-
1. Re: Reading Log Files
Janaki Lakshmikanthan Jan 29, 2010 1:35 AM (in response to CarphuntinGod)Same here, check whether you have enabled 'publish' and 'unpublish' events for access log using Logger.xml. Otherwise FMS logs all the events in access log that are enabled in Logger.xml.
Regards,
Janaki L
-
2. Re: Reading Log Files
CarphuntinGod Jan 29, 2010 1:38 PM (in response to Janaki Lakshmikanthan)I've found that while all other logs are appearing in the "logs" directory on my FMIS server... I have none of the authEvent logs. the logger xml section looks ok... but there are no logs.
I'm searching the entire system to see if they're going somewhere weird... but it really looks like they're just not being created.
-
3. Re: Reading Log Files
Janaki Lakshmikanthan Jan 31, 2010 10:30 PM (in response to CarphuntinGod)authEvent logs will be created only if you have authorization plugin installed in the FMS. Also check if you get authMessage log which
will give you more details on loading the authorization plugin. If you have any problem with the auth plugin, authMessage log will have statements related to that.
Regards,
Janaki L
-
4. Re: Reading Log Files
CarphuntinGod Feb 1, 2010 12:01 PM (in response to Janaki Lakshmikanthan)I believe I have the authorization plugin installed. I've installed the authenticator listed on this page with FMLE materials https://www.adobe.com/cfusion/entitlement/index.cfm?e=fmle3. I've set up users, and now FMLE clients do have to enter name/pass to connect.
No authevent authmessage logs are appearing.
-
5. Re: Reading Log Files
CarphuntinGod Feb 1, 2010 2:08 PM (in response to CarphuntinGod)adding to this... looking at my logger.xml, authEvents, authMessage, and fileMessage logs should all be generated, but none of these appear in the logs directory. Also missing are the authEvents.rot, authMessage.rot, etc files.
I'm uncertain where to look to see why none of these files are being created/triggerd by FMIS.
-
6. Re: Reading Log Files
Janaki Lakshmikanthan Feb 1, 2010 8:56 PM (in response to CarphuntinGod)Got the issue now... You dont have Authorization plug-in (c++), you have FMLE Authentication plug-in right? I was talking about Authorization plugin which generates authEvent and message log files.
Regards,
Janaki L
-
7. Re: Reading Log Files
vgokhale Feb 1, 2010 10:51 PM (in response to CarphuntinGod)Hi,
The events publish and unpublish should be enabled in logger.xml for the events to be logged in access.00.log when ever FMLE client publishes/unpublishes the stream. You can enable these events in tag Logger ->Access->Events for events to be logged in access log. By default these events are not enabled in logger.xml.
Regarding your second query about authentication: The uses that fail authentication process from FMLE will log a connect event in access log with status code 403 indicating the connection was rejected due to authorization.
For more clarification from logs you can enable c-user-agent and c-referrer fields in the logger.xml(Logger ->Access->Fields) for access logs.
Thanks
Viraj
-
8. Re: Reading Log Files
CarphuntinGod Feb 2, 2010 8:40 AM (in response to Janaki Lakshmikanthan)Ok... where do I find the authentication plugin?
-
9. Re: Reading Log Files
CarphuntinGod Feb 2, 2010 8:42 AM (in response to vgokhale)Ok, I'll scan for the 403 codes (I think I already turned on the features you suggested as I was trying to get as much info out of the thing as possible).
Now... dumb question. I know when the FMLE's connect, I see publish/unpublish messages. Can any other encoder engines that could talk to the FMIS run streams without generating these messages? Can they get around the FMLE authenticator plugin?
-
10. Re: Reading Log Files
Janaki Lakshmikanthan Feb 2, 2010 10:24 PM (in response to CarphuntinGod)In FMS if you have enabled publish/unpublish events in log files, then it is logged for any clients who perform this operation with that FMS. It cannot discard the events for specific clients. FMLE Authentication addIn applies for FMLE. Other publishers can publish without authenticating it.
I hope this helps.
Regards,
Janaki L
-
11. Re: Reading Log Files
CarphuntinGod Feb 3, 2010 8:42 AM (in response to Janaki Lakshmikanthan)Thanks... that helps. It lets me know we probably are still susceptible to unwanted streams.
-
12. Re: Reading Log Files
CarphuntinGod Feb 8, 2010 2:27 PM (in response to CarphuntinGod)I checked our logs, and found these entries. A remote viewing site is calling a channel that we don't have on our site... I can't find anything in the logs that looks like a "publish" for this thing... so I can't tell what might have been passed through us.
#Fields: date time x-category x-event x-status x-sname x-pid c-ip cs-bytes sc-bytes sc-stream-bytes x-file-size x-file-length c-user-agent c-referrer c-proto x-comment2010-02-07 00:15:58 session connect 200 - 4540 24.130.211.56 3073 3073 - - - WIN 10,0,22,87 http://nadorlive.com/swf/hd.swf rtmp -
2010-02-07 00:15:59 stream play 200 netherlandschannel 4540 24.130.211.56 3136 3451 0 - - WIN 10,0,22,87 http://nadorlive.com/swf/hd.swf rtmp -
2010-02-07 00:16:22 stream stop 408 netherlandschannel 4540 24.130.211.56 3170 3915 374 - - WIN 10,0,22,87 http://nadorlive.com/swf/hd.swf rtmp -
The nadorlive site looks like another tv viewer site (same sort of thing that hit us before).
-
13. Re: Reading Log Files
Janaki Lakshmikanthan Feb 8, 2010 8:00 PM (in response to CarphuntinGod)From the log entry which you have provided, this client is not publishing the data. It is playing your stream. If this is not your right client and wanted to block such client... you have few things to follow to protect your server from streaming to unwanted clients.
You can use "authorization plugin" to authenticate your clients or use "SWF verification" feature, if you dont want to add authentication code at your server side application.
Regards,
Janaki L
-
14. Re: Reading Log Files
CarphuntinGod Feb 8, 2010 10:38 PM (in response to Janaki Lakshmikanthan)I know this is not a publisher.
The disturbing thing is, if I'm reading the status codes correctly, there was no failure saying we don't have this stream.
I've examined the logs and looked through our server... this stream doesn't exist on our site.
What I believe is happening is that someone is pumping a stream through us, and clients are picking it up from us. When I mention I couldn't find a publish event... I meant if they are picking up a stream via us...I should see it being published somewhere. To this point, I haven't found anything but our known streams.
the nadoronline.com looks to be an aggregator like the first site we found pumping out television streams.
No one has said yet how to activate the authenticator plugin (other than the FMLE one we've already installed). We'll have to eyeball swf verification to see what what's involved for all the developed apps we've already deployed.
I'm also going to have to check to see how many more UW system servers are being abused this way and see if we don't need to go another route with our streaming video implementations.
-
15. Re: Reading Log Files
sansqu Feb 9, 2010 1:15 AM (in response to CarphuntinGod)Flash Media Interactive Server and Flash Media Development Server provide a plug‑in architecture written in C++. With the installation of these server , you will get sample access, authoriazation plugins. You can customize these as per your need.
For more info, please go through the live docs here http://help.adobe.com/en_US/FlashMediaServer/3.5_Plugin/
-
16. Re: Reading Log Files
CarphuntinGod Feb 9, 2010 7:03 AM (in response to sansqu)man... this is getting way above my pay grade.... they need a checkbox to turn on authentication


