I am working on logalyze, there is very limited documentation for this tool.
I have done most of the things, but I am not able to add alerts.
Following is a sample xml file for event definition
<?xml version="1.0" encoding="UTF-8"?>
<tns:definitions xmlns:tns="http://logalyze.com" xmlns:xsi="http://www.w3.org /2001/XMLSchema-instance" xsi:schemaLocation="http://logalyze.com http://repository.logalyze.com/logalyze-definitions-1.0.xsd ">
<tns:eventdef version="1" id="a4151076-152c-11e1-91a4-0018de9d251b">
<tns:name>Critical event Mod Sec</tns:name>
<tns:description>Mod Sec</tns:description>
<tns:vendor>LOGalyze</tns:vendor>
<tns:group></tns:group>
<tns:rule>SingleWithThreshold</tns:rule>
<tns:criteria>
<tns:criterion>
<tns:field>_tag</tns:field>
<tns:operator>=</tns:operator>
<tns:value>mod_sec_warn</tns:value>
</tns:criterion>
</tns:criteria>
<tns:desc>3 login failures within 1m for user ${user_name}</tns:desc>
<tns:window>60</tns:window>
<tns:thresh>3</tns:thresh>
<tns:actions>
<tns:action type="event">
<tns:prop>
<tns:key>field:msg</tns:key>
<tns:value>3 login failures within 1m for user ${user_name}</tns:value>
</tns:prop>
<tns:prop>
<tns:key>field:user_name</tns:key>
<tns:value/>
</tns:prop>
<tns:prop>
<tns:key>field:loghostname</tns:key>
<tns:value/>
</tns:prop>
<tns:prop>
<tns:key>field:_priority</tns:key>
<tns:value>high</tns:value>
</tns:prop>
</tns:action>
</tns:actions>
</tns:eventdef>
</tns:definitions>
Thanks
Infosec.pk
So I should enhance the documentation of this :-)
You have one Action with type "event". This generates an artificial log entry, with logtype event with the field nem/value pairs in the prop list (msg, user_name, loghostname, _priority).
This type of log than can be searched and can be an input of any other event definition.
To send an alert you have to use action type "mail".
Properties of "mail" action are:
to: email address
subject: Defaule value is: 'LOGalyze alert'
The content of mail body will be generated by LOGalyze, currently you cannot modify it.
Related
Getting a pull from a Saas API that sends unformatted XML. Need to pull the first and last names out of each element to send to another application.
I haev tried numerous things in Power Automate but they all error out due to the XML not having a parent node.
<Request ID="19131795" Status="Approved">
<TimeOffDate>2023-02-14</TimeOffDate>
<TimeOffDayOfWeek>Tuesday</TimeOffDayOfWeek>
<TimeStart></TimeStart>
<TimeEnd></TimeEnd>
<TimeOffHours>8.000</TimeOffHours>
<TimeOffTypeName>Maternity Leave</TimeOffTypeName>
<EmployeeID>646028926148N</EmployeeID>
<LoginID>Marie</LoginID>
<Firstname>Marie-Eve</Firstname>
<Lastname>B</Lastname>
<UserCategory>Software Development</UserCategory>
<SubmittedDate>2022-03-11</SubmittedDate>
<Deducted>Yes</Deducted>
<Comment>time-off request created by administrator</Comment>
</Request>
<Request ID="21301056" Status="Approved">
<TimeOffDate>2023-02-14</TimeOffDate>
<TimeOffDayOfWeek>Tuesday</TimeOffDayOfWeek>
<TimeStart>2023-02-14T13:00:00</TimeStart>
<TimeEnd>2023-02-14T17:00:00</TimeEnd>
<TimeOffHours>4.000</TimeOffHours>
<TimeOffTypeName>Paid Time Off - Salary</TimeOffTypeName>
<EmployeeID>FRM992097</EmployeeID>
<LoginID>Robert</LoginID>
<Firstname>Bobby</Firstname>
<Lastname>D</Lastname>
<UserCategory>Information Technology</UserCategory>
<SubmittedDate>2023-01-06</SubmittedDate>
<Deducted>Yes</Deducted>
<Comment></Comment>
</Request>
<Request ID="21324804" Status="Approved">
<TimeOffDate>2023-02-14</TimeOffDate>
<TimeOffDayOfWeek>Tuesday</TimeOffDayOfWeek>
<TimeStart></TimeStart>
<TimeEnd></TimeEnd>
<TimeOffHours>8.000</TimeOffHours>
<TimeOffTypeName>NL Parental Leave 1</TimeOffTypeName>
<EmployeeID></EmployeeID>
<LoginID>Kamila</LoginID>
<Firstname>Kamila</Firstname>
<Lastname>K</Lastname>
<UserCategory>NL Customer Service</UserCategory>
<SubmittedDate>2023-01-09</SubmittedDate>
<Deducted>Yes</Deducted>
<Comment>time-off request created by administrator</Comment>
</Request>
I have tried the following xpath filters.
