Si esta hartos de rrdtool para crear y guardar sus datos estadisticos por que es una jocada cada vez que hay que crear un nuevo grafico recomiendo http://pchart.sourceforge.net/ el nuevo gnuplot de benimaclet.
Logparser
28 10 2009Este programa como sabres es un grande del analisis de logs y el llamado por la peña “pro” data mining.
Basicamente este programa pilla una entrada de casi cualquier tipo y genera una salida tambien de casi cualquier tipo , sobre la entrada puedes ejecutar un select con lo que quieras obtener.
Pego tres ejemplos que me han venido bien ultimamente, desde lo mas basico hasta otros mas complicados.
Buscar X navegador y la ip que lo usa
SELECT cs(user-agent),c-ip FROM C:\XXXX\ex090510.log WHERE cs(user-agent) LIKE ‘%Firefox.%’
GROUP BY cs(user-agent) , c-ip Order by c-ip
Agrupar por fecha y web service y cotar las conexiones que ha habido sobre ese webservice
logparser -i:IISW3C -o:nat “SELECT date, cs-uri-stem, c-ip, COUNT(*) FROM C:\XXX\*.log where TO_TIME(time) BETWEEN TIMESTAMP(’22:10′, ‘hh:mm’) AND TIMESTAMP(’22:15′, ‘hh:mm’) GROUP BY date, cs-uri-stem,c-ip order by count(c-ip) desc “
AGRUPAR horas cada X tiempo y contar conexiones que se han dado en ese tiempo.
LogParser -i:IISW3C -o:csv “SELECT quantize(time,60), count(*) as Frequency from E:\XXXX\dia.log GROUP BY quantize(time,60) order by quantize(time, 60)”
El tiempo va en segundos.
Bueno esto es todo igual a alguien le sirve esta morralla , recuerdo que logparser sirve para casi cualquier tipo de log:
IISW3C, NCSA, IIS, IISODBC, BIN, IISMSID, HTTPERR, URLSCAN, CSV, TSV, W3C, XML, EVT, ETW, NETMON, REG, ADS, TEXTLINE, TEXTWORD, FS
Comentarios : Deja un Comentario »
Categorías : 1
Permisos Visor de sucesos ( EventLOG) windows 2003
1 10 2009Hola amigos que pasa cuando un colega programador te dice ,”ye loco que no puedo escribir en 2003 en el visor de suscesos con mi webservice en .net” , ¿como le concedemos permisos? … pues nada mas facil que esta explicacioncilla.
Editar la clave del registro CustomSD en HKLM\SYSTEM\CurrentControlSet\Services\EventLog\{logName}\
Establecer permisos para el usuario que ejecuta la aplicación que quiere escribir en la rama del árbol del registro.
Cadena por defecto
O:BAG:SYD:(D;;0xf0007;;;AN)(D;;0xf0007;;;BG)(A;;0xf0007;;;SY)(A;;0x7;;;BA)(A;;0x7;;;SO)(A;;0x3;;;IU)(A;;0x3;;;SU)(A;;0x3;;;S-1-5-3)
Cadena tuneada.
(D;;0xf0007;;;AN) Deny everything to Anonymous (D;;0xf0007;;;BG) Deny everything to Builtin Guests (A;;0xf0007;;;BA) Allow everything to Builtin Administrators (A;;0x7;;;SO) Allow read, write, and clear to Server Operators (A;;0x3;;;IU) Allow read and write to Interactive Users (A;;0x3;;;SU) Allow read and write to Service Accounts* (A;;0x3;;;S-1-5-3) Allow read and write to Batch Accounts* (A;;0x3;;;NS) to the end of the list and Network Service will be permitted read and write access to the event log. (A;;0x3;;;AU) Authenticated users read and write access, which can be done using <-- Metida para que pueda escribir .Net con cualquier usuario autenticado. --Es decir quedaria asi para poner en CustomSD (D;;0xf0007;;;AN)(D;;0xf0007;;;BG)(A;;0xf0007;;;BA)(A;;0x7;;;SO)(A;;0x3;;;IU)(A;;0x3;;;SU)(A;;0x3;;;S-1-5-3)(A;;0x3;;;NS)(A;;0x3;;;AU)
–Construccion de la ACL
Es tipo Unix Sumar bits.
