I have a logbook installed on a Windows 64 bit VM server 2008 R2 and can access it fine using the password file.  However when using Kerberos it does not authenticate correctly.  I installed Kerberos and pointed it to the realm an domain controller.  Using KINIT command line it appears to accept my password.  Any help is appriciated.  Perhaps some other diagnostics i could try against the kerberos install

Here is global settings:

port = 49212

ssl = 1 

url = https://my-elog.domain.com:49212/

Authentication = Kerberos, file

Kerberos Realm = DOMAIN.COM

Admin User = me

Max content length = 10485760

Password file = pw.txt

Allow password change = 1  (perhaps this is an issue???)

Also...when adding users to the logbook, do you leave the password blank if using Kerberos?

You can leave the password just blank.

The "Allow password change = 1" does not make any difference. It works here even with this option.

So I have no idea why you have that problem. Does it work on another computer, i.e. is it related to the 64 bit VM machine?

Best regards,
Stefan 

The kerberos install, installed the Network Identity Manager and placed krb5 config in my windows directory.  Can a server run lsass.exe only?   or does the krb5 config file and Network Identity Manager need to be on the server?

 Installed both on a Windows 2003 R2 server (32bit) and Kerberos not authenticating, yet gievs me a ticket thru kinit.

Hello folks,

Can we have a better support under modern Linux distributions?

I'm trying to install elog in our webserver and it's becoming a boring task. First of all theres only RPM packages. And we really don't like the Red Hat method, so we use Debian Servers. More package mainteners would be nice.

The software appears to be working correctly, but there are some bugs (or perhaps missing dependencies?); the init script put in /etc/rc.d/init.d is broken under Debian:

First of all because it's in /etc/rc.d.

The second problem is in this line:

# Source function library.

#. /etc/rc.d/init.d/functions

The file doesn't even exists.

The third problem is the echo_success; echo_failure commands that doesn't even exist. As I can see it's definitions are sourced in the functions file that doesn't exist.

After removing this missing commands or files from the init.d; I can call elogd script and start the daemon under root. Appears to be working...

And last but not least; there's a way to standardize the init script to run in other Linux distros, so we can put it to start automatically at boot time?

Many thanks in advance,

Vinícius Ferrão 

PS: I'm not asking to support any creepy distros, but to support the .deb package format and system style.

I'm not using Debian so I cannot give support there. There was some Debian support a few years ago, but the maintainer has gave this up. If you find someone who volunteers to do the job (yourself?) I'm happy to include the Debian specific files in the distribution. 

Stefan

I'm not of the skill level to help, but for what its worth, running Ubuntu 12.04, used alien to install the latest RPM with only two little snags. I had to create a link from libssl.so.1.0.0 to libssl.so.6, which is a trick I've pulled with other software, not sure what the proper fix is. I also had to make similar changes to the init script.

The Debian init script contributed here has been working quite well for me for the last few Ubuntu versions. Unless you edit it, it sets the elog base directory to /etc  so that's where you have to put your themes dir, resources, .conf file, scripts, logbooks, etc. I use symlinks to actually store my logbooks elsewhere.

I would also vote for a sane deb package. Right now, when I upgrade ELOG, I don't even run make install, I just copy the compiled binaries to their respective directories (/usr/bin or /usr/sbin). The rest stays the same.

Hi Louis,

I'm a little surprised by your comment that you use symlinks 'to store your logbooks elsewhere'.

I start the daemon with

 /usr/local/sbin/elogd -p 8080 -c /home/logbooks/elogd.cfg -d /home/logbooks

so that both my logbooks *and* the config file are both based on my preferred location, which is a subdirectory of /home.  No symlinks  OK, themes are elsewhere, but for backup purposes, that's a rather lesser issue. 

I have no idea why the default logbook location is /usr/local/elog/logbooks which does not strike me as a sensible location (at least on Slackware).  Maybe such an odd location was to force users to choose a better location...(the -d switch).

To all:

I use Slackware (currently 13, I hear there are some issues with 14 for programs I wish use), and I compile from the sources.  Usually from random svn versions as a general pain-in-the-neck for Stefan.  I've never had to make a [Slackware] package for distribution - I have issued patches and/or source distribution, depending on your point of view.  If someone can provide the advice, I'd certainly try and do a Slackware distribution, but I do have Real Work to do as well, so it may not be done immediately.  I think Ubuntu is fairly close to Slackware, not sure about Debian, which I *thought* was close to Red Hat.

Now I *do* understand what some of the other contributors to this thread are doing, as I do something similar for other programs that are now unmaintained and no longer compile with GCC4 or earlier.  The email program I use is a ten-year-old binary & libraries I compiled under Slackware 7 (if not, 4), and I copy the relivent binaries, libraries and dependances across when I upgrade the o/s.  Yes, one day it will fall down.  Three other programs I regularly use are similarly now 'legacy'.  My 'C' coding isn't up to the major changes apparently needed to allow them to compile again with a modern compiler.
 

Hello,

I am currently using ELOG as a daily logbook for work performed for customers.  This is a critical tool and process for 1. Showing customers work history 2. having a searchable knowledge base for future reference.  