'/Firstname|/Lastname')
'Firstname|Lastname')
I am trying to make the DeliverToCompID (tag128) mandatory on NewOrderSingle Message. I am able to send the message from Banzai with tag128 present, but still getting this --> 58=Required tag missing371=128 error message.
I have declared the DeliverToCompID (tag128) value in the config file
[session]
SocketConnectPort=9878
DeliverToCompID=FIXIMULATOR3
SenderCompID=BANZAI
TargetCompID=FIXIMULATOR
and in Banzai Application I am fetching the value from the config and setting it in the message.
String tag128 = settings.getString(sessionID,"DeliverToCompID");
System.out.println("tag 128 "+tag128);
message.getHeader().setField(new DeliverToCompID(tag128));
and I am sending a NewOrderSingle Message, and TAG 128 is present in the logs of both the banzai(sender) and fiximulator(acceptor) application.
BANZAI LOG <20221111-05:28:39, FIX.4.2:BANZAI->FIXIMULATOR, outgoing> (8=FIX.4.29=15435=D34=749=BANZAI52=20221111-05:28:39.66056=FIXIMULATOR128=FIXIMULATOR311=166814451964721=138=256340=154=155=AAA59=060=20221111-05:28:39.65810=238)
FIXIMULATOR LOG <20221111-05:28:39, FIX.4.2:FIXIMULATOR->BANZAI, incoming> (8=FIX.4.29=15435=D34=749=BANZAI52=20221111-05:28:39.66056=FIXIMULATOR128=FIXIMULATOR311=166814451964721=138=256340=154=155=AAA59=060=20221111-05:28:39.65810=238)
But I am getting this :: <20221111-05:28:39, FIX.4.2:FIXIMULATOR->BANZAI, event> (Message 7 Rejected: Required tag missing:128)
<20221111-05:28:39, FIX.4.2:FIXIMULATOR->BANZAI, outgoing> (8=FIX.4.29=12635=334=749=FIXIMULATOR52=20221111-05:28:39.66456=BANZAI115=FIXIMULATOR345=758=Required tag missing371=128372=D373=110=084)
I have used custom FIX42.xml file
<message name="NewOrderSingle" msgtype="D" msgcat="app">
<field name="DeliverToCompID" required="Y"/>
and in the FIXIMLATOR config I have made
ValidateIncomingMessage=Y
DataDictionary=config/FIX42.xml
UseDataDictionary=Y
I'm having problems using the EC2 connector with filters for DescribeInstances. Specifically, I'm trying to find all instances that have the tag "classId" set.
I've also tried to find all instances that have the classId tag with specific string, e.g. "123".
Below are the XMLs of the describeInstance for both scenarios.
