[Geoserver-users] Geoserver Audit Logging stopped working

GeoServer GeoServer User
1

Dear Community,

*Problem:* The Geoserver (2.8.0) which is installed in an Ubuntu 14.04 VM
stopped creating the audit logs suddenly.

*Background:* A couple of months ago I followed the instructions at
Geoserver Training - Logging all requests on Geoserver
<http://geoserver.geo-solutions.it/edu/en/adv_gsconfig/auditing.html&gt; to
enable audit logging in Geoserver. The process was successful allowing me to
parse the logs using ElasticSearch, Logstash, and Kibana to get insights on
service usage. Reviewing the analytics recently showed no Geoserver activity
for a significant amount of time which suggested that the audit logs had
potentially a problem. I checked the audit log generation which showed that
no logs had been created for a significant amount of time (i.e. weeks).

*Audit logs configuration:*
The configuration that I included in the monitor.properties file is
following:

#Enable Audit Logging to monitor requests
audit.enabled=true
audit.path=/var/lib/tomcat7/webapps/geoserver/data/logs
audit.roll_limit=100000

The configuration that I included in the header.ftl file is following:
# start time,url,error flag,total time,response
length,services,version,operation,resources,query,response content type

The configuration that I included in the content.ftl file is following:
${startTime?datetime?iso_utc_ms},${remoteAddr!""},<#if
error??>failed<#else>success</#if>,${totalTime},${responseLength?c},${service!""},${owsVersion!""},${operation!""},${resourcesList!""},${queryString!""}",${responseContentType!""}

Has anyone had a similar issue in the past?

I appreciate your time and effort.

--
View this message in context: http://osgeo-org.1560.x6.nabble.com/Geoserver-Audit-Logging-stopped-working-tp5284210.html
Sent from the GeoServer - User mailing list archive at Nabble.com.

2

Hi,
I’ve never stumbled into an error like that. Maybe something happened during a file roll that
prevented the monitoring to continue? Any disk quota limit possibly reached or something
like that?

Do you have any error in the GeoServer logs around the time the auditing stopped working?

Cheers
Andrea

···

On Tue, Sep 6, 2016 at 10:08 AM, dimmihel <Dimitrios.Michelakis@anonymised.com> wrote:

Dear Community,

Problem: The Geoserver (2.8.0) which is installed in an Ubuntu 14.04 VM
stopped creating the audit logs suddenly.

Background: A couple of months ago I followed the instructions at
Geoserver Training - Logging all requests on Geoserver
<http://geoserver.geo-solutions.it/edu/en/adv_gsconfig/auditing.html> to
enable audit logging in Geoserver. The process was successful allowing me to
parse the logs using ElasticSearch, Logstash, and Kibana to get insights on
service usage. Reviewing the analytics recently showed no Geoserver activity
for a significant amount of time which suggested that the audit logs had
potentially a problem. I checked the audit log generation which showed that
no logs had been created for a significant amount of time (i.e. weeks).

Audit logs configuration:
The configuration that I included in the monitor.properties file is
following:

#Enable Audit Logging to monitor requests
audit.enabled=true
audit.path=/var/lib/tomcat7/webapps/geoserver/data/logs
audit.roll_limit=100000

The configuration that I included in the header.ftl file is following:

start time,url,error flag,total time,response

length,services,version,operation,resources,query,response content type

The configuration that I included in the content.ftl file is following:
${startTime?datetime?iso_utc_ms},${remoteAddr!“”},<#if
error??>failed<#else>success</#if>,${totalTime},${responseLength?c},${service!“”},${owsVersion!“”},${operation!“”},${resourcesList!“”},${queryString!“”}“,${responseContentType!”"}

Has anyone had a similar issue in the past?

I appreciate your time and effort.


View this message in context: http://osgeo-org.1560.x6.nabble.com/Geoserver-Audit-Logging-stopped-working-tp5284210.html
Sent from the GeoServer - User mailing list archive at Nabble.com.

