Demo Discussion
Forum Config Examples Contributions Vulnerabilities
  Discussion forum about ELOG, Page 1 of 213  Not logged in ELOG logo
icon5.gif   Bug report. "Submit" button misbehave, posted by Andrey on Tue Sep 22 18:54:04 2020 

Hi. 

I am an IT guy of the AMS collaboration at CERN. We have been using your wonderful elog software for about 10 years now. Thanks! It served us so well that I guess we never got in touch with you. 

Recently we have upgraded it (probably for the first time in years) up to the version ELOG V3.1.4-4936b76.

Since then, we have a particular problem. And finally, I managed to reproduce it.

So, when I edit a record and click the "Submit" button it goes back to the summary view (as usual, as before) but it does not really save the entry. And it shows that the record is still being edited. I can actually click "back" in the browser and not to lose the modifications (otherwise, if I try to edit and steal the lock, it's lost). 

I will try to figure out where the problem is coming from. The most verbose mode of the elog server I've found is just GET-POST lines, not helpful. Is there a debug mode? 

Also, we ran httpd configured with the elogd as a virtual host (proxy).

Any help is very appreciated. 

Cheers, 

Andrey

 

    icon2.gif   SOLVED, posted by Andrey on Wed Sep 23 11:51:57 2020 

Hi again. We have solved our problem! 

It was caused by a non-defined mod_auth_openidc configuration parameter:

# Interval in seconds after which the session will be invalidated when no interaction has occurred.

# When not defined, the default is 300 seconds.

#OIDCSessionInactivityTimeout <seconds>

 

As a guess... This somehow makes elogd to forget a user who is editing an entry. And then, clicking "Submit" button makes elogd to start a new session? 

 

Andrey wrote:

Hi. 

I am an IT guy of the AMS collaboration at CERN. We have been using your wonderful elog software for about 10 years now. Thanks! It served us so well that I guess we never got in touch with you. 

Recently we have upgraded it (probably for the first time in years) up to the version ELOG V3.1.4-4936b76.

Since then, we have a particular problem. And finally, I managed to reproduce it.

So, when I edit a record and click the "Submit" button it goes back to the summary view (as usual, as before) but it does not really save the entry. And it shows that the record is still being edited. I can actually click "back" in the browser and not to lose the modifications (otherwise, if I try to edit and steal the lock, it's lost). 

I will try to figure out where the problem is coming from. The most verbose mode of the elog server I've found is just GET-POST lines, not helpful. Is there a debug mode? 

Also, we ran httpd configured with the elogd as a virtual host (proxy).

Any help is very appreciated. 

Cheers, 

Andrey

 

 

icon5.gif   Query to get values for Attributes, posted by Florian Feldbauer on Mon Sep 21 09:17:52 2020 

Hey,

I'm trying to integrate the Elog into our SlowControl System (Phoebus/EPICS). As a first step I translated the python library to Java. So writing new Entries and viewing them works.
But for Phoebus, you need a list of the possible values for the attributes. Currently this is done via the config file from Phoebus.

Is there a way to get the values also via a query directly from the Elog?

Cheers,
Florian

    icon3.gif   Re: Query to get values for Attributes, posted by Andreas Luedeke on Mon Sep 21 20:03:49 2020 

That would be a nice feature...

If you are good in parsing HTML you can achieve this feature: when you create a new entry "<elog-URL>?cmd=new", you'll get HTML source code that provides you with all possible attribute choices.

Disclaimer: this only works if you don't use Conditional attributes.

Florian Feldbauer wrote:

Hey,

I'm trying to integrate the Elog into our SlowControl System (Phoebus/EPICS). As a first step I translated the python library to Java. So writing new Entries and viewing them works.
But for Phoebus, you need a list of the possible values for the attributes. Currently this is done via the config file from Phoebus.

Is there a way to get the values also via a query directly from the Elog?

Cheers,
Florian

 

       icon2.gif   Re: Query to get values for Attributes, posted by Florian Feldbauer on Tue Sep 22 09:27:45 2020 

Thanks for the tipp. I managed to use XPATH to get the values for my Type and Category attributes!