tag-key ------
<ec2:describe-instances doc:name="Describe instances" doc:id="ca64b7d4-99bb-4045-bbb4-16c0c27b1df5" config-ref="Amazon_EC2_Configuration">
<ec2:filters>
<ec2:filter name="tag-key" values="#[['classId']]">
</ec2:filter>
</ec2:filters>
</ec2:describe-instances>
tag:classId:----
<ec2:describe-instances doc:name="Describe instances" doc:id="ca64b7d4-99bb-4045-bbb4-16c0c27b1df5" config-ref="Amazon_EC2_Configuration">
<ec2:filters>
<ec2:filter name="tag:classId">
<ec2:values >
<ec2:value value="#['123']" />
</ec2:values>
</ec2:filter>
</ec2:filters>
</ec2:describe-instances>
Each time I receive an error like the following (for tag:classId):
ERROR 2021-03-29 08:32:49,693 [[MuleRuntime].uber.04: [ec2-play].ec2-playFlow.BLOCKING #1092a5bc] [processor: ; event: df5e2df0-908a-11eb-94b5-38f9d38da5c3] org.mule.runtime.core.internal.exception.OnErrorPropagateHandler:
********************************************************************************
Message : The filter 'null' is invalid (Service: AmazonEC2; Status Code: 400; Error Code: InvalidParameterValue; Request ID: 33e3bbfb-99ea-4382-932f-647662810c92; Proxy: null)
Element : ec2-playFlow/processors/0 # ec2-play:ec2-play.xml:33 (Describe instances)
Element DSL : <ec2:describe-instances doc:name="Describe instances" doc:id="ca64b7d4-99bb-4045-bbb4-16c0c27b1df5" config-ref="Amazon_EC2_Configuration">
<ec2:filters>
<ec2:filter name="tag:classId">
<ec2:values>
<ec2:value value="#['123']"></ec2:value>
</ec2:values>
</ec2:filter>
</ec2:filters>
</ec2:describe-instances>
Error type : EC2:INVALID_PARAMETER_VALUE
FlowStack : at ec2-playFlow(ec2-playFlow/processors/0 # ec2-play:ec2-play.xml:33 (Describe instances))
(set debug level logging or '-Dmule.verbose.exceptions=true' for everything)
********************************************************************************
NOTE: The code works without a filter, returning all instances. But, that isn't what I want or need. The more filtering I can do the faster the response.
Does anyone have samples of the filter option working? Can you tell me what I'm doing wrong?
Thanks!
This surely is a bug. I tried the same and it was not working for me as well. I enabled debug logging and found that the connector is not sending the filter.1.Name=tag:classId as a query parameter in the request. Here is the debug log that I found. (Notice there is no filter.1.Name=tag:classId in the query string)
DEBUG 2021-04-02 21:55:17,198 [[MuleRuntime].uber.03: [test-aws-connector].test-aws-connectorFlow.BLOCKING #2dff3afe] [processor: ; event: 91a34891-93d0-11eb-af49-606dc73d31d1] org.apache.http.wire: http-outgoing-0 >> "Action=DescribeInstances&Version=2016-11-15&Filter.1.Value.1=123"
However, I tried to use the Expression or Bean Reference option and set the expression directly as [{name: 'tag:classId', values:['123']}] like this:
and it worked correctly. Here is the same debug log after this change
DEBUG 2021-04-02 21:59:17,198 [[MuleRuntime].uber.03: [test-aws-connector].test-aws-connectorFlow.BLOCKING #2dff3afe] [processor: ; event: 91a34891-93d0-11eb-af49-606dc73d31d1] org.apache.http.wire: http-outgoing-0 >> "Action=DescribeInstances&Version=2016-11-15&Filter.1.Name=tag%3AclassId&Filter.1.Value.1=123"
Also, I want to point out very weird behaviour, this does not work if you try to format [{name: 'tag:classId',values: ['123']}] across multiple lines in the expression and will give an error during deployment.
Using Websphere Commerce V7, FP6, FEP5.
I am attempting to do an update to our catalog using the ChangeCatalogEntry web service. I am able to update a single product just fine. My problem is that any additional CatalogEntry nodes are completely ignored. It appears to process only the first CatalogEntry node it finds. I am using SoapUI to submit the requests. Here is a sample that I am attempting to submit. In this example part number p_MAT153 is updated but p_MAT203 and p_MAT185 are not. Is the webservice designed to only update a single product per message?
