msgs display is interpreting logfile as HTML.
list Ford Alan
Hi all, I am using Xymon 4.3.2 on RHEL5 I am monitoring a log file which has a lot of <...> combinations. It looks like Xymon is interpreting the contents of the logfile as HTML When it gets displayed to the screen I see this.. #### <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <> <> <> <1308183254039> but the actual log entry (and when I view source) shows this... ####<Jun 16, 2011 10:14:14 AM EST> <Info> <WliSbTransports> <soapro01.stanwell.com> <osb_ms01> <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <> <1308183254039> <BEA-381113> <File Market_Trading/DataTransfer/Barron_Process_Data_20110616_101406.csv renamed to 2008343281842716392-3dafdf91.130945f6a25.bb__Barron_Process_Data_20110616_101406.csv.Stage on the remote host barftp01 for the service endpoint ProxyService$Remote Operations Scada$Proxy Services$PollForBarronScadaFilePS> Thanks Alan Ford This email (including all attachments) may contain personal information and is intended solely for the named addressee. It is confidential and may be subject to legal or other professional privilege and any confidentiality or privilege is not waived or lost because this email has been sent to you by mistake. This email is also subject to copyright. No part of it should be reproduced, adapted or communicated without the written consent of the copyright owner. Any personal Information in this email must be handled in accordance with the Privacy Act 1988 (Cth). If you have received it in error, please let Stanwell Corporation Limited know by reply email, delete it from your system and destroy any copies. Stanwell is not responsible for any changes made to a document other than those made by Stanwell. Stanwell accepts no liability for any damage caused by this email or its attachments due to viruses, interference, interception, corruption or unauthorised access. If you have any doubts about the authenticity of an email purportedly sent by us, please contact us immediately. If this is a commercial electronic message within the meaning of the Spam Act 2003 (Cth), you may indicate that you do not wish to receive any further commercial electronic messages from Stanwell by emailing mailto:user-0c0f74357833@xymon.invalid...
list David Baldwin
Alan, You are correct - any embedded HTML tags do get presented verbatim back through the Xymon web interface. I dealt with this for a Windows event log processing test I wrote which was getting a similar issue with Blackberry server events. In fact any status message can include HTML (and many tests do by design). The msgs reporting can be in effect used as a XSS vector if the right kind of log message can trigger being displayed in the Xymon web interface. If a message is going to be embedded inside <PRE> tags it's probably worth quoting HTML entities along the way. David.
▸
Hi all,
I am using Xymon 4.3.2 on RHEL5
I am monitoring a log file which has a lot of <…> combinations.
It looks like Xymon is interpreting the contents of the logfile as HTML
When it gets displayed to the screen I see this..
#### <[ACTIVE] ExecuteThread: '1' for queue:
'weblogic.kernel.Default (self-tuning)'> <> <> <> <1308183254039>
but the actual log entry (and when I view source) shows this…
####<Jun16, 2011 10:14:14
AMEST><Info><WliSbTransports><soapro01.stanwell.com><osb_ms01><[ACTIVE] ExecuteThread:
'1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>>
<> <> <1308183254039>
<BEA-381113><FileMarket_Trading/DataTransfer/Barron_Process_Data_20110616_101406.csvrenamedto2008343281842716392-3dafdf91.130945f6a25.bb__Barron_Process_Data_20110616_101406.csv.Stageontheremotehostbarftp01fortheserviceendpointProxyService$RemoteOperationsScada$ProxyServices$PollForBarronScadaFilePS>
▸
Thanks
Alan Ford
This email (including all attachments) may contain personal information and is intended solely for the named addressee. It is confidential and may be subject to legal or other professional privilege and any confidentiality or privilege is not waived or lost because this email has been sent to you by mistake. This email is also subject to copyright. No part of it should be reproduced, adapted or communicated without the written consent of the copyright owner. Any personal Information in this email must be handled in accordance with the Privacy Act 1988 (Cth). If you have received it in error, please let Stanwell Corporation Limited know by reply email, delete it from your system and destroy any copies. Stanwell is not responsible for any changes made to a document other than those made by Stanwell. Stanwell accepts no liability for any damage caused by this email or its attachments due to viruses, interference, interception, corruption or unauthorised access. If you have any doubts about the authenticity of an email purportedly sent by us, please contact us immediately. If this is a commercial electronic message within the meaning of the Spam Act 2003 (Cth), you may indicate that you do not wish to receive any further commercial electronic messages from Stanwell by emailing mailto:user-0c0f74357833@xymon.invalid...--
David Baldwin - IT Unit Australian Sports Commission www.ausport.gov.au Tel 02 62147830 Fax 02 62141830 PO Box 176 Belconnen ACT 2616 user-cbbf693f2c89@xymon.invalid Leverrier Street Bruce ACT 2617 Keep up to date with what's happening in Australian sport visit http://www.ausport.gov.au This message is intended for the addressee named and may contain confidential and privileged information. If you are not the intended recipient please note that any form of distribution, copying or use of this communication or the information in it is strictly prohibited and may be unlawful. If you receive this message in error, please delete it and notify the sender.
