I have a very simple NServiceBus.Host.exe application that is using the default logging and the Production profile. According to the documentation, this should result in an appending file log that should appear in the same folder as the EXE. However, when I run the application as a service, the log file doesn't appear in the same folder as the EXE, and thus far I've been unable to locate it at all. The service is running as Local System. Do I need to run it as a user account and look for the file in the AppData folder somewhere? Is it under c:\windows somewhere? Where is it and is there a way for me to have it actually log to a file in the same folder as the EXE as advertised?
Update:
Using ProcMon and ProcExp from SysInternals, I can see that there is no attempt to create any log file in the folder where my EXE exists, nor are there any file permission errors while trying to create a log file anywhere, at least not from the PID of the service (if for some reason log4net spins up another process to do this work then I might have missed it).
It turns out that the service wasn't actually running in the Production profile. I had for some reason gotten it into my head that services would run in the production profile by default, while running it in interactive mode would use Lite by default. Not so - the service will use the Lite profile unless you specify otherwise. I changed my command to install the service from:
NServiceBus.Host.exe /install /displayName:MyService
to
NServiceBus.Host.exe /install /displayName:MyService NServiceBus.Production
and this fixed the issue.
Related
I've installed Node.JS via cPanel and all the Phusion Passenger files and dependencies. I can run the application manually via SSH. I have created the application in cPanel's Application Manager. However, after the application is "enabled" it's not actually "running" and only results in the Passenger error page. It says it was not able to execute the application.
If I manually inspect the application configuration file in /etc/apache2/conf.d/userdata/ssl/2_4/username/subdomain/application_name.conf I can see it doesn't have an entry for PassengerStartupFile. If I add the line
PassengerStartupFile ./bin/www
and restart the Passenger service, is works and I can access it via the URL. However, if I disable and re-enable the application via cPanel, the conf file is regenerated and that entry is lost.
How can I get cPanel to add the PassengerStartupFile entry, or get Passenger to auto-detect the startup file from the package.json file or environment variables or something?
As a work-around, I've created a second application_name_patch.conf file with the missing configuration line so that it all eventually gets compiled together, but that's kludgy...
Your solution to add a second application_name_patch.conf file next to the appliation_name.conf file is exactly the solution you need as is explained here: How to Install a Node.js Application.
The linked article suggests you use the path /etc/apache2/conf.d/userdata/ssl/2_4/user/domain.nodejs.conf for the custom startup file, but I would recommend you use the path /etc/apache2/conf.d/userdata/ssl/2_4/user/domain/nodejs.conf as this will place the custom configuration in the same directory as the original application conf file.
I have a freeradius server setup with google authenticator to provide a basic working multi-factor setup.
Everything works when I run radiusd in debug mode as root. If I start it as a service, logons fail and this messages is recorded when processing messages:
radiusd(pam_google_authenticator)[1115]: Failed to read "/home/user#domain.com/.google_authenticator" for "user#domain.com"
I think this must be a permissions issue since it works fine when run as root.
I don't really want to edit the permissions on each secret file for every user.
I have tried specifying root in
/etc/raddb/radiusd.conf
user = root group = root
but still the service fails unless run from the command line as root. Does anyone have a nice elegant solution to this conundrum?
I think you should check out your systemd service file for radiusd. It might look something like:
https://github.com/ipfire/ipfire-3.x/blob/master/freeradius/systemd/freeradius.service
You can add User= and Group= in the [Service] section of the .service file if needed. See
https://unix.stackexchange.com/questions/347358/how-to-change-service-user-in-centos-7
and
https://serverfault.com/questions/806617/configuring-systemd-service-to-run-with-root-access
It would be a good idea to put the contents of the .service file for radiusd in your post.
I have Spring Boot 2 executable jar (runs by command java -jar myapp.jar) which I need to deploy to remote linux server as systemd service. Jenkins CI will manage building this jar from source and copy to proper location and restart java service associated with myapp.jar. Linux server has just one user 'jonas' with sudo privilege, in addition to jenkins user. Where do I need to put myapp.jar on linux server from security best practice point of view in production environment ? Possible location:
/var/myapplications/myapp.jar
/home/jona/myapplications/myapp.jar
/opt//myapplications/myapp.jar
Also where the log files generated by myapp.jar are going to be located?
Based on my experience, I would recommend to keep all third parties and applications under /opt/{{ app_name }}
You can follow if you like following structure which makes deployment of new artefacts much easier with option to quickly rollback if needed.
/opt/{{ app_name }}/releases/{{ app_version }}
/opt/{{ app_name }}/current <- Symlink to above
/opt/{{ app_name }}/current/logs <- directory for logs which would be part of the releases/{{ app_version }}
Your deployment script can create respective folders, manage permissions and symlinks for this purpose.
What i personally like is to make sure it runs under a non-privileged user with proper permissions to ensure only that particular user can read/execute/write on the directory recursively which would include logs which might have some sensitive information that might be included as part of the exception, however this purely depends on how you log.
I need to start a win10 app remotly.
What I already tried is:
for starters I used this path: shell:appsfolder\appname!app
using psexec to start the app doesn't work
same with powershell (over psexec as well as native ps remote)
also tried starting it indirectly from a .cmd file and .vbs file executing form psexec
all these command and files are working if executed directly on the client. But if I try to execute them remotly I get the error message path not found or it just nothing happening and really nothing I checked if the appropriate exe file is running via taskmanager. Apparently there must be some issue with the name translation of shell:appsfolder over a remote session.
I am able to get logback logging to work correctly on my development environment (Windows) using Tomee 1.6.0.1; however, whenever I try to deploy the webapp on my Tomee server on Linux, it never creates the "test.app.log" file specified in the logback.xml configuration file inside of the WEB-INF/classes directory of the webapp.
Using maven, I have included logback-classic-1.1.2 and logback-core-1.1.2 in the WEB-INF/lib directory of the webapp.
I double check permissions for the directory to which I wish to write (CATALINA_BASE/logs), but it is set to rw for all users so I doubt that is the problem.
No matter what I try, all of my logs keep getting pushed to catalina.out. Can anybody solve the mystery as to why logging with logback works correctly on Windows (development environment) but not Linux?
It turns out that we were separating our EJB's into another directory and adding that directory as a "Deployment dir" in tomee.xml. This unhooks the webapp independent logging.
Romain, from Tomee fame, suggested I use either VirtualWebappLoader or jars.txt implementations.