0x0001 ELF_LOGFILE_READ Permission to read log files. 0x0002 ELF_LOGFILE_WRITE Permission to write log files. 0x0004 ELF_LOGFILE_CLEAR Permission to clear log files.
GRUPOS
"AN" SDDL_ANONYMOUS Anonymous logon. The corresponding RID is SECURITY_ANONYMOUS_LOGON_RID. "AO" SDDL_ACCOUNT_OPERATORS Account operators. The corresponding RID is DOMAIN_ALIAS_RID_ACCOUNT_OPS. "AU" SDDL_AUTHENTICATED_USERS Authenticated users. The corresponding RID is SECURITY_AUTHENTICATED_USER_RID. "BA" SDDL_BUILTIN_ADMINISTRATORS Built-in administrators. The corresponding RID is DOMAIN_ALIAS_RID_ADMINS. "BG" SDDL_BUILTIN_GUESTS Built-in guests. The corresponding RID is DOMAIN_ALIAS_RID_GUESTS. "BO" SDDL_BACKUP_OPERATORS Backup operators. The corresponding RID is DOMAIN_ALIAS_RID_BACKUP_OPS. "BU" SDDL_BUILTIN_USERS Built-in users. The corresponding RID is DOMAIN_ALIAS_RID_USERS. "CA" SDDL_CERT_SERV_ADMINISTRATORS Certificate publishers. The corresponding RID is DOMAIN_GROUP_RID_CERT_ADMINS. "CD" SDDL_CERTSVC_DCOM_ACCESS Users who can connect to certification authorities using Distributed Component Object Model (DCOM). The corresponding RID is DOMAIN_ALIAS_RID_CERTSVC_DCOM_ACCESS_GROUP. "CG" SDDL_CREATOR_GROUP Creator group. The corresponding RID is SECURITY_CREATOR_GROUP_RID. "CO" SDDL_CREATOR_OWNER Creator owner. The corresponding RID is SECURITY_CREATOR_OWNER_RID. "DA" SDDL_DOMAIN_ADMINISTRATORS Domain administrators. The corresponding RID is DOMAIN_GROUP_RID_ADMINS. "DC" SDDL_DOMAIN_COMPUTERS Domain computers. The corresponding RID is DOMAIN_GROUP_RID_COMPUTERS. "DD" SDDL_DOMAIN_DOMAIN_CONTROLLERS Domain controllers. The corresponding RID is DOMAIN_GROUP_RID_CONTROLLERS. "DG" SDDL_DOMAIN_GUESTS Domain guests. The corresponding RID is DOMAIN_GROUP_RID_GUESTS. "DU" SDDL_DOMAIN_USERS Domain users. The corresponding RID is DOMAIN_GROUP_RID_USERS. "EA" SDDL_ENTERPRISE_ADMINS Enterprise administrators. The corresponding RID is DOMAIN_GROUP_RID_ENTERPRISE_ADMINS. "ED" SDDL_ENTERPRISE_DOMAIN_CONTROLLERS Enterprise domain controllers. The corresponding RID is SECURITY_SERVER_LOGON_RID. "HI" SDDL_ML_HIGH High integrity level. The corresponding RID is SECURITY_MANDATORY_HIGH_RID. "IU" SDDL_INTERACTIVE Interactively logged-on user. This is a group identifier added to the token of a process when it was logged on interactively. The corresponding logon type is LOGON32_LOGON_INTERACTIVE. The corresponding RID is SECURITY_INTERACTIVE_RID. "LA" SDDL_LOCAL_ADMIN Local administrator. The corresponding RID is DOMAIN_USER_RID_ADMIN. "LG" SDDL_LOCAL_GUEST Local guest. The corresponding RID is DOMAIN_USER_RID_GUEST. "LS" SDDL_LOCAL_SERVICE Local service account. The corresponding RID is SECURITY_LOCAL_SERVICE_RID. "LW" SDDL_ML_LOW Low integrity level. The corresponding RID is SECURITY_MANDATORY_LOW_RID. "ME" SDDL_MLMEDIUM Medium integrity level. The corresponding RID is SECURITY_MANDATORY_MEDIUM_RID. "NO" SDDL_NETWORK_CONFIGURATION_OPS Network configuration