list Ford Alan
So is there a easy way to "disable" this function for the logfiles?? or will I have to do something to preprocess the logs and strip out the <> ??
▸
From: David Baldwin [mailto:user-cbbf693f2c89@xymon.invalid]
Sent: Thursday, 16 June 2011 1:04 PM
To: FORD Alan
Cc: 'Xymon mailinglist'
Subject: Re: [Xymon] msgs display is interpreting logfile as HTML.
Alan,
You are correct - any embedded HTML tags do get presented verbatim back through the Xymon web interface. I dealt with this for a Windows event log processing test I wrote which was getting a similar issue with Blackberry server events.
In fact any status message can include HTML (and many tests do by design).
The msgs reporting can be in effect used as a XSS vector if the right kind of log message can trigger being displayed in the Xymon web interface. If a message is going to be embedded inside <PRE> tags it's probably worth quoting HTML entities along the way.
David.
Hi all,
I am using Xymon 4.3.2 on RHEL5
I am monitoring a log file which has a lot of <…> combinations.
It looks like Xymon is interpreting the contents of the logfile as HTML
When it gets displayed to the screen I see this..
#### <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <> <> <> <1308183254039>
but the actual log entry (and when I view source) shows this…
####<Jun 16, 2011 10:14:14 AM EST> <Info> <WliSbTransports> <soapro01.stanwell.com> <osb_ms01> <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <> <1308183254039> <BEA-381113> <File Market_Trading/DataTransfer/Barron_Process_Data_20110616_101406.csv renamed to 2008343281842716392-3dafdf91.130945f6a25.bb__Barron_Process_Data_20110616_101406.csv.Stage on the remote host barftp01 for the service endpoint ProxyService$Remote Operations Scada$Proxy Services$PollForBarronScadaFilePS>
Thanks
Alan Ford
This email (including all attachments) may contain personal information and is intended solely for the named addressee. It is confidential and may be subject to legal or other professional privilege and any confidentiality or privilege is not waived or lost because this email has been sent to you by mistake. This email is also subject to copyright. No part of it should be reproduced, adapted or communicated without the written consent of the copyright owner. Any personal Information in this email must be handled in accordance with the Privacy Act 1988 (Cth). If you have received it in error, please let Stanwell Corporation Limited know by reply email, delete it from your system and destroy any copies. Stanwell is not responsible for any changes made to a document other than those made by Stanwell. Stanwell accepts no liability for any damage caused by this email or its attachments due to viruses, interference, interception, corruption or unauthorised access. If you ha ve any doubts about the authenticity of an email purportedly sent by us, please contact us immediately. If this is a commercial electronic message within the meaning of the Spam Act 2003 (Cth), you may indicate that you do not wish to receive any further commercial electronic messages from Stanwell by emailing mailto:user-0c0f74357833@xymon.invalid... -- David Baldwin - IT Unit Australian Sports Commission www.ausport.gov.au<http://www.ausport.gov.au>; Tel 02 62147830 Fax 02 62141830 PO Box 176 Belconnen ACT 2616 user-cbbf693f2c89@xymon.invalid<mailto:user-cbbf693f2c89@xymon.invalid> Leverrier Street Bruce ACT 2617 Keep up to date with what's happening in Australian sport visit www.ausport.gov.au<http://www.ausport.gov.au>;
▸
This message is intended for the addressee named and may contain confidential and privileged information. If you are not the intended recipient please note that any form of distribution, copying or use of this communication or the information in it is strictly prohibited and may be unlawful. If you receive this message in error, please delete it and notify the sender.
list David Baldwin
Alan,
▸
So is there a easy way to "disable" this function for the logfiles?? or will I have to do something to preprocess the logs and strip out the <> ??