The API, I'm developing for Phoebus is quiet simple. It currently just supports Author, Subject, Type and Category as attributes and the latter two are just lists of values.

Andreas Luedeke wrote:

That would be a nice feature...

If you are good in parsing HTML you can achieve this feature: when you create a new entry "<elog-URL>?cmd=new", you'll get HTML source code that provides you with all possible attribute choices.

Disclaimer: this only works if you don't use Conditional attributes.

Florian Feldbauer wrote:

Hey,

I'm trying to integrate the Elog into our SlowControl System (Phoebus/EPICS). As a first step I translated the python library to Java. So writing new Entries and viewing them works.
But for Phoebus, you need a list of the possible values for the attributes. Currently this is done via the config file from Phoebus.

Is there a way to get the values also via a query directly from the Elog?

Cheers,
Florian

 

 

icon4.gif   view connecting account, posted by Lahreche Abdelmadjid on Sun Sep 13 09:13:31 2020 

Hi All,

Can I view who is connected to ELOG (I'm the Admin) ?

thank you.

    icon2.gif   Re: view connecting account, posted by Andreas Luedeke on Mon Sep 14 17:25:08 2020 

Yes, you can see that in the logging file, if you turn on logging. You might want to read the manual https://elog.psi.ch/elog/config.html. Here's the relevant excerpt:

  • Logfile = <file>
    This option specifies a filename which logs all login/logout activities and successful user connections for logbooks with user level access. The the logging level (see below) is larger than 1, also read and write accesses can be logged.
  • Logging level = 1 | 2 | 3
    Specifies the logging level. The higher this value, the more information is logged. Default is 2:
    • 1: Log only logins and logouts
    • 2: Log also write accesses
    • 3: Log also read accesses
Lahreche Abdelmadjid wrote:

Hi All,

Can I view who is connected to ELOG (I'm the Admin) ?

thank you.

 

       icon2.gif   Re: view connecting account, posted by Lahreche Abdelmadjid on Tue Sep 15 12:31:09 2020 

Thank you, I found it.

Andreas Luedeke wrote:

Yes, you can see that in the logging file, if you turn on logging. You might want to read the manual https://elog.psi.ch/elog/config.html. Here's the relevant excerpt:

  • Logfile = <file>
    This option specifies a filename which logs all login/logout activities and successful user connections for logbooks with user level access. The the logging level (see below) is larger than 1, also read and write accesses can be logged.
  • Logging level = 1 | 2 | 3
    Specifies the logging level. The higher this value, the more information is logged. Default is 2:
    • 1: Log only logins and logouts
    • 2: Log also write accesses
    • 3: Log also read accesses
Lahreche Abdelmadjid wrote:

Hi All,

Can I view who is connected to ELOG (I'm the Admin) ?

thank you.

 

 

icon5.gif   testing the client: unclear it worked, posted by Jose Caballero on Thu Jul 30 17:03:12 2020 

Hello,

I just gave it a quick try to the command line client, to see if I can use it to access our institution service. 


[root@host ~]# cd /tmp/
[root@host ~]# mkdir elog
[root@host ~]# cd elog
[root@host ~]# wget https://elog.psi.ch/elog/download/RPMS/elog-3.1.4-2.el7.x86_64.rpm
[root@host ~]# rpm2cpio elog-3.1.4-2.el7.x86_64.rpm | cpio -idmv
[root@host ~]# cd usr/local/bin/
[root@host ~]# ./elog --help
[root@host ~]# ./elog -h <hostname> -l <logbook> -u <myusername> <mypassword> -w last
"Message successfully transmitted, ID=-1"

 

Is that the expected output? I was expecting to see info about the latest message in the server.

Cheers,

Jose

    icon2.gif   Re: testing the client: unclear it worked, posted by Stefan Ritt on Fri Jul 31 08:34:35 2020 

The <hostname> you have to actually replace with your real host name. Same for logbook, username and password. 

On my local test system I get (actual password hidden here with "...")

~$ elog -h localhost -p 8080 -l demo -u stefan ... -a Authort=SR -a Subject=test  test
Message successfully transmitted, ID=5
~$ 

Jose Caballero wrote:

Hello,

I just gave it a quick try to the command line client, to see if I can use it to access our institution service. 


