|
|
| Subject: | Zensyslog UnicodeDecodeError - Datagram SyslogAgent Windows! |
| Author: | Felipe Castelar |
| Posted: | 2016-10-05 14:10 |
Hi There,
I had installed Datagram SyslogAgent on a Windows XPmachine (IP 10.61.124.17)so I can get eventlogs onzensyslog.
The syslog messages reach Zenoss 5.1.7 server on its local IP 10.61.124.13 onport 514.
Above folows tcpdump -vvv -nn result of a failed login attempt:
11:28:26.070630 IP (tos 0x0, ttl 128, id 9233, offset 0, flags [none], proto UDP (17), length 320)
10.61.124.17.1051 > 10.61.124.13.514: [udp sum ok] SYSLOG, length: 292
Facility local7 (23), Severity info (6)
Msg: Oct 5 11:28:46 winxp security[failure] 529 AUTORIDADE NT\SYSTEM Falha de logon:\0x7f Raz\0xe3o:Nome de usu\0xe1rio desconhecido ou\0x7fsenha incorreta\0x7f Nome de usu\0xe1rio:pcom\0x7f Dom\0xednio:WINXP\0x7f Tipo de logon:2\0x7f Processo de logon:User32 \0x7f Pacote de autentica\0xe7\0xe3o:Negotiate\0x7f Nome da esta\0xe7\0xe3o de trabalho:WINXP
0x0000: 3c31 3930 3e4f 6374 2020 3520 3131 3a32
0x0010: 383a 3436 2077 696e 7870 2073 6563 7572
0x0020: 6974 795b 6661 696c 7572 655d 2035 3239
0x0030: 2041 5554 4f52 4944 4144 4520 4e54 5c53
0x0040: 5953 5445 4d20 4661 6c68 6120 6465 206c
0x0050: 6f67 6f6e 3a7f 2052 617a e36f 3a4e 6f6d
0x0060: 6520 6465 2075 7375 e172 696f 2064 6573
0x0070: 636f 6e68 6563 6964 6f20 6f75 7f73 656e
0x0080: 6861 2069 6e63 6f72 7265 7461 7f20 4e6f
0x0090: 6d65 2064 6520 7573 75e1 7269 6f3a 7063
0x00a0: 6f6d 7f20 446f 6ded 6e69 6f3a 5749 4e58
0x00b0: 507f 2054 6970 6f20 6465 206c 6f67 6f6e
0x00c0: 3a32 7f20 5072 6f63 6573 736f 2064 6520
0x00d0: 6c6f 676f 6e3a 5573 6572 3332 2020 7f20
0x00e0: 5061 636f 7465 2064 6520 6175 7465 6e74
0x00f0: 6963 61e7 e36f 3a4e 6567 6f74 6961 7465
0x0100: 7f20 4e6f 6d65 2064 6120 6573 7461 e7e3
0x0110: 6f20 6465 2074 7261 6261 6c68 6f3a 5749
0x0120: 4e58 5020
Nevertheless,I can't see this event console.
The zensyslog log, on contol center, shows the UnicodeDecodeError above:
Unhandled error in Deferred:
Traceback (most recent call last):
File "/opt/zenoss/lib/python2.7/site-packages/twisted/internet/base.py", line 1203, in mainLoop
self.runUntilCurrent()
File "/opt/zenoss/lib/python2.7/site-packages/twisted/internet/base.py", line 798, in runUntilCurrent
f(*a, **kw)
File "/opt/zenoss/lib/python2.7/site-packages/twisted/internet/defer.py", line 434, in errback
self._startRunCallbacks(fail)
File "/opt/zenoss/lib/python2.7/site-packages/twisted/internet/defer.py", line 501, in _startRunCallbacks
self._runCallbacks()
--- ---
File "/opt/zenoss/lib/python2.7/site-packages/twisted/internet/defer.py", line 588, in _runCallbacks
current.result = callback(current.result, *args, **kw)
File "/opt/zenoss/Products/ZenEvents/zensyslog.py", line 305, in gotHostname
self.processor.process(msg, ipaddr, host, rtime)
File "/opt/zenoss/Products/ZenEvents/SyslogProcessing.py", line 163, in process
evt['summary'] = unicode(evt['summary'] )
exceptions.UnicodeDecodeError: 'utf8' codec can't decode byte 0xe3 in position 41: invalid continuation byte
Hope to here a clue or a solution.
Best regards,
Felipe Castelar
| Subject: | I have a bad feeling that |
| Author: | Jane Curry |
| Posted: | 2016-10-11 15:05 |
I have a bad feeling that this is to do with the language - are you using a locale that includes diacritics Sorry - don't know how to fix it though, other than suggesting changing to an English locale which you (very reasonably) may not want to do.
Cheers,
Jane
Email: jane.curry@skills-1st.co.uk Web: https://www.skills-1st.co.uk
| Subject: | If you are feeling brave and |
| Author: | Jane Curry |
| Posted: | 2016-10-17 13:42 |
If you are feeling brave and you really need this then backup your system safely and try the following to modify SyslogProcessing.py.
Having trouble with appending to the forum here - raised with Zenoss. Will try and update later.
Cheers,
Jane
Email: jane.curry@skills-1st.co.uk Web: https://www.skills-1st.co.uk
| Subject: | RE: Zensyslog UnicodeDecodeError - Datagram SyslogAgent Windows! |
| Author: | John Boyle |
| Posted: | 2016-10-18 09:52 |
From Jane....
If you are feeling brave and you really need this then backup your system safely and try the following to modify SyslogProcessing.py.
1) Attach to the zope container:
serviced service shell -i -s mod_SyslogProcessing zope bash
2) Switch to the zenoss user:
su - zenoss
3) Change to the correct directory:
cd /opt/zenoss/Products/ZenEvents
4) Take a copy of SyslogProcessing.py for safety:
cp SyslogProcessing.py SyslogProcessing.py_orig
5) Modify SyslogProcessing.py at line 162 for Core 5.1.7 to look like:
if 'summary' in evt:
try:
evt['summary'] = unicode(evt['summary'] )
except:
evt['summary'] = evt['summary'].decode('latin1').encode('utf8')
if 'message' in evt:
try:
evt['message'] = unicode(evt['message'] )
except:
evt['message'] = evt['message'].decode('latin1').encode('utf8')
self.sendEvent(evt)
6) Exit the zenoss shell and exit the root shell of the container
7) Commit the changes:
serviced snapshot commit mod_SyslogProcessing
8) Restart Zenoss.core
John Boyle
Zenoss Community Engineer/Manager
jboyle@zenoss.com
Twitter: @BrandFlair
| < |
Previous Use Active Directory to authenticate users |
Next Import 4.25 data into Zenoss 5 |
> |