Demo Discussion
Forum Config Examples Contributions Vulnerabilities
  Discussion forum about ELOG, Page 1 of 723  Not logged in ELOG logo
ID Date Icon Author Author Email Category OS ELOG Version Subject
  69194   Tue Aug 4 13:44:01 2020 Reply Stefan Rittstefan.ritt@psi.chQuestionLinux3.1.4Re: How to prevent file path leaks on a 404 page

I removed the version info from the 404 error, but you have to recompile elogd from sources. The fix will be included in the next RPM, but that can usually take a few weeks.

Rich Loring wrote:

Hello,

We used the Elog RPM binary installation method to install Elog. Our security scanners are complaining that Elog discloses the version information when you hit a missing page (404 error).  How can I hide this version info? Is there a snippet of code somewhere that I can comment out?

Any help is appreciated.

-Rich

 

  69193   Tue Aug 4 13:38:05 2020 Reply Stefan Rittstefan.ritt@psi.chQuestionWindowsV3.1.4-80633baRe: Record ID corruption

I tried to reproduce the problem with a fresh minimal logbook (the demo one coming from the distribution). Made 60 replies and all went well. So I wonder if it has to do with some special settings in elogd.cfg. Can you reproduce the problem with an empty logbook and an edlog.cfg which contains just the minimal settings?

David Pilgram wrote:

Hi Frank,

Good bit of detective work.  To me it suggests that something as yet undetermined occurs, that, when the 57th reply happens, causes the issue.  If that "something" hasn't happened, all is well.  Apart from Heinz varieties (not true, in fact), 57 isn't an obvious number; nor did it leap out at me at a quick look at the parameters in the coding.  My example of deleting more than 40 entries causing elog to crash was at least consistent, it happened every time.

I'm trying to think what this something might be.  With my (admittedly largeish) database of elog entries, starting elog from a cold start will take minutes of indexing before it will display home page or whatever.   Presumably it must count the number of entries in each thread (as otherwise why always 57?), yet if you stop and restart, it doesn't necessarily need to do the full indexing again - time between restarts I guess, the authors not considering the evil deeds I perform on yymmdda.log entries.

Bare me out on this, I once had software that ran a system, and every Thursday, without fail, it always did a full recalibration on every start up.  Since updates were issued on Fridays, I commented that it was just adding to our pressure, "as if it knew the day of the week"; it really was (and turned out to be) a day-of-the-week bug.  So, I've been right on more than one occasion.  Anything in common with the threads with cross indexing, such as day of the week, day of the month, time, especially if crossing midnight before the 57th reply? 

Another line would be to view the yymmdda.log files while you are making a normal reply.  In my v2.9.2 version, nothing is written until the Submit button is pressed, then either one or two files are modified or one modified and one new one created.  Is that still true with your version?  I ask because clearly one or two entry numbers have somehow already been "reserved" as if opened, but where?  That Autosave =0 looks to be a useful test to do.

Sorry I cannot be more help.  I'm not one of the development team, though I do have experience of (ab)using elog, and I'm a pretty rubbish coder as well.  but I do have some experience in bug finding!

David.

Frank Baptista wrote:

Hi David,

Well, you've made some very interesting observations, and raised some excellent questions.  So, I went back and did some homework, reviewing a number of logbooks to find instances where this strange 'record twist' occurs.  You had asked, "Do you have enough information to decided that this event always happens after x replies?" -- and to my surprise, indeed there was a magic number that I didn't expect to see.  The 57th reply to the original posting was always where the corruption began.  Mind you, we don't always get a corruption on the 57th reply -- most of the time, it works as expected. However, in all the cases where I saw this record twist, it was the 57th reply after the original posting. Go figure.

I also reviewed my elogd.cfg file to see how I handled drafts.  Currently, it does have the flag Save drafts = 0.  What I plan to try next, if only to satisfy my curiosity, is to also add Autosave=0.

I can't thank you enough for your time and feedback...very much appreciated!

Best regards,
Frank

 

David Pilgram wrote:

Hi Frank,

There are two interesting points about the log file. 

1.  Entry 5658 is timestamped later than 5659, but is earlier in the entry list.  It also is "In Reply to" 5659. despite 5659 having not been written (or at least timestamped) at the time that 5658 is.  Might this be a feature of the draft function?  I've not upgraded my elog for a long time now so my version doesn't have the feature - so I cannot test the idea of more than one entry being worked upon at the same time.