It is handled by xymond_client http://www.xymon.com/xymon/help/manpages/man8/xymond_client.8.html It looks like it would require a patch to the code. There is already some quoting in place for special characters in process listings. David.
*From:*David Baldwin [mailto:user-cbbf693f2c89@xymon.invalid]
▸
*Sent:* Thursday, 16 June 2011 1:04 PM
*To:* FORD Alan
*Cc:* 'Xymon mailinglist'
*Subject:* Re: [Xymon] msgs display is interpreting logfile as HTML.
Alan,
You are correct - any embedded HTML tags do get presented verbatim
back through the Xymon web interface. I dealt with this for a Windows
event log processing test I wrote which was getting a similar issue
with Blackberry server events.
In fact any status message can include HTML (and many tests do by design).
The msgs reporting can be in effect used as a XSS vector if the right
kind of log message can trigger being displayed in the Xymon web
interface. If a message is going to be embedded inside <PRE> tags it's
probably worth quoting HTML entities along the way.
David.
Hi all,
I am using Xymon 4.3.2 on RHEL5
I am monitoring a log file which has a lot of <…> combinations.
It looks like Xymon is interpreting the contents of the logfile as HTML
When it gets displayed to the screen I see this..
#### <[ACTIVE] ExecuteThread: '1' for queue:
'weblogic.kernel.Default (self-tuning)'> <> <> <> <1308183254039>
but the actual log entry (and when I view source) shows this…
####<Jun16, 2011 10:14:14
AMEST><Info><WliSbTransports><soapro01.stanwell.com><osb_ms01><[ACTIVE] ExecuteThread:
'1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>>
<> <> <1308183254039>
<BEA-381113><FileMarket_Trading/DataTransfer/Barron_Process_Data_20110616_101406.csvrenamedto2008343281842716392-3dafdf91.130945f6a25.bb__Barron_Process_Data_20110616_101406.csv.Stageontheremotehostbarftp01fortheserviceendpointProxyService$RemoteOperationsScada$ProxyServices$PollForBarronScadaFilePS>
Thanks
Alan Ford
This email (including all attachments) may contain personal information and is intended solely for the named addressee. It is confidential and may be subject to legal or other professional privilege and any confidentiality or privilege is not waived or lost because this email has been sent to you by mistake. This email is also subject to copyright. No part of it should be reproduced, adapted or communicated without the written consent of the copyright owner. Any personal Information in this email must be handled in accordance with the Privacy Act 1988 (Cth). If you have received it in error, please let Stanwell Corporation Limited know by reply email, delete it from your system and destroy any copies. Stanwell is not responsible for any changes made to a document other than those made by Stanwell. Stanwell accepts no liability for any damage caused by this email or its attachments due to viruses, interference, interception, corruption or unauthorised access. If you ha
ve any doubts about the authenticity of an email purportedly sent by us, please contact us immediately. If this is a commercial electronic message within the meaning of the Spam Act 2003 (Cth), you may indicate that you do not wish to receive any further commercial electronic messages from Stanwell by emailing mailto:user-0c0f74357833@xymon.invalid...
--
David Baldwin - IT UnitAustralian Sports Commission www.ausport.gov.au <http://www.ausport.gov.au>; Tel 02 62147830 Fax 02 62141830 PO Box 176 Belconnen ACT 2616 user-cbbf693f2c89@xymon.invalid <mailto:user-cbbf693f2c89@xymon.invalid> Leverrier Street Bruce ACT 2617 Keep up to date with what's happening in Australian sport visit www.ausport.gov.au <http://www.ausport.gov.au>;
▸
This message is intended for the addressee named and may contain
confidential and privileged information. If you are not the intended
recipient please note that any form of distribution, copying or use of
this communication or the information in it is strictly prohibited and
may be unlawful. If you receive this message in error, please delete
it and notify the sender.
-- David Baldwin - IT Unit Australian Sports Commission www.ausport.gov.au Tel 02 62147830 Fax 02 62141830 PO Box 176 Belconnen ACT 2616 user-cbbf693f2c89@xymon.invalid Leverrier Street Bruce ACT 2617