<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
Alan,
<blockquote
cite="mid:54CFCF7376079F4D9F7BE49DE3E4FA3B04516320@DC1EXCMBX01.STANWELL.com"
type="cite">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta name="Generator" content="Microsoft Word 12 (filtered
medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]-->
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
color:black;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0cm;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";
color:black;}
span.EmailStyle17
{mso-style-type:personal;
font-family:"Arial","sans-serif";
color:windowtext;
font-weight:normal;
font-style:normal;
text-decoration:none none;}
span.htmltxt1
{mso-style-name:html_txt1;
color:black;}
span.htmltag1
{mso-style-name:html_tag1;
color:blue;}
span.htmlelm1
{mso-style-name:html_elm1;
color:maroon;}
span.htmlatr1
{mso-style-name:html_atr1;
color:red;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:"Consolas","serif";
color:black;}
span.EmailStyle24
{mso-style-type:personal-reply;
font-family:"Arial","sans-serif";
color:blue;
font-weight:normal;
font-style:normal;
text-decoration:none none;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><span style="font-family:
"Arial","sans-serif"; color:
windowtext;">So is there a easy way to "disable" this
function for the logfiles?? or will I have to do something
to preprocess the logs and strip out the <> ??<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:
"Arial","sans-serif"; color: blue;"><o:p> </o:p></span></p>
</div>
</blockquote>
It is handled by xymond_client<br>
<a class="moz-txt-link-freetext" href="http://www.xymon.com/xymon/help/manpages/man8/xymond_client.8.html">http://www.xymon.com/xymon/help/manpages/man8/xymond_client.8.html</a><br>
<br>
It looks like it would require a patch to the code. There is already
some quoting in place for special characters in process listings.<br>
<br>
David.<br>
<blockquote
cite="mid:54CFCF7376079F4D9F7BE49DE3E4FA3B04516320@DC1EXCMBX01.STANWELL.com"
type="cite">
<div class="WordSection1">
<div>
<div style="border-right: medium none; border-width: 1pt
medium medium; border-style: solid none none; border-color:
rgb(181, 196, 223) -moz-use-text-color -moz-use-text-color;
padding: 3pt 0cm 0cm;">
<p class="MsoNormal"><b><span style="font-size: 10pt;
font-family:
"Tahoma","sans-serif"; color:
windowtext;" lang="EN-US">From:</span></b><span
style="font-size: 10pt; font-family:
"Tahoma","sans-serif"; color:
windowtext;" lang="EN-US"> David Baldwin
[<a class="moz-txt-link-freetext" href="mailto:david.baldwin@ausport.gov.au">mailto:david.baldwin@ausport.gov.au</a>]
<br>
<b>Sent:</b> Thursday, 16 June 2011 1:04 PM<br>
<b>To:</b> FORD Alan<br>
<b>Cc:</b> 'Xymon mailinglist'<br>
<b>Subject:</b> Re: [Xymon] msgs display is interpreting
logfile as HTML.<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Alan,<br>
<br>
You are correct - any embedded HTML tags do get presented
verbatim back through the Xymon web interface. I dealt with
this for a Windows event log processing test I wrote which was
getting a similar issue with Blackberry server events.<br>
<br>
In fact any status message can include HTML (and many tests do
by design).<br>
<br>
The msgs reporting can be in effect used as a XSS vector if
the right kind of log message can trigger being displayed in
the Xymon web interface. If a message is going to be embedded
inside <PRE> tags it's probably worth quoting HTML
entities along the way.<br>
<br>
David.<br>
<br>
<o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:
"Arial","sans-serif";">Hi all,</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:
"Arial","sans-serif";"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:
"Arial","sans-serif";">I am using Xymon
4.3.2 on RHEL5</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:
"Arial","sans-serif";"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:
"Arial","sans-serif";">I am monitoring a
log file which has a lot of <…> combinations.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:
"Arial","sans-serif";"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:
"Arial","sans-serif";">It looks like