Currently, I will create a new log entry, assign the customer using a custom ROPTION in my elog.conf.  This process all works fine, mostly, except I run into the following obstacles (that are all human related.)

1. Many days, there are no log entries to be created for a PARTICULAR customer, and other days there are no long entries to be created for ANY customer.

2. Many days when there is a log entry to be created, it's created by me much later then when the work was performed.  For example, I do a bunch of work Tuesday and Wednesday, but I don't have time to enter all my entries until Thursday.  

2A. In this case, I have to manually go back and edit the log entries with text-editor to adjust the times, dates, and such.

2B. In this case, I have log files with a file-name of THURSDAY (042513a.log) for work entries done on Tues and Wed, so I have to go back and rename the log files for consistency sake (mv 042513a.log 042313a.log).  ** I know this is not a requirement of the program, but I like to have the log filenames consistent with the dates contained in them.

All these I admit are human error -- but as a small business owner, I just can't always get to the log entries every day.

To overcome this, the manual solution would: at the beginning of each day, create a new log entry -- regardless of work to be performed and updated later.  This would serve as sort of a place holder.

However, I can't commit myself to always create a log entry for every day either.  Again, human error.

Is what I would like to be able to do is create a new log entry, every single day, automatically.  I would then have a growing log dir of daily log entries (files) for ever day of the week, most blank but some would then contain data that I enter later-- either at the end-of-day or on a day I have downtime and can commit to administrative work.

My thought is I could probably schedule a cron job do to this, but i'm not completely sure how I would go about auto-populating the incremental ID's, dates, etc.  Second, I don't know if there is a way to do this within ELOG itself, or if there is a built-in mechanism that already covers this.

Has anyone run into this, or solved this problem, or can someone kindly point me in the right direction or how I can implement the daily auto creation of logs?

Thank you very much in advance!

 Hi,

My email configuration is a little complicated as all emails must be relayed to a central server with TLS authentication. 

So far I've been unable to get the ELOG to work with email, after numerous attempts .  I have got exim4 working on this machine but I don't understand how the elog sends emails well enough, to configure it to recognise and use exim4.  Setting localhost/ my domain/ IP  (and variations) under 'smtp host' doesn't work. (cannot connect to server)

The most interesting error I have been able to get is:

"AUTH command used when not advertised"

or

"Unrecognized authentication type"

Any advice?

Not much. ELOG uses plain SMTP to port 25, but does not support TLS internally. From your error messages above it looks like exim4 (which I never used) uses a different authentication scheme than ELOG supports. ELOG dos a "AUTH LOGIN" which is described for example here:

http://www.fehcom.de/qmail/smtpauth.html

Maybe you can try authentication completely off (remove "SMTP username" from elogd.cfg) ?

/Stefan

Hi there,

Here's a bit of a special scenario. There's no server-side check the user is logged in upon posting, but it rather seems the server relies on the post data sent from the form.

An example of this can be triggered on a write restricted elog, by hitting on New and logging out in another tab. Then posting, from the first tab, will post as if the user was logged on. Hitting back and posting again also works.

Cheers

Yes the credentials are stored in the form where you enter your text. This has following reason: In a shared environment (several people sitting around a computer) we want to identify who submits an elog entry, but not bother the person to enter his/her password every few minutes. So in our experiment I set the time-out to 15 min, meaning after 15 minutes of inactivity a user gets logged out. If the user accesses ELOG every ten minutes or so, he/she stays logged in for a whole shift, which is what you want. Now the problem is that one starts an elog entry, waits twenty minutes, then wants to submit it, but you are bought back to the login screen and your entry is gone. Therefore I store the credentials (encrypted) in the form, so that the form can even be submitted after 20 minutes. Users at our lab are pretty happy with this solution.

In fact there is no way you can 100% ensure that the logged in user submits an entry without asking for his/her password during the submit. Even if the time span above is only very short, it still can happen that someone starts an entry, leaves the room, and someone else submits it. So people got used to the good practice not to leave any unfinished elog entry open when they go or leave the browser (to another tab for example). If I would implement to password request during the submit, there would be two problems: 1) Users will heavily complain and 2) I have to store the form data temporary (together with some optional attachments) on the server side, start a password query, and only if that succeeds submit the entry. This is somehow complicated to implement since I cannot use the normal elog database. Then I have to care about dangling entries (like if the password was wrong I should delete the temporary data???) and so on.

I plan for the future a kind of "draft" mode, where entries can be stored as "drafts" (like in most email systems). You get an auto-save every few minutes, and can work on the draft before actually submitting it. In that case your password query could be implemented more easily. But implementing the draft mode needs a change of the database system, so I have to find time to do that.

Best regards,

Stefan 

Hi,

Is it possbile to compare dates in E-log?

And based on that calculation have conditonal formats on certain attributes.

We have a need to monitor a date attribute named "Preferred finished date" on records placed in E-log.

And if SYSDATE is greater than the "Preferred finished date" we want to mark certain attibutes with a color.

Regards
/UlfO

This is a good idea, but not implemented. I will put this on the wishlist.

/Stefan 

 Please add my vote for this on the wishlist.

