We have used ELog for some time now (within the IT industry) for several things (on-call tracking, after-hours work, knowledge base and a few other uses in development).  Now that we have a good base of data, we would like to do some trending analysis.  We have used Excel in the past for this, but it is rather time consuming.  Does anyone have recommendations for tools (hopefully open source) they have used?  I know nearly anything will since ELog uses flat files, but I'm looking for recommendations that you all know works well.

Hello,

   Thank you for such a great piece of software!

   When displaying the entries in a log book with Summary view, ELCode is not processed in 'Text'. I know there
is an option called 'Allow HTML", but is there something similar for decoding ELCode in the Summary 'Text' field?

Thank you again,
   - Dan

God really STRANGE and problematic effect on 2.5.5-1 (can't remember it this
was with 2.5.5 or 2.5.4-X but i'm nearly sure it worked well):

Entering a date (Formate Bithday = date) may crash down the server:
Value is 22.2.2004: Everything is well
Value is 22.2.1962: Server crashes emmediatly (menas restarzing several
times, always the same problem)

I do not have time to check true all the years for finding out where the
problem may beginn, sorry. Also I was not able to check on other systems
right now. My system: Win XP Pro SP 1, IE 6 as well as Mozilla Calssic 1.7.3. 

Didn't check it under Linux right know in case of a lot work.

Clould you this fix please Stefan???  THANK'X!!!

Hi,

I have an ELOG installation on a RedHat linux server, called myserver. I 
can connect to this server with the following entries in the elogd.cfg file:
   [global]
   URL=http://myserver:8080
This works fine. I can log in, select logbooks, edit/create entries etc. 
etc.

However, I want this connection to be encrypted. So I activate stunnel (v4) 
in such a way that stunnel listens to port 8081 and forwards to the 
("remote") port 8080, which is the "original" elog port. I change the URL= 
entry in de elogd.cfg file to URL=https://myserver:8081 in order to use the 
SSL encrypted connection.

At this time, when I connect to https://myserver:8081 I get the 
welcome/login screen, but when I enter the (correct) username and password, 
the elog program does not show the contents of the logbook buts shows the 
loginscreen again. If I enter a wrong username/password, I do get a correct 
error-screen. So it seems that the connection is correct, but there is some 
sort of problem in ELOG. Anyone who can give me a hand here?

Contribution available for all who wants to make SKIN for ELOG!

You are invited to benefit from this free info!

Just click on the "Contributions" tab to find the info (look for ID6).

Or... goto          http://midas.psi.ch/elogdemo/Contributions/6

To obtain the newest source code of ELOG, go to the CVS repository at

http://midas.psi.ch/cgi-bin/cvsweb/elog/src

It contains usually the newest bug fixes, which will show up in the next 
realease. On the other hand it can also contain some new features, which 
are not yet fully tested, so care should be taken when using it. The 
revision comments usually explain what is new in that revision.

Dear ELOG users,

It has been brought to my attention that ELOG has a vulnerability through
which one can obtain a remote shell (meaning to log in to your machine
through elog). There is even an exploit available which demonstrates that
both for linux and windows.

This is a severe security problem for all logooks which can be seen from
outside, even if they have password protection on. I strongly recommened to
upgrade to elog version 2.5.7 as soon as possible if you run a public elog
server.

Here is some explanation for the technically interested:

The problem arises from a strcpy() in the decode_post() routine, which
triggers a buffer overflow when attachment file names longer than 256
characters are submitted. I replaced (hopefully) all strcpy() with strlcpy()
to fix this problem, but if someone sees a location which I have missed,
please tell me.

The second vulnerability had to do with write passwords. If you put a "write
password = xxx" statement into your config file, it was still possible to
download the config file with a special hand-written URL, and decode the
write password, which is usually only base-64 encoded unless you haven't
compiled elog with the -DHAVE_CRYPT flag. I have changed that so if a write
password is present, the download is only possible when this password is
submitted in each request. If this has some effects on synchronizing of
logbooks, please let me know.

Stefan Ritt