[root@host ~]# cd /tmp/
[root@host ~]# mkdir elog
[root@host ~]# cd elog
[root@host ~]# wget https://elog.psi.ch/elog/download/RPMS/elog-3.1.4-2.el7.x86_64.rpm
[root@host ~]# rpm2cpio elog-3.1.4-2.el7.x86_64.rpm | cpio -idmv
[root@host ~]# cd usr/local/bin/
[root@host ~]# ./elog --help
[root@host ~]# ./elog -h <hostname> -l <logbook> -u <myusername> <mypassword> -w last
"Message successfully transmitted, ID=-1"

 

Is that the expected output? I was expecting to see info about the latest message in the server.

Cheers,

Jose

 

       icon2.gif   Re: testing the client: unclear it worked, posted by Jose Caballero on Mon Sep 14 15:40:02 2020 

Sorry for the late reply. I didn't get email notification about an answer to my question :)

Actually, I just wrote <hostname> and so on for privacy. In my attempt, they have real values. 

And yet, I got as result: "Message successfully transmitted, ID=-1".

Follow up question: do I really need to install everything even though I only want the client? Or is there somewhere a package just with the client code?

Thanks

Jose

Stefan Ritt wrote:

The <hostname> you have to actually replace with your real host name. Same for logbook, username and password. 

On my local test system I get (actual password hidden here with "...")

~$ elog -h localhost -p 8080 -l demo -u stefan ... -a Authort=SR -a Subject=test  test
Message successfully transmitted, ID=5
~$ 

Jose Caballero wrote:

Hello,

I just gave it a quick try to the command line client, to see if I can use it to access our institution service. 


[root@host ~]# cd /tmp/
[root@host ~]# mkdir elog
[root@host ~]# cd elog
[root@host ~]# wget https://elog.psi.ch/elog/download/RPMS/elog-3.1.4-2.el7.x86_64.rpm
[root@host ~]# rpm2cpio elog-3.1.4-2.el7.x86_64.rpm | cpio -idmv
[root@host ~]# cd usr/local/bin/
[root@host ~]# ./elog --help
[root@host ~]# ./elog -h <hostname> -l <logbook> -u <myusername> <mypassword> -w last
"Message successfully transmitted, ID=-1"

 

Is that the expected output? I was expecting to see info about the latest message in the server.

Cheers,

Jose

 

 

icon5.gif   Insert images slow downs the ELOG, posted by Zbigniew Reszela on Wed Sep 9 11:41:23 2020 

Dear all,

First, many thanks for creating and sharing this great tool which is ELOG! Our users are very happy with it!

I have few questions about inserting images into the entries.

From time to time our users insert them directly in the editor what leads to encoding the whole image in the HTML log file and the images does not appear in the attachments list. Saving and further editing of such entries slows down the whole ELOG server which uses 100% of CPU.

I'm not sure how they do it Ctrl+C & Ctrl+V, drag & drop, etc.. What I know is that if they add it using the "Insert image" action in the editor there are no problems and the images are properly listed in the attachments.

I read in the docs:

uploading or downloading an attachement file is a single request, and causes the entire file to be loaded in server memory while the request is being processed.
This is not normally a problem for the sort of short, text-mode entries ELOG is designed to support. However, if a user starts to upload or download a large attachment file (or image) over a slow link, all other users on that ELOG server will have to wait for that transfert to finish before they can access any logbook on that server. This is why there is a low limit on the size of attachments, and why ELOG should not be used to distribute large files under intensive multi-user conditions.

but I think this is not our case. Here I talk about wrongly inserting a single image of 700KiB.

So, I'm asking:

  1. Is the behavior that we observe something already detected? If yes, which are exactly the wrong ways of inserting the images?
  2. Is it fixed in newer ELOG versions?
  3. Is it possible to disable the wrong ways of inserting the images in order to avoid such problems?

Many thanks in advance for your help!

    icon2.gif   Re: Insert images slow downs the ELOG, posted by Andreas Luedeke on Sat Sep 12 19:19:02 2020 

I found the most limiting factor of ELOG to be the file access. ELOG stores all entries in files and therefore has a lot of disk access.