operators. The corresponding RID is DOMAIN_ALIAS_RID_NETWORK_CONFIGURATION_OPS. "NS" SDDL_NETWORK_SERVICE Network service account. The corresponding RID is SECURITY_NETWORK_SERVICE_RID. "NU" SDDL_NETWORK Network logon user. This is a group identifier added to the token of a process when it was logged on across a network. The corresponding logon type is LOGON32_LOGON_NETWORK. The corresponding RID is SECURITY_NETWORK_RID. "PA" SDDL_GROUP_POLICY_ADMINS Group Policy administrators. The corresponding RID is DOMAIN_GROUP_RID_POLICY_ADMINS. "PO" SDDL_PRINTER_OPERATORS Printer operators. The corresponding RID is DOMAIN_ALIAS_RID_PRINT_OPS. "PS" SDDL_PERSONAL_SELF Principal self. The corresponding RID is SECURITY_PRINCIPAL_SELF_RID. "PU" SDDL_POWER_USERS Power users. The corresponding RID is DOMAIN_ALIAS_RID_POWER_USERS. "RC" SDDL_RESTRICTED_CODE Restricted code. This is a restricted token created using the CreateRestrictedToken function. The corresponding RID is SECURITY_RESTRICTED_CODE_RID. "RD" SDDL_REMOTE_DESKTOP Terminal server users. The corresponding RID is DOMAIN_ALIAS_RID_REMOTE_DESKTOP_USERS. "RE" SDDL_REPLICATOR Replicator. The corresponding RID is DOMAIN_ALIAS_RID_REPLICATOR. "RO" SDDL_ENTERPRISE_RO_DCs Enterprise Read-only domain controllers. The corresponding RID is DOMAIN_GROUP_RID_ENTERPRISE_READONLY_DOMAIN_CONTROLLERS. "RS" SDDL_RAS_SERVERS RAS servers group. The corresponding RID is DOMAIN_ALIAS_RID_RAS_SERVERS. "RU" SDDL_ALIAS_PREW2KCOMPACC Alias to grant permissions to accounts that use applications compatible with operating systems previous to Windows 2000. The corresponding RID is DOMAIN_ALIAS_RID_PREW2KCOMPACCESS. "SA" SDDL_SCHEMA_ADMINISTRATORS Schema administrators. The corresponding RID is DOMAIN_GROUP_RID_SCHEMA_ADMINS. "SI" SDDL_ML_SYSTEM System integrity level. The corresponding RID is SECURITY_MANDATORY_SYSTEM_RID. "SO" SDDL_SERVER_OPERATORS Server operators. The corresponding RID is DOMAIN_ALIAS_RID_SYSTEM_OPS. "SU" SDDL_SERVICE Service logon user. This is a group identifier added to the token of a process when it was logged as a service. The corresponding logon type is LOGON32_LOGON_SERVICE. The corresponding RID is SECURITY_SERVICE_RID. "SY" SDDL_LOCAL_SYSTEM Local system. The corresponding RID is SECURITY_LOCAL_SYSTEM_RID. "WD" SDDL_EVERYONE Everyone. The corresponding RID is SECURITY_WORLD_RID.
Es posible adjuntar el del usuario o grupo como hace en esta entrada (A;;0×3;;;S-1-5-3) el SID se puede obetener con whoami /all
–Impersonar .Net con un usuario autenticado en el sistema modificando MachineConfig.
–Ejecutar Application pool con un usuario controlado , acordarse de meter el usuario en el grupo bulidin IIS_WPG para que el Application Pool pueda arrancar.
REF:
http://www.jameskovacs.com/blog/WritingToTheEventLogFromASPNETFailsWhenRunningOnWindowsServer2003SP1.aspx
http://msdn.microsoft.com/en-us/magazine/cc982153.aspx
Comentarios : Deja un Comentario »
Categorías : 1
