace|... .} under this shape:
{.replace|\\|<//>|\t|{.tab.}|\n|{.crlf.}|<//>|\| your text\t is converted\n correctly.}
An example using both methods with hfs.events
[request]
{.append|hfs.test.log|user1: {.tab.} %user%1 {.crlf.}.}
{.append|hfs.test.log|user2: \t %user%2 \n.}
{.append|hfs.test.log|user3: \\t %user%3 \\n.}
{.append|hfs.test.log|\n next request \n.}
{.append|hfs.test.log|{.replace|\\|<//>|\t|{.tab.}|\n|{.crlf.}|<//>|\| your text\t is converted\n correctly.}
.}
hfs.test.log contain:
user1: admin1
user2: admin2
user3: \t admin3 \n
next request
your text is converted
correctly
For that to ask furthermore? ;)
-
Mars
Many thanks for posting the codes. Since I'm not a programer,
my solution may not be technically correct, but it works :)
This in event scripts produces a special log
[unauthorized]
\n{.unauthorized|{.append|/A Location You Choose/Spl-Log.txt|
Bad_Login: %date% %time% %ip% {.if|%user%|%user%|0.} %password%.}\n
[upload completed]
\n{.Upload completed|{.append|/A Location You Choose/Spl-Log.txt|
Upload_Completed: %date% %time% %ip% %user% %item-name%.}\n
[download completed]
\n{.download completed|{.append|/A Location You Choose/Spl-Log.txt|
Download_Completed: %date% %time% %ip% %user% %item-name%.}\n
This makes the more important server data easy to analyze.
-
my solution may not be technically correct, but it works :)
the solution is just that, to enter the NEWLINE yourself :)
but you have some inutility in your code, you should use this form
[unauthorized]
{.append|/A Location You Choose/Spl-Log.txt|Bad_Login: %date% %time% %ip% {.if|%user%|%user%|0.} %password%
.}
having the NEWLINE at the end will avoid to create a blank line if the file is initially empty.
-
Rejetto
Thanks for the reply.
I've run into a problem with using the special log via event scripts.
The [download completed] records every thing, .gif, ~img, etc.
File mask, or don't log doesn't effect it.
I'm back to the request
Is there any hope that you might make a small (but badly needed) change to the regular log?
Regular log would work if:
3/16/09 3:14:25 AM user@192.168.1.35:1657 Requested GET /Server/
Could be out put as this with a space on each side of @
3/16/09 3:14:25 AM user @ 192.168.1.35:1657 Requested GET /Server/
But there would have to be a place holder when no user like apache
3/16/09 3:14:29 AM - 192.168.1.35:1658 Requested GET /Main/
Could this be done?
-
i do not really like it, because actually the space can be used in the /path/to/file
won't this cause a problem?
my idea is that i could fire on the file TABS instead of spaces. this would solve the problem of having spaces inside data.
even with no user, the tab would be present, so there's no need for the "-" as place holder.
next version will use this format (only on disk, on video it will stay the same).
i don't like the idea of changing the format. someone may be relying on the current format to analyze the data :-\
but i understand the importance of using a generic tool to parse the data.
we'll see if anyone complaints.
in case, it will be an option.
the [download completed] problem is discussed on the other topic.
-
do not really like it, because actually the space can be used in the /path/to/file
won't this cause a problem?
Do you mean
3/17/09 11:58:26 AM user@192.168.1.35:1104 Requested GET /Server/Shared_Files/Last Value In Range.doc
the spaces as marked in blue ? No. The significant log info is, Date, Time, User, and IP.
Anything to the right of IP can be re-combined, but anything with no space (I at least)
can't seperate.
someone may be relying on the current format to analyze the data
If they are I wish they'd share the method. I see no way, with out seperating user and IP,
which is what apache does, 192.168.1.35 - user [17/Mar/2009:03:13:50 -0600]
I'm aware of TABS, but haven't used it.
We'll give it a try. Should work.
My purpose is to get away from apache log format, as I feel it was never intended to log the
info HFS can log. HFS is out growing apache log's design intent. There will soon come a point
where the log analyzer prog's just wont be able to read whats available.
It should be possible to use a database to show #1 download, #1 user, # visits by IP, etc.
even charts are a possibility.
-
the new format is out
-
with 2.3 beta build #229 version - worked fine...
but now i wanna use this funckion with 2.3b 260... - and not working - why??
-
please be more specific.
report what did you do that's not working.
-
when typing wrong password and name(to login window..) - in 'log' im not getting information about this...
-
when typing wrong password and name(to login window..) - in 'log' im not getting information about this...
You already got an answer to this:
http://www.rejetto.com/forum/index.php/topic,6719.msg1041472.html#msg1041472
-
You already got an answer to this:
http://www.rejetto.com/forum/index.php/topic,6719.msg1041472.html#msg1041472
ahhhh not working... maybe need some 'modification' or change some options?
Why i dont getting information like this
(http://www.ipix.lt/images/59075693.png)
-
Lebjo
Works fine here.
02:30:33 PM Lebjo@127.0.0.1:1136 Bad login: Name Used - Lebjo / Password Used - Libby
-
dam...
i instaled new fresh hfs version to my virtual windows - stil not working...
again:
maybe need change some settings?
(http://www.ipix.lt/images/13593460.png)
2.3beta 260
-
dam...
i instaled new fresh version to my virtual windows - stil not working...
again:
maybe need change some settings?
Do you have something like this in hfs.events file?
[+unauthorized]
{.add to log | Bad Login: %user% %password%|red
.}
The "log what" setings don't seem to change anything here.
-
this code
[+unauthorized]
{.append|/A Location You Choose/Spl-Log.txt|Bad_Login: %date% %time% %ip% {.if|%user%|%user%|0.} %password%
.}
must be put in the template, not events file.
so the best way is to right click on the root/home > properties > diff template
-
rejetto
With your code in Spl-Log.txt file i having 1 empty (with no pass ir no name) line.. why?
one more question
is possible to do this function
if user type bad password/username.. - he anyway can go to that 'folder'
i need just 1 'pop up' login window.
-
this code
[+unauthorized]
{.append|/A Location You Choose/Spl-Log.txt|Bad_Login: %date% %time% %ip% {.if|%user%|%user%|0.} %password%
.}
must be put in the template, not events file.
so the best way is to right click on the root/home > properties > diff template
I have this in hfs.events as well as the first I posted, and it works in 260 here? So this should be in tpl?
-
I have this in hfs.events as well as the first I posted, and it works in 260 here? So this should be in tpl?
refer you to http://www.rejetto.com/wiki/index.php?title=HFS:_Template
Both have to work ;)
runEventScript('unauthorized');
getPage('unauthorized', data);
Network events
unauthorized
this user has no permission to access the requested resource.
Sections List
[unauthorized]
HTML for the %content% symbol
in tpl, section [unauthorized] is evaluated so often as the variable %content% appear in the section [error-page]
if data.conn.reply.mode <> HRM_REPLY then
s:=xtpl(tpl2use['error-page'], ['%content%', s]);
-
Thanks Mars,
I moved these to tpl and I think it works better !