Xymon is interpreting the contents of the logfile as HTML</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:
"Arial","sans-serif";"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:
"Arial","sans-serif";">When it gets
displayed to the screen I see this..</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:
"Arial","sans-serif";"> </span>
<o:p></o:p></p>
<p class="MsoNormal">#### <[ACTIVE] ExecuteThread: '1'
for queue: 'weblogic.kernel.Default (self-tuning)'>
<> <> <> <1308183254039><o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">but the actual log entry (and when I view
source) shows this…<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"><span class="htmltxt1">####</span><span
class="htmltag1"><</span><span class="htmlelm1">Jun</span><span
class="htmltag1"> 16, 2011 10:14:14
</span><span class="htmlatr1">AM</span><span class="htmltag1">
</span><span class="htmlatr1">EST</span><span class="htmltag1">></span><span
class="htmltxt1">
</span><span class="htmltag1"><</span><span
class="htmlelm1">Info</span><span class="htmltag1">></span><span
class="htmltxt1">
</span><span class="htmltag1"><</span><span
class="htmlelm1">WliSbTransports</span><span
class="htmltag1">></span><span class="htmltxt1">
</span><span class="htmltag1"><</span><span
class="htmlelm1">soapro01</span><span class="htmltag1">.</span><span
class="htmlatr1">stanwell</span><span class="htmltag1">.</span><span
class="htmlatr1">com</span><span class="htmltag1">></span><span
class="htmltxt1">
</span><span class="htmltag1"><</span><span
class="htmlelm1">osb</span><span class="htmlatr1">_ms01</span><span
class="htmltag1">></span><span class="htmltxt1">
<[ACTIVE] ExecuteThread: '1' for queue:
'weblogic.kernel.Default (self-tuning)'> <</span><span
class="htmltag1"><</span><span class="htmlelm1">anonymous</span><span
class="htmltag1">></span><span class="htmltxt1">>
<> <> <1308183254039> </span><span
class="htmltag1"><</span><span class="htmlelm1">BEA</span><span
class="htmltag1">-381113></span><span class="htmltxt1">
</span><span class="htmltag1"><</span><span
class="htmlelm1">File</span><span class="htmltag1">
</span><span class="htmlatr1">Market_Trading</span><span
class="htmltag1">/</span><span class="htmlatr1">DataTransfer</span><span
class="htmltag1">/</span><span class="htmlatr1">Barron_Process_Data_20110616_101406</span><span
class="htmltag1">.</span><span class="htmlatr1">csv</span><span
class="htmltag1">
</span><span class="htmlatr1">renamed</span><span
class="htmltag1"> </span><span class="htmlatr1">to</span><span
class="htmltag1"> 2008343281842716392-3</span><span
class="htmlatr1">dafdf91</span><span class="htmltag1">.</span><span
class="htmlatr1">130945f6a25</span><span class="htmltag1">.</span><span
class="htmlatr1">bb__Barron_Process_Data_20110616_101406</span><span
class="htmltag1">.</span><span class="htmlatr1">csv</span><span
class="htmltag1">.</span><span class="htmlatr1">Stage</span><span
class="htmltag1">
</span><span class="htmlatr1">on</span><span class="htmltag1">
</span><span class="htmlatr1">the</span><span class="htmltag1">
</span><span class="htmlatr1">remote</span><span
class="htmltag1"> </span><span class="htmlatr1">host</span><span
class="htmltag1">
</span><span class="htmlatr1">barftp01</span><span
class="htmltag1"> </span><span class="htmlatr1">for</span><span
class="htmltag1">
</span><span class="htmlatr1">the</span><span class="htmltag1">
</span><span class="htmlatr1">service</span><span
class="htmltag1">
</span><span class="htmlatr1">endpoint</span><span
class="htmltag1"> </span><span class="htmlatr1">ProxyService</span><span
class="htmltag1">$</span><span class="htmlatr1">Remote</span><span
class="htmltag1">
</span><span class="htmlatr1">Operations</span><span
class="htmltag1"> </span><span class="htmlatr1">Scada</span><span
class="htmltag1">$</span><span class="htmlatr1">Proxy</span><span
class="htmltag1">
</span><span class="htmlatr1">Services</span><span
class="htmltag1">$</span><span class="htmlatr1">PollForBarronScadaFilePS</span><span
class="htmltag1">></span><o:p></o:p></p>
<p class="MsoNormal"><span class="htmltag1"> </span><o:p></o:p></p>
<p class="MsoNormal"><span class="htmltag1"> </span><o:p></o:p></p>