<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<soapenv:Header>
<wsse:Security soapenv:mustUnderstand="1">
<wsse:UsernameToken>
<wsse:Username>
wcs_sonic
</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">
passw0rd
</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</soapenv:Header>
<soapenv:Body>
<ChangeCatalogEntry xmlns:udt="http://www.openapplications.org/oagis/9/unqualifieddatatypes/1.1"
xmlns:_wcf="http://www.ibm.com/xmlns/prod/commerce/9/foundation"
xmlns="http://www.ibm.com/xmlns/prod/commerce/9/catalog"
xmlns:oa="http://www.openapplications.org/oagis/9"
xmlns:clmIANAMIMEMediaTypes="http://www.openapplications.org/oagis/9/IANAMIMEMediaTypes:2003"
xmlns:oacl="http://www.openapplications.org/oagis/9/codelists"
xmlns:clm54217="http://www.openapplications.org/oagis/9/currencycode/54217:2001"
xmlns:clm5639="http://www.openapplications.org/oagis/9/languagecode/5639:1988"
xmlns:qdt="http://www.openapplications.org/oagis/9/qualifieddatatypes/1.1"
xmlns:clm66411="http://www.openapplications.org/oagis/9/unitcode/66411:2001"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.ibm.com/xmlns/prod/commerce/9/catalog C:/Users/SteveS/MuleStudio/workspace/shapeitdeltaupdates/src/main/resources/WebContent/component-services/xsd/OAGIS/9.0/Overlays/IBM/Commerce/BODs/ChangeCatalogEntry.xsd"
releaseID="9.0"
versionID="7.0.0.0">
<oa:ApplicationArea xsi:type="_wcf:ApplicationAreaType">
<oa:CreationDateTime>2013-04-29T15:38:19.173-04:00</oa:CreationDateTime>
<_wcf:BusinessContext>
<_wcf:ContextData name="storeId">10651</_wcf:ContextData>
<_wcf:ContextData name="catalogId">10051</_wcf:ContextData>
</_wcf:BusinessContext>
</oa:ApplicationArea>
<DataArea>
<oa:Change>
<oa:ActionCriteria>
<oa:ActionExpression actionCode="Change" expressionLanguage="_wcf:XPath">/CatalogEntry[1]/Description[1]</oa:ActionExpression>
</oa:ActionCriteria>
</oa:Change>
<CatalogEntry>
<CatalogEntryIdentifier>
<_wcf:ExternalIdentifier ownerID="7000000000000000601">
<_wcf:PartNumber>p_MAT153</_wcf:PartNumber>
<_wcf:StoreIdentifier>
<_wcf:UniqueID>10551</_wcf:UniqueID>
</_wcf:StoreIdentifier>
</_wcf:ExternalIdentifier>
</CatalogEntryIdentifier>
<Description language="-1">
<Name>Absorbent Pants Roll</Name>
<ShortDescription> universal XSMP133</ShortDescription>
<LongDescription>These are my pants.</LongDescription>
<Attributes name="auxDescription1">I need an aux description</Attributes>
</Description>
</CatalogEntry>
<CatalogEntry>
<CatalogEntryIdentifier>
<_wcf:ExternalIdentifier ownerID="7000000000000000601">
<_wcf:PartNumber>p_MAT203</_wcf:PartNumber>
<_wcf:StoreIdentifier>
<_wcf:UniqueID>10551</_wcf:UniqueID>
</_wcf:StoreIdentifier>
</_wcf:ExternalIdentifier>
</CatalogEntryIdentifier>
<Description language="-1">
<Name>Absorbent Mat Roll</Name>
<ShortDescription> universal XSMP133</ShortDescription>
<LongDescription>These are not my pants. These are your pants.</LongDescription>
<Attributes name="auxDescription1">These pants should be washed regularly.</Attributes>
</Description>
</CatalogEntry>
<CatalogEntry>
<CatalogEntryIdentifier>
<_wcf:ExternalIdentifier ownerID="7000000000000000601">
<_wcf:PartNumber>p_MAT185</_wcf:PartNumber>
<_wcf:StoreIdentifier>
<_wcf:UniqueID>10551</_wcf:UniqueID>
</_wcf:StoreIdentifier>
</_wcf:ExternalIdentifier>
</CatalogEntryIdentifier>
<Description language="-1">
<Name>Pants on a Roll</Name>
<ShortDescription> universal XSMP133</ShortDescription>
<LongDescription>A roll of pants. Genuius. </LongDescription>
<Attributes name="auxDescription1">Still more pants. Need a different aux description.</Attributes>
</Description>
</CatalogEntry>
</DataArea>
</ChangeCatalogEntry>
</soapenv:Body>
</soapenv:Envelope>
The answer turned out to be in the oa:ActionCriteria node. I needed a matching node for every instance of CatalogEntry.