Thanks

 Give it a vote from me.

The instructions for securing elogd using an SSL proxy are incomplete.
http://midas.psi.ch/elog/adminguide.html#secure
http://midas.psi.ch/elogs/contributions/11

If you follow these instructions, elogd will still listen for and accept non-SSL connections on it's own TCP port bypassing the SSL proxy.

(True, the elogd TCP port number is somewhat secret, so there is some security-by-obscurity here).

To secure the elogd TCP port against connections that bypass the SSL proxy, elogd has to be started
with the "-n localhost" command line options.

To add this option, one has to edit /etc/init.d/elogd. I do not know if this change will be lost when the elog rpm package is updated.

It would be better if this option could have been specified through elogd.conf.

The "-n" command line option is not documented here
http://midas.psi.ch/elog/adminguide.html#config
but is visible if you run "elogd -h".

P.S. Even with "-n localhost", users of the local machine can bypass the SSL proxy.

K.O.

> The instructions for securing elogd using an SSL proxy are incomplete.
> http://midas.psi.ch/elog/adminguide.html#secure
> http://midas.psi.ch/elogs/contributions/11
> 
> If you follow these instructions, elogd will still listen for and accept non-SSL connections on it's own TCP port bypassing the SSL proxy.
> 
> (True, the elogd TCP port number is somewhat secret, so there is some security-by-obscurity here).
> 
> To secure the elogd TCP port against connections that bypass the SSL proxy, elogd has to be started
> with the "-n localhost" command line options.
> 
> To add this option, one has to edit /etc/init.d/elogd. I do not know if this change will be lost when the elog rpm package is updated.
> 
> It would be better if this option could have been specified through elogd.conf.
> 
> The "-n" command line option is not documented here
> http://midas.psi.ch/elog/adminguide.html#config
> but is visible if you run "elogd -h".
> 
> P.S. Even with "-n localhost", users of the local machine can bypass the SSL proxy.
> 
> K.O.

I added the option "interface" to the config file. So you could do

[global]
...
interface = localhost


It was not there originally since most people who care about security use a firewall. The firewall (either locally or one another machine), opens only port 443 for the secure connection and 
not the non-secure one (typically 80 or 8080). This way this has not been an issue in the past. As you guessed correctly the -n option would be overwritten by an rpm package update, so 
that's why I added the "interface" option.

After entering a new user and activating it in ELOG, the new user receives an email.

The link does not work because the port number is repeated in the link (see below)

In the Global part of the elogd.ini we have added the port:

port = 8080



Maybe I am overlooking something, any suggestions are very much appreciated!



Thanks!

Ron



- - - - - -



Email Subject: Your ELOG account has been activated



Email Body:



Your ELOG account has been activated on host eloghost:8080.



You can access it at http://eloghost:8080:8080/logbookname/?unm=newuser.



To subscribe to any logbook, click on 'Config' in that logbook.

> After entering a new user and activating it in ELOG, the new user receives an email.
> The link does not work because the port number is repeated in the link (see below)
> In the Global part of the elogd.ini we have added the port:
> port = 8080
> 
> Maybe I am overlooking something, any suggestions are very much appreciated!
> 
> Thanks!
> Ron
> 
> - - - - - -
> 
> Email Subject: Your ELOG account has been activated
> 
> Email Body:
> 
> Your ELOG account has been activated on host eloghost:8080.
> 
> You can access it at http://eloghost:8080:8080/logbookname/?unm=newuser.
> 
> To subscribe to any logbook, click on 'Config' in that logbook.

I just tried myself and got:



Your ELOG account has been activated on host localhost:8080.

You can access it at http://localhost:8080/Demo/?unm=midas.

To subscribe to any logbook, click on 'Config' in that logbook.



I used following config:

[global]
Port = 8080
Password file = passwd
SMTP host = xxx
Self register = 3
Admin user = stefan
 
[Demo]
Attributes = Type, Subject, Author


So something in your config file must be different. Can you find out what it is?

/Stefan

Hi Stefan, thank you very much for having a look at this :-)



Here is the config file we use. Seems okay to me, but I may be overlooking something.





[global]

port = 8080

SMTP host = localhost

Self register= 0

Display Email recipients = 0

Use Email Subject = [ELOG - $logbook]

Date format = %a %d-%b-%Y %H:%M

Default encoding = 1

Allowed encoding = 1



[MYLOGBOOK]

Theme = default

Comment = My logbook

Password file = passw_mylogbook.pwd

Admin user = admin,user1,user2,user3

Self register= 3

Menu commands = List, New, Edit, Reply, Duplicate, Find, Config, Logout, Help

Attributes = Author, Type, Category, Subject, ServerNaam

Preset Author = $long_name

Options Type = Opt01, Opt02, Opt03, Opt04, Opt05

Options Category = Cat01, Cat02, Cat03, Cat04, Cat05, Cat06, Cat07

MOptions ServerNaam = Server01

Preset ServerNaam = Server01

Required Attributes = Author, Type, ServerNaam

Page Title = ELOG - $subject

Reverse sort = 1

Quick filter = Date, Type, ServerNaam