2.  Entry 5657 says it is "In Reply to" 5656, but entry 5656 does not reference 5657 in the "Reply to" line, as it should   Again, this might be a feature of the draft function

Could someone be confusing a draft entry with a real one?  Or two attempts to make an entry?

On the idea of large number of entries, elog doesn't handle deleting of a thread of more than 40 replies well - it crashes after deleting the 40th.  This leaves an orphan thread that causes other issues.  Do you have enough information to decided that this event always happens after x replies?

 

Frank Baptista wrote:

Hi David,

Thanks for the quick response!  Well, I'd have to say that the sequence is as tangled as it looks in the logbook -- I've attached a copy of the log file for your reading pleasure. 

This one is definitely a "head-scratcher" for me...it definitely seems like it is more prevalent on log entries with many replies.

Thanks,
Frank

David Pilgram wrote:

Hi,

I've had problems in the past due to a dodgy pointer creating branches despite a "No branches" in the configuration file.  It would be very interesting to see what the 200428a.log file looks li looks like with these entries: in the screenshot they appear to be shown in time order, but do the "Reply to" and "In reply to" liknes in each entry (in the .log file) show a linear progression through the entires, a branch a branch or indeed this same order as the screenshot.  If the duplicated entry sequential to 5657 (i.e 5658) then I would suspect something akin to my pointer's double click when I only made a single click, so fast that then second e second entry were created before the "No branches" checking part of the program had been reached.  Not so sure about such an event here unless entry 5658 were already open but not closed?

 

Regards,

David.

Frank Baptista wrote:

Hi all,

I've encountered an occasional problem that seems to be exacerbated by having a message with many replies.

In our use of ELOG, we run lengthy environmental tests (often several days) in multiple temperature chambers (one logbook for each chamber).  We document the start of the test with a log entry, and then periodically create replies -- first to the original log entry, and then to each successive reply (no branching allowed), in order to document how far along the test is.

What I'm seeing is an occasional "hiccup" in the order of records -- in the snapshot below, you can see that the record ID(s) go (in chronological order) ....5654, 5655, 56 5656, 5659, 5657, 5658, 5660, 5661....

Additionally, in this example, record ID# 5659 and record ID# 5657 are duplicates -- duplicate time stamp and duplicate text.

Has anyone else encountered this? 

Thanks,
Frank
 

 

 

 

 

 

 

 

  69192   Tue Aug 4 13:29:23 2020 Reply Stefan Rittstefan.ritt@psi.chBug reportLinux3.1.4-2Re: "New User" option does not work when Authentication=Webserver

Unfortunately I locallly don't have Webserver authentication, so I cannot check or debug. If you send me a diff that works for you, I'm happy to incorporate it.

Stefan

Jan Just Keijser wrote:

Our setup uses "Authentication=Webserver" + no automatic user registration. Thus, logbook admins should add a user by clicking "Config"  and then "New user". However, no matter what they fill in in the "new user " dialog, as soon as they hit "Save" an error pops up saying that their username (the admin one, not the new one) already exists. I found the following code:

int save_user_config(LOGBOOK * lbs, char *user, BOOL new_user)
{
   char file_name[256], str[256], *pl, user_enc[256], new_pwd[80], new_pwd2[80], smtp_host[256],
       email_addr[256], mail_from[256], mail_from_name[256], subject[256], mail_text[2000], str2[256],
       admin_user[80], url[256], error[2000], sid[32];
   int i, self_register, code, first_user;
   PMXML_NODE node, subnode, npwd; 

   /* if we outsourced the authentication, use external username */
   getcfg(lbs->name, "Authentication", str, sizeof(str));
   if (stristr(str, "Webserver")) {
      /* do not allow HTML in user name */
      strencode2(user_enc, http_user, sizeof(user_enc));
   } else {
      strencode2(user_enc, user, sizeof(user_enc));
   }

 

which seems to be the culprit:  the admin user is logged using his/her Webserver (http_user) credentials and this overrides anything that he/she might fill in.  If I remove the "Authentication" check then I can create a new user without problems.  So, how to fix this? should the "Authentication=Webserver" check be extended with a self/auto registration check?