We found that an AFS directory for ELOG is unusable. We tried to store our logbooks on NFS, and it was barely usable but slow. Now we use a local disk on the server, that works fine.

If you want to speed up ELOG the best approach is a dedicated server with a local SSD storage.

Zbigniew Reszela wrote:

Dear all,

First, many thanks for creating and sharing this great tool which is ELOG! Our users are very happy with it!

I have few questions about inserting images into the entries.

From time to time our users insert them directly in the editor what leads to encoding the whole image in the HTML log file and the images does not appear in the attachments list. Saving and further editing of such entries slows down the whole ELOG server which uses 100% of CPU.

I'm not sure how they do it Ctrl+C & Ctrl+V, drag & drop, etc.. What I know is that if they add it using the "Insert image" action in the editor there are no problems and the images are properly listed in the attachments.

I read in the docs:

uploading or downloading an attachement file is a single request, and causes the entire file to be loaded in server memory while the request is being processed.
This is not normally a problem for the sort of short, text-mode entries ELOG is designed to support. However, if a user starts to upload or download a large attachment file (or image) over a slow link, all other users on that ELOG server will have to wait for that transfert to finish before they can access any logbook on that server. This is why there is a low limit on the size of attachments, and why ELOG should not be used to distribute large files under intensive multi-user conditions.

but I think this is not our case. Here I talk about wrongly inserting a single image of 700KiB.

So, I'm asking:

  1. Is the behavior that we observe something already detected? If yes, which are exactly the wrong ways of inserting the images?
  2. Is it fixed in newer ELOG versions?
  3. Is it possible to disable the wrong ways of inserting the images in order to avoid such problems?

Many thanks in advance for your help!

 

icon5.gif   field selections persist across new log entries?, posted by Anthony Krishock on Tue Sep 8 14:22:11 2020 

All,

 

I am using elog as an observation log for amateur astronomy. I have a form configured, but I would like to know if it is possible to make certain fields persist across new entries.

What I mean is this:

When I make an new observation, I select a value for sky conditions (say.. "1"). When I make another observation, "1" is already selected.

Is this possible? If so, how?

Thanks

    icon2.gif   Re: field selections persist across new log entries?, posted by Sebastian Schenk on Tue Sep 8 16:35:14 2020 

As far as I know, it is not possible, if you make a "new" entry.
You could configure the elog, to always PRESET an atribute, but then it is always the same, not the last.

I think the "duplicate" entry function could provide you partly with the functionality you want, as it copies all old values into a new entry.

Regards,
Sebastian

Anthony Krishock wrote:

All,

 

I am using elog as an observation log for amateur astronomy. I have a form configured, but I would like to know if it is possible to make certain fields persist across new entries.

What I mean is this:

When I make an new observation, I select a value for sky conditions (say.. "1"). When I make another observation, "1" is already selected.

Is this possible? If so, how?

Thanks

 

    icon2.gif   Re: field selections persist across new log entries?, posted by Andreas Luedeke on Wed Sep 9 10:33:58 2020 
It is probably possible, but requires a big of a hack.
Whenever you save a new entry or edit an old one, you run a little shell script to write the value of this field into a file.
Whenever you create a new entry you read the PRESET value with a shell script from that file.

Here are the relevant excepts from the documentation:

Subst <attribute> = <string>
When submitting logbook entries, attribute values can be substituted by some text. This text can contain arbitrary fixed text and following values:

  • $<attribute>: The entered value of the attribute itself
  • $host: The host name where elogd is running
  • $remote_host: The host name of the host from with the entry was submitted
  • $short_name: The login name (if password file is present)
  • $long_name: The full name from the password file for the current user
  • $user_email: The email address from the password file for the current user
  • $logbook: The name of the current logbook
  • $date: The current date, formatted via "Date format"
  • $utcdate: The current UTC date (GMT) and time, formatted via "Date format"
  • $version: The version of the ELOG server in the form x.y.z
  • $revision: The Subversion reversion of the ELOG server as an integer number
  • $shell(<command>): <command> gets passed to the operating system shell and the result is taken for substitution.