<p class="MsoNormal"><span class="htmltag1">Thanks</span><o:p></o:p></p>
<p class="MsoNormal"><span class="htmltag1">Alan Ford</span><o:p></o:p></p>
<pre>________________________________________________________________________________<o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre>This email (including all attachments) may contain personal information and is intended solely for the named addressee. It is confidential and may be subject to legal or other professional privilege and any confidentiality or privilege is not waived or lost because this email has been sent to you by mistake. This email is also subject to copyright. No part of it should be reproduced, adapted or communicated without the written consent of the copyright owner. Any personal Information in this email must be handled in accordance with the Privacy Act 1988 (Cth). If you have received it in error, please let Stanwell Corporation Limited know by reply email, delete it from your system and destroy any copies. Stanwell is not responsible for any changes made to a document other than those made by Stanwell. Stanwell accepts no liability for any damage caused by this email or its attachments due to viruses, interference, interception, corruption or unauthorised ac
cess. If you ha<o:p></o:p></pre>
<pre>ve any doubts about the authenticity of an email purportedly sent by us, please contact us immediately. If this is a commercial electronic message within the meaning of the Spam Act 2003 (Cth), you may indicate that you do not wish to receive any further commercial electronic messages from Stanwell by emailing <a moz-do-not-send="true" href="mailto:privacy@stanwell.com">mailto:privacy@stanwell.com</a>...<o:p></o:p></pre>
<pre>________________________________________________________________________________<o:p></o:p></pre>
<p class="MsoNormal"><span style="font-size: 12pt; font-family:
"Times New Roman","serif";"><br>
<br>
<br>
<o:p></o:p></span></p>
<pre>-- <o:p></o:p></pre>
<pre>David Baldwin - IT Unit<o:p></o:p></pre>
<pre>Australian Sports Commission <a moz-do-not-send="true" href="http://www.ausport.gov.au">www.ausport.gov.au</a><o:p></o:p></pre>
<pre>Tel 02 62147830 Fax 02 62141830 PO Box 176 Belconnen ACT 2616<o:p></o:p></pre>
<pre><a moz-do-not-send="true" href="mailto:david.baldwin@ausport.gov.au">david.baldwin@ausport.gov.au</a> Leverrier Street Bruce ACT 2617<o:p></o:p></pre>
<p class="MsoNormal"><span style="font-size: 12pt; font-family:
"Times New Roman","serif";"><o:p> </o:p></span></p>
<div class="MsoNormal" style="text-align: center;"
align="center"><span style="font-size: 12pt; font-family:
"Times New Roman","serif";">
<hr align="center" width="100%" size="2">
</span></div>
<p class="MsoNormal"><span style="font-size: 12pt; font-family:
"Times New Roman","serif";">Keep up to
date with what's happening in Australian sport visit
<a moz-do-not-send="true" href="http://www.ausport.gov.au">www.ausport.gov.au</a>
<br>
<br>
</span><span style="font-size: 7.5pt; font-family:
"Arial","sans-serif";">This message is
intended for the addressee named and may contain
confidential and privileged information. If you are not the
intended recipient please note that any form of
distribution, copying or use of this communication or the
information in it is strictly prohibited and may be
unlawful. If you receive this message in error, please
delete it and notify the sender.</span><span
style="font-size: 12pt; font-family: "Times New
Roman","serif";">
<o:p></o:p></span></p>
<div class="MsoNormal" style="text-align: center;"
align="center"><span style="font-size: 12pt; font-family:
"Times New Roman","serif";">
<hr align="center" width="100%" size="2">
</span></div>
</div>
</blockquote>
<br>
<br>
<pre class="moz-signature" cols="72">--
David Baldwin - IT Unit
Australian Sports Commission <a class="moz-txt-link-abbreviated" href="http://www.ausport.gov.au">www.ausport.gov.au</a>
Tel 02 62147830 Fax 02 62141830 PO Box 176 Belconnen ACT 2616
<a class="moz-txt-link-abbreviated" href="mailto:david.baldwin@ausport.gov.au">david.baldwin@ausport.gov.au</a> Leverrier Street Bruce ACT 2617
</pre>
</body>
</html>