 

 

  69191   Tue Aug 4 12:53:10 2020 Reply Stefan Rittstefan.ritt@psi.chBug reportLinux3.1.4Re: bug in elog.spec

@Laurent: can you please contact me privately?

Stefan

Laurent Jean-Rigaud wrote:

Btw, I sent in the past an update for build process of Stefan delivery to generate src.rpm file copatible to tarball version. I think Stefan did not have time yet to test and to check.

  69190   Mon Aug 3 13:25:50 2020 Reply Andreas Luedekeandreas.luedeke@psi.chQuestionWindowsELOG V3.1.4-a04Re: Search feature in ELOG

That question screams: please read the manual! Find command: https://elog.psi.ch/elog/userguide.html#browse

Some simple examples:
https://elog.psi.ch/elogs/Forum/?mode=threaded&reverse=0&reverse=1&npp=20&Subject=Search
https://elog.psi.ch/elogs/Forum/?mode=summary&reverse=0&reverse=1&npp=8&Subject=category
Illam Pakkirisamy wrote:

Hi,

Is there a search feature in ELOG.  Basically, we have the topics broken up by categories but within the categories we would like to search by a key word based on the subject to get to a specific topic.

Thanks.
Illam

 

  69189   Sun Aug 2 18:45:18 2020 Question Illam Pakkirisamyillam@senseeker.comQuestionWindowsELOG V3.1.4-a04Search feature in ELOG

Hi,

Is there a search feature in ELOG.  Basically, we have the topics broken up by categories but within the categories we would like to search by a key word based on the subject to get to a specific topic.

Thanks.
Illam

  69188   Sun Aug 2 09:06:46 2020 Reply Stefan Rittstefan.ritt@psi.chQuestionLinuxELOG V3.1.4-966Re: Missing log files when rsync to replacement server.

If nothing is specified elogd looks for logbooks in the current directory where it got started under ./logbooks/

No idea what happened to your 2020 logbook.

VUIIS SysAdmin wrote:

Thank-you. That is good information to have. 

What is the default if you you do not specify anything in elogd.cfg? I assume it is  /usr/local/elog otherwise it would not see the existing logbooks.

With a default Linux RPM install, where else would the logbooks be? Still looking for a 2020 directory on either server.

Bruce

Stefan Ritt wrote:

You can put your files where ever you want, just tell elogd where to find the elogd.cfg file via the "-c" flag. Then tell elogd where to find files in the elogd.cfg file via the "Logbook dir" and "Resource dir" directives.

Stefan

VUIIS SysAdmin wrote:

On the new server in the logbook that should have several 2020 entries it stops on the last entry of 2019.

On the old server after stopping elogd i get:

/usr/sbin/elogd -v 3

Cannot open "elogd.cfg": No such file or directory

Are the files supposed to be in /usr/local/elog or /usr/share/elog? I have both on the old server. I only synced /usr/local/elog to the new server. In any case the Logbook with 2020 entries does not show a 2020 directory.

My backup system also does not show any 2020 logbook directories. It was current up to this week when I started this process.

 

 

  69187   Sun Aug 2 02:57:59 2020 Reply VUIIS SysAdminvuiis-sysadmin@vumc.orgQuestionLinuxELOG V3.1.4-966Re: Missing log files when rsync to replacement server.

Thank-you. That is good information to have. 

What is the default if you you do not specify anything in elogd.cfg? I assume it is  /usr/local/elog otherwise it would not see the existing logbooks.

With a default Linux RPM install, where else would the logbooks be? Still looking for a 2020 directory on either server.

Bruce

Stefan Ritt wrote:

You can put your files where ever you want, just tell elogd where to find the elogd.cfg file via the "-c" flag. Then tell elogd where to find files in the elogd.cfg file via the "Logbook dir" and "Resource dir" directives.

Stefan

VUIIS SysAdmin wrote:

On the new server in the logbook that should have several 2020 entries it stops on the last entry of 2019.

On the old server after stopping elogd i get:

/usr/sbin/elogd -v 3

Cannot open "elogd.cfg": No such file or directory

Are the files supposed to be in /usr/local/elog or /usr/share/elog? I have both on the old server. I only synced /usr/local/elog to the new server. In any case the Logbook with 2020 entries does not show a 2020 directory.

My backup system also does not show any 2020 logbook directories. It was current up to this week when I started this process.

 

ELOG V3.1.4-80633ba