Execute new | edit | delete = <command>
It is possible to execute a shell command on the server side after a new message has been submitted, edited or deleted. This feature has been used in the past for SMS notifications over a telephone system and for synchrnonization of the ELOG database with an external SQL database. The <command> can contain substitutions similar to the Subst command. In addition the list of all attachments can be referred to via $<attachments>. The text body of the entry can be referred to with $text. It should be noted that only the first 1500 characters of the text can be used, in order not to exceed the limits of the shell. Following (Unix) command writes a notification into some file:

Execute new = echo "New message wiht ID $message id of type $type from $long_name on $remote_host" >> /tmp/elog.log


It should be noted that this feature can impose a security problem. If someone can edit the elogd.cfg through the Config command of elogd, that person can put malicious code into elogd.cfg and execute it. This is even more severe if elogd runs with root privileges. To avoid such problems, the execute facility is disabled in elogd by default and has to be enabled explicitly with the "-x" command line flag. The administrator has to ensure then of course that only trusted people can edit elogd.cfg.

 

Have fun!

Andreas

Anthony Krishock wrote:

All,

 

I am using elog as an observation log for amateur astronomy. I have a form configured, but I would like to know if it is possible to make certain fields persist across new entries.

What I mean is this:

When I make an new observation, I select a value for sky conditions (say.. "1"). When I make another observation, "1" is already selected.

Is this possible? If so, how?

Thanks

 

icon5.gif   Using curl to post new entries, posted by Florian Feldbauer on Wed Sep 2 10:24:58 2020 

Hey,

i'm trying to use curl to post new entries to our logbook as described here: https://elog.psi.ch/elogs/Forum/68597.
The Elog is installed via the Deban package on Buster.
I created a test logbook with attributes Author, Type, Category and Subject.

curl -u florian:foobaa -F cmd=Submit -F Author=Florian -F Type=Diary -F Category=General -F Subject="testing curl" -F Text="foo baa" http://localhost:8080/test
<!DOCTYPE html>
<html><head>
<meta name="ROBOTS" content="NOINDEX, NOFOLLOW">
<title>ELOG Login</title>
<link rel="stylesheet" type="text/css" href="elog.css">
<link rel="shortcut icon" href="favicon.ico" />
<link rel="icon" href="favicon.png" type="image/png" />
</head>
<body OnLoad="document.form1.uname.focus();">
<form name=form1 method="POST" action="./" enctype="multipart/form-data">

<input type=hidden name=redir value="">
<table class="login_frame" cellspacing=0 align=center><tr><td class="login_title">Please login</td></tr>
<tr><td class="login_form">
<span class="overlay_wrapper">
<label for="uname" id="uname" class="overlabel">Username</label>
<input type="text" class="login_input" name="uname" value="" title="Username" onInput="document.getElementById('uname').style.display='none';">
</span></td></tr>
<tr><td class="login_form">
<span class="overlay_wrapper">
<label for="upassword" id="upassword" class="overlabel">Password</label>
<input type="password" class="login_input" name="upassword" onInput="document.getElementById('upassword').style.display='none';">
</span></td></tr>
<tr><td align=center class="login_form"><input type=checkbox checked name=remember value=1>
Keep me logged in on this computer
for the next 31 days or until I log out</td></tr>
<tr><td align=center class="login_form">
<a href="?cmd=Forgot">Forgot password?</a></td></tr>
<tr><td align=center class="login_form_bottom"><input type="submit" class="login_submit" value="Submit"></td></tr></table>
<center><a class="bottomlink" title="Goto ELOG home page" href="https://midas.psi.ch/elog/">ELOG V3.1.3-7933898</a></center></form></body></html>

 

As you can see, curl only prints the login page of the logbook and no new entry has been created. Any suggestions what might go worng here?