Geoserver-users mailing list
Geoserver-users@anonymised.com.382…sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users

==
GeoServer Professional Services from the experts! Visit
http://goo.gl/it488V for more information.

Ing. Andrea Aime

@geowolf
Technical Lead

GeoSolutions S.A.S.
Via di Montramito 3/A
55054 Massarosa (LU)
phone: +39 0584 962313

fax: +39 0584 1660272
mob: +39 339 8844549

http://www.geo-solutions.it
http://twitter.com/geosolutions_it

AVVERTENZE AI SENSI DEL D.Lgs. 196/2003

Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003.

The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy’s New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc.

3

Hi geowolf,

Thank you for your reply.

Requesting data from Geoserver & examining the geoserver.log file reveals
the following:

2016-09-08 13:23:04,342 WARN [geoserver.monitor] - Request Dumper exiting
due to :Permission denied
java.io.IOException: Permission denied
        at java.io.UnixFileSystem.createFileExclusively(Native Method)
        at java.io.File.createNewFile(File.java:1006)
        at
org.geoserver.monitor.auditlog.AuditLogger$RequestDumper.rollWriter(AuditLogger.java:386)
        at
org.geoserver.monitor.auditlog.AuditLogger$RequestDumper.run(AuditLogger.java:275)

The log clearly suggests that there is no permission for the user to create
the audit log file but what frustrates me is that the user was able to
create audit log files.

*Additional Information:*
Geoserver is working as a webapp using tomcat7.

--
View this message in context: http://osgeo-org.1560.x6.nabble.com/Geoserver-Audit-Logging-stopped-working-tp5284210p5284717.html
Sent from the GeoServer - User mailing list archive at Nabble.com.

4

Hi,
it seems to suggest that someone/something changed the access
permissions on the audit file directory so that tomcat is no
more able to create new files

Cheers
Andrea

···

On Thu, Sep 8, 2016 at 2:44 PM, dimmihel <Dimitrios.Michelakis@anonymised.com> wrote:

Hi geowolf,

Thank you for your reply.

Requesting data from Geoserver & examining the geoserver.log file reveals
the following:

2016-09-08 13:23:04,342 WARN [geoserver.monitor] - Request Dumper exiting
due to :Permission denied
java.io.IOException: Permission denied
at java.io.UnixFileSystem.createFileExclusively(Native Method)
at java.io.File.createNewFile(File.java:1006)
at
org.geoserver.monitor.auditlog.AuditLogger$RequestDumper.rollWriter(AuditLogger.java:386)
at
org.geoserver.monitor.auditlog.AuditLogger$RequestDumper.run(AuditLogger.java:275)

The log clearly suggests that there is no permission for the user to create
the audit log file but what frustrates me is that the user was able to
create audit log files.

Additional Information:
Geoserver is working as a webapp using tomcat7.


View this message in context: http://osgeo-org.1560.x6.nabble.com/Geoserver-Audit-Logging-stopped-working-tp5284210p5284717.html

Sent from the GeoServer - User mailing list archive at Nabble.com.

Geoserver-users mailing list
Geoserver-users@anonymised.com.382…sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users

==
GeoServer Professional Services from the experts! Visit
http://goo.gl/it488V for more information.

Ing. Andrea Aime

@geowolf
Technical Lead

GeoSolutions S.A.S.
Via di Montramito 3/A
55054 Massarosa (LU)
phone: +39 0584 962313

fax: +39 0584 1660272
mob: +39 339 8844549

http://www.geo-solutions.it
http://twitter.com/geosolutions_it

AVVERTENZE AI SENSI DEL D.Lgs. 196/2003

Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003.

The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy’s New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc.

5

Hi geowolf,

I can confirm that changing the privileges of the folder where the audit
logs are created fixed the issue; however the question remains in my mind
why these privileges changed and how. This is of course a systems issue.

Thanks again for your time and effort.

Regards,
D.

--
View this message in context: http://osgeo-org.1560.x6.nabble.com/Geoserver-Audit-Logging-stopped-working-tp5284210p5284735.html
Sent from the GeoServer - User mailing list archive at Nabble.com.