The webserver of which I am off-line analyzing the logs sits behind a proxy server. The IP addresses in the log file are not the ones from the clients but the ones from the hand full of proxy servers. This I cannot change. The parsing works well, but the number of "unique visitors" that GoAccess calculates is therefor not valid.
How can I eliminate that information from the html reports as it is misleading? I tried to hide the IP address from the analyzer with %^ instead of %h but that leads to an error.
I read the GoAccess manual but I can't find an option to ignore the unique visitors. GoAccess Version is 1.1.1.
Manny thanks in advance.
Related
I am looking to log all the unique hosts which have had any transaction with my Windows DNS Server.
I found that there is an option to log my DNS server transactions via the Set-DnsServerDiagnostics PS command.
However - it is quite heavy and I am not interested in most of the data there. I just care about the host name, for example www.google.com
I was wondering if there's an option to create a File pipe which consumes the log data, and filters it - resulting in a file which contains domain names only.
I saw that I could specify the file path with the -LogFilePath argument - it may help.
Any help / ideas will be appreciated!
I need the DNS suffix of all my local interfaces on my PC.
Is there way how I can achieve this via Go?
Best case would be for any OS
Necessary: working on Windows
I have tried net.Inferfaces() and all the net commands but I haven't found anything regarding the DNS server.
EDIT
I have found the solution for the Windows-specific version but it would be interesting if there is anything that works for Linux and macOS too.
I don't think there is a solution that work for any OS. In Linux the DNS suffix is not interface specific but system wide, it is configured in /etc/resolv.conf. Here is an excerpt from the man page:
search Search list for host-name lookup.
By default, the search list contains one entry, the local domain name. It is determined from the local hostname returned by gethostname(2); the local domain name is taken to be everything after the first '.'. Finally, if the hostname does not contain a '.', the root domain is assumed as the
local domain name.
This may be changed by listing the desired domain search path following the search keyword with spaces or tabs separating the names. Resolver queries having fewer than ndots dots (default is 1) in them will be attempted using each component of the search path in turn until a match is found.
For environments with multiple subdomains please read options ndots:n below to avoid man-in-the-middle attacks and unnecessary traffic for the root-dns-servers. Note that this process may be slow and will generate a lot of network traffic if the servers for the listed domains are not local, and
that queries will time out if no server is available for one of the domains.
If there are multiple search directives, only the search list from the last instance is used.
The net package standard library parses this file to get the DNS config, so the DNS resolver should behave as expected, however, the parsing functionality is not exposed.
The libnetwork.GetSearchDomains func in the libnetwork library should be able to help you out. If there are no search entries in /etc/resolv.conf, you should use the hostname, which can be gotten with the os.Hostname func.
I believe this also works for FreeBSD and Mac OS since they are both "UNIX like". But I am not 100% sure.
I have transferred domain name from https://www.onlydomains.com/ to aws Route53. Using name-server,it works most of the time, but sometime it will not be available for some time max 5 min.
I have tried using alias, it works for other domain which I have added alias to check it.
Probably your domain zone still in transfer, you could either use tools like drill/dig:
$ dig your-domain.tld ns
This will show the existing nameservers, but the same tool can be used for checking A records, example:
$ dig your-domain.tld +trace
The +trace option makes iterative queries to resolve the name being looked up. it helps to see what servers still using your old DNS provider.
Also, could be an issue with your own DNS, to check for example using google DNS servers you could use something like:
$ dig #8.8.8.8 your-domain.tld
Also, give a try to https://intodns.com/ to check more details
The task is to have an Oracle report generated daily, automatically, and e-mailed to a user.
So I've sort of got this working (it works if I hardcode one of the reports server names below).
I created a job on the database that will generate the report. I'm able to get the report to email as a PDF to the destination with this command:
UTL_HTTP.REQUEST('http://server/reports/rwservlet?server=specific_report_server &report='||p_report_name||'&userid='||p_connstring||'&destype=mail'||p_parameters||'&desname='||p_to_recipientlist||' &cc='||p_cc_recipientlist||'&bcc='||p_bcc_recipientlist||'&subject=%22' || REPLACE(p_subject,' ','%20') || '%22¶mform=no&DESformat=pdf&ENVID='||p_envid);
That works great...
The problem however is that my organization has two report servers that are load balanced. Our server team could take down one of the servers without really any warning, so I can't just hardcode the report server name (the ?server= parameter above) with one of the report server names because it will work for a while, then when that server goes down, it will stop working.
My server team asked me to look for a way to pull the server from the formsweb.cfg file or from default.env value within the job (there are parameters in there that hold the server name). The idea there is that the "http://server" piece will direct the report to be run on the appropriate server, and the first part of the job could get the reports server name from the config file that the report is run on. I'm not sure if this is possible from the database level, or how to do this. Any ideas?
Is there a better way that this can be done, perhaps?
If there are two load-balanced servers, that strongly implies that the network folks must have configured some sort of virtual IP (VIP) for the service. You (and everyone else) should be using that VIP rather than a specific server name.
For example, if you have two servers reportA.yourdomain.com and reportB.yourdomain.com, you would almost certainly create a VIP for reports.yourdomain.com that load balances between the two servers (and knows whether one of the servers is down or whether a new reportC server has been added). This VIP would either do the load balancing itself or would point to an actual physical load balancer that distributes the traffic. All applications would reference the reports.yourdomain.com VIP rather than any hard-coded server names.
I have a client machine which sends snmpinform.
In other machine i am running snmptrapd server.
I wanted to mention context engine id and authoritative engine id explicitly.
While sending command i can use -e for authoritative engine id, -E for context engine Id.
But, the problem is how can I mention these values in the snmptrad.conf
Snippet of snmptrapd.conf is
createUser -e 0x000006D70000000000000000 FMS
authUser log,execute,net FMS noauth
engineID 000006D7C0A800C800000000
My command for snmpinform is :
snmpinform -v 3 -d -n "" -l noAuthNoPriv -u FMS -E 0x000006D70000000000000000 -e 80001f8804303030303036443743304138303043383030303030303030 192.168.0.200 162 1.3.6.1.4.1.1751.2.119.1.1.1.0
The output is timeout(Error message came). Further investigations with wireshark showed, in the report it is giving both authoritative and context engine ids with same values.
I did try several work arounds without any use
Did not give -e option while sending snmpinform. It did discovery of authoritative engine Id and the output is still the same (Error message and timeout)
Did not give -E option. snmpinform: Unknown user name
obv: It seems to be completely different behavior. It is able to properly decode the context engine id and able to identify the user name. But, the report is with the different
context engine id.
Did not give -e option while creating user and while sending gave only -e(Authoritative engine id). Then it worked perfectly.
obv: Both the authoritative and context engine ids are same. So, it worked perfectly.
What should do if i want to mention both the engine ids in the conf file?
How can i give authoritative engine id in snmptrapd.conf file as hex number?. It expectes text string. What if i have non-printable characters.
Thanks for reading patiently :-)
I think -3e for (security) engine ID and -3E for context engine ID should do the trick for snmptrapd.conf. I found these in the net-snmp source in snmplib/snmpv3.c:150 for reference, not really sure if they are documented.
I think that is what you're asking for? You may need to play with the net-snmp source and step through things if snmptrapd doesn't behave correctly.