Regards,
Florian

    icon2.gif   Re: Using curl to post new entries, posted by Florian Feldbauer on Wed Sep 2 11:56:04 2020 

After going through the code of the Python API (https://github.com/paulscherrerinstitute/py_elog/blob/master/elog/logbook.py) I tried the following:
$ python3
>>> from passlib.hash import sha256_crypt
>>> sha256_crypt.hash( 'foobaa', salt='', rounds=5000)[4:]
'waa2sT6eBt.qk0wsucX/nxU5GcqffqlEx6ja5Lg1OR5'
>>> from datetime import datetime
>>> datetime.now().timestamp()
1599039390.964989
$ curl -F cmd=Submit -F exp=labor -F unm=florian -F upwd='waa2sT6eBt.qk0wsucX/nxU5GcqffqlEx6ja5Lg1OR5' -F Encoding=plain -F When=1599039390.964989 -F Author=curl -F Subject="curl test" -F Category=General -F Type=Diary -F Text="foo baa" http://localhost:8080/test/

This worked. It seems to me, that the "-u" option from Curl is not working for elog.

Cheers,
Florian

 

Florian Feldbauer wrote:

Hey,

i'm trying to use curl to post new entries to our logbook as described here: https://elog.psi.ch/elogs/Forum/68597.
The Elog is installed via the Deban package on Buster.
I created a test logbook with attributes Author, Type, Category and Subject.

curl -u florian:foobaa -F cmd=Submit -F Author=Florian -F Type=Diary -F Category=General -F Subject="testing curl" -F Text="foo baa" http://localhost:8080/test
<!DOCTYPE html>
<html><head>
<meta name="ROBOTS" content="NOINDEX, NOFOLLOW">
<title>ELOG Login</title>
<link rel="stylesheet" type="text/css" href="elog.css">
<link rel="shortcut icon" href="favicon.ico" />
<link rel="icon" href="favicon.png" type="image/png" />
</head>
<body OnLoad="document.form1.uname.focus();">
<form name=form1 method="POST" action="./" enctype="multipart/form-data">

<input type=hidden name=redir value="">
<table class="login_frame" cellspacing=0 align=center><tr><td class="login_title">Please login</td></tr>
<tr><td class="login_form">
<span class="overlay_wrapper">
<label for="uname" id="uname" class="overlabel">Username</label>
<input type="text" class="login_input" name="uname" value="" title="Username" onInput="document.getElementById('uname').style.display='none';">
</span></td></tr>
<tr><td class="login_form">
<span class="overlay_wrapper">
<label for="upassword" id="upassword" class="overlabel">Password</label>
<input type="password" class="login_input" name="upassword" onInput="document.getElementById('upassword').style.display='none';">
</span></td></tr>
<tr><td align=center class="login_form"><input type=checkbox checked name=remember value=1>
Keep me logged in on this computer
for the next 31 days or until I log out</td></tr>
<tr><td align=center class="login_form">
<a href="?cmd=Forgot">Forgot password?</a></td></tr>
<tr><td align=center class="login_form_bottom"><input type="submit" class="login_submit" value="Submit"></td></tr></table>
<center><a class="bottomlink" title="Goto ELOG home page" href="https://midas.psi.ch/elog/">ELOG V3.1.3-7933898</a></center></form></body></html>

 

As you can see, curl only prints the login page of the logbook and no new entry has been created. Any suggestions what might go worng here?

Regards,
Florian

 

       icon2.gif   Re: Using curl to post new entries, posted by Stefan Ritt on Wed Sep 2 15:42:40 2020 

This is correct. The elogd daemon needs username and password in parameters "unm" and "upwd". The password must be SHA256 encoded, so best is to grab it from the password file. This way one does not have to send clear text passwords over the network.

Florian Feldbauer wrote:

After going through the code of the Python API (https://github.com/paulscherrerinstitute/py_elog/blob/master/elog/logbook.py) I tried the following:
$ python3
>>> from passlib.hash import sha256_crypt
>>> sha256_crypt.hash( 'foobaa', salt='', rounds=5000)[4:]
'waa2sT6eBt.qk0wsucX/nxU5GcqffqlEx6ja5Lg1OR5'
>>> from datetime import datetime
>>> datetime.now().timestamp()
1599039390.964989
$ curl -F cmd=Submit -F exp=labor -F unm=florian -F upwd='waa2sT6eBt.qk0wsucX/nxU5GcqffqlEx6ja5Lg1OR5' -F Encoding=plain -F When=1599039390.964989 -F Author=curl -F Subject="curl test" -F Category=General -F Type=Diary -F Text="foo baa" http://localhost:8080/test/

This worked. It seems to me, that the "-u" option from Curl is not working for elog.