<oa:ActionCriteria>
<oa:ActionExpression actionCode="Change" expressionLanguage="_wcf:XPath">/CatalogEntry[1]/Description[1]</oa:ActionExpression>
</oa:ActionCriteria>
<oa:ActionCriteria>
<oa:ActionExpression actionCode="Change" expressionLanguage="_wcf:XPath">/CatalogEntry[2]/Description[1]</oa:ActionExpression>
</oa:ActionCriteria>
<oa:ActionCriteria>
<oa:ActionExpression actionCode="Change" expressionLanguage="_wcf:XPath">/CatalogEntry[3]/Description[1]</oa:ActionExpression>
</oa:ActionCriteria>
Just to add to that: You can run several action son the same data object, to for instance create attributes , remove attributes, set SEO data etc. However, this can confuse the graph object if you don't sort the actions in the order of Add, Change and Delete.
Via the XML API, how do you associate an Google Checkout callback serial number with the original order?
On the same line - What does the serial number in the "Option B - Submit a Server-to-Server Checkout API Request" section of the XML API doc correspond to (format: serial-number="981283ea-c324-44bb-a10c-fc3b2eba5707")? Does it relate to the serial sent by the callback URL (numeric-only)?
The way I've done this in the past is using the <merchanrt-private-data> tag in the original cart, so something like:
<checkout-shopping-cart xmlns='http://checkout.google.com/schema/2'>
<shopping-cart>
<merchant-private-data>
<merchant-note>[some secret about the cart on my system]</merchant-note>
</merchant-private-data>
<items>
...
</items>
</shopping-cart>
</checkout-shopping-cart>
Then, after Google has called back with a serial number, I use the Notification History API to retrieve the order details, which then includes my private data, something like:
<new-order-notification xmlns="http://checkout.google.com/schema/2" serial-number="[serial number from google]">
<buyer-billing-address>
...
</buyer-billing-address>
<timestamp>...</timestamp>
<google-order-number>...</google-order-number>
<order-summary>
<total-chargeback-amount currency="GBP">...</total-chargeback-amount>
<google-order-number>...</google-order-number>
<total-charge-amount currency="GBP">...</total-charge-amount>
<total-refund-amount currency="GBP">...</total-refund-amount>
<purchase-date>...</purchase-date>
<archived>false</archived>
<shopping-cart>
<merchant-private-data>
<merchant-note>[the secret about the cart from my system]</merchant-note>
</merchant-private-data>
<items>
</items>
</shopping-cart>
<order-adjustment>
...
</order-adjustment>
<promotions />
<buyer-id>...</buyer-id>
<buyer-marketing-preferences>
<email-allowed>false</email-allowed>
</buyer-marketing-preferences>
<buyer-shipping-address>
...
</buyer-shipping-address>
<order-total currency="GBP">...</order-total>
<fulfillment-order-state>NEW</fulfillment-order-state>
<financial-order-state>REVIEWING</financial-order-state>
</order-summary>
<shopping-cart>
<merchant-private-data>
<merchant-note>[the secret about the cart from my system]</merchant-note>
</merchant-private-data>
<items>
</items>
</shopping-cart>
<order-adjustment>
...
</order-adjustment>
<promotions />
<buyer-id>...</buyer-id>
<buyer-marketing-preferences>
<email-allowed>false</email-allowed>
</buyer-marketing-preferences>
<buyer-shipping-address>
...
</buyer-shipping-address>
<order-total currency="GBP">...</order-total>
<fulfillment-order-state>NEW</fulfillment-order-state>
<financial-order-state>REVIEWING</financial-order-state>
</new-order-notification>
I can then use the secret to match the orders up to the details I'd stored in the database previously.