Cheers,
Florian

 

Florian Feldbauer wrote:

Hey,

i'm trying to use curl to post new entries to our logbook as described here: https://elog.psi.ch/elogs/Forum/68597.
The Elog is installed via the Deban package on Buster.
I created a test logbook with attributes Author, Type, Category and Subject.

curl -u florian:foobaa -F cmd=Submit -F Author=Florian -F Type=Diary -F Category=General -F Subject="testing curl" -F Text="foo baa" http://localhost:8080/test
<!DOCTYPE html>
<html><head>
<meta name="ROBOTS" content="NOINDEX, NOFOLLOW">
<title>ELOG Login</title>
<link rel="stylesheet" type="text/css" href="elog.css">
<link rel="shortcut icon" href="favicon.ico" />
<link rel="icon" href="favicon.png" type="image/png" />
</head>
<body OnLoad="document.form1.uname.focus();">
<form name=form1 method="POST" action="./" enctype="multipart/form-data">

<input type=hidden name=redir value="">
<table class="login_frame" cellspacing=0 align=center><tr><td class="login_title">Please login</td></tr>
<tr><td class="login_form">
<span class="overlay_wrapper">
<label for="uname" id="uname" class="overlabel">Username</label>
<input type="text" class="login_input" name="uname" value="" title="Username" onInput="document.getElementById('uname').style.display='none';">
</span></td></tr>
<tr><td class="login_form">
<span class="overlay_wrapper">
<label for="upassword" id="upassword" class="overlabel">Password</label>
<input type="password" class="login_input" name="upassword" onInput="document.getElementById('upassword').style.display='none';">
</span></td></tr>
<tr><td align=center class="login_form"><input type=checkbox checked name=remember value=1>
Keep me logged in on this computer
for the next 31 days or until I log out</td></tr>
<tr><td align=center class="login_form">
<a href="?cmd=Forgot">Forgot password?</a></td></tr>
<tr><td align=center class="login_form_bottom"><input type="submit" class="login_submit" value="Submit"></td></tr></table>
<center><a class="bottomlink" title="Goto ELOG home page" href="https://midas.psi.ch/elog/">ELOG V3.1.3-7933898</a></center></form></body></html>

 

As you can see, curl only prints the login page of the logbook and no new entry has been created. Any suggestions what might go worng here?

Regards,
Florian

 

 

icon5.gif   How to prevent file path leaks on a 404 page, posted by Rich Loring on Tue May 12 15:53:17 2020 

Hello,

We used the Elog RPM binary installation method to install Elog. Our security scanners are complaining that Elog discloses the version information when you hit a missing page (404 error).  How can I hide this version info? Is there a snippet of code somewhere that I can comment out?

Any help is appreciated.

-Rich

    icon2.gif   Re: How to prevent file path leaks on a 404 page, posted by Stefan Ritt on Tue Aug 4 13:44:01 2020 

I removed the version info from the 404 error, but you have to recompile elogd from sources. The fix will be included in the next RPM, but that can usually take a few weeks.

Rich Loring wrote:

Hello,

We used the Elog RPM binary installation method to install Elog. Our security scanners are complaining that Elog discloses the version information when you hit a missing page (404 error).  How can I hide this version info? Is there a snippet of code somewhere that I can comment out?

Any help is appreciated.

-Rich

 

       icon2.gif   Re: How to prevent file path leaks on a 404 page, posted by Stefan Ritt on Wed Aug 26 20:44:38 2020 

A new RPM has been released at https://elog.psi.ch/elog/download/RPMS/elog-3.1.4-2.el7.x86_64.rpm containing that fix.

Stefan Ritt wrote:

I removed the version info from the 404 error, but you have to recompile elogd from sources. The fix will be included in the next RPM, but that can usually take a few weeks.

Rich Loring wrote:

Hello,

We used the Elog RPM binary installation method to install Elog. Our security scanners are complaining that Elog discloses the version information when you hit a missing page (404 error).  How can I hide this version info? Is there a snippet of code somewhere that I can comment out?

Any help is appreciated.

-Rich

 

 

ELOG V3.1.4-80633ba