Jump to content

Peter Wagemans

Members
  • Content Count

    54
  • Joined

  • Last visited

  • Days Won

    1

Peter Wagemans last won the day on August 9

Peter Wagemans had the most liked content!

Community Reputation

2 Neutral

About Peter Wagemans

  • Rank
    just passing through

Profile Information

  • Title
    developer
  • Gender
    Male
  • Location
    Belgium

Contact Methods

  • Website URL
    http://www.lesterius.com/

FileMaker Experience

  • Skill Level
    Expert
  • FM Application
    16 Advanced

Platform Environment

  • OS Platform
    X-Platform
  • OS Version
    High Windows

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Peter Wagemans

    Downloading / monitoring logs

    Because I write a lot of server side scripts and often using custom WPE urls, one of the most annoying things in FileMaker Server 17 is that it is now impossible to monitor the logs from the admin console. I always have to download them. I found an alternative way to monitor them, by using FTP. With some nifty perl scripts, I can now even tail the Event.log and Access.log. It's a whole other story for the other logs, like the wpe.log, the Stats.log... It is just impossible to download those over FTP. Earlier I already noticed they don't play nice with FSEvents on the Mac either. Has anyone here created a good solution to monitor those files, given that: I have only access to the FileMaker Server using FTP (Implicit SSL) and the admin console, no SSH, RDP or other management tools. I do have the possibility to install plug-ins on the server. Maybe some of you created some server side script that is able to monitor those files. Or you have some other solution.
  2. Peter Wagemans

    Things to do

    I am really getting fed up with the SSL connection. Xojo’s MySQL community plug-in is not supporting it very well, and is not maintained as I would like. Itis also inconstent in it’s behaviour in cross platform development. I would like to leave it as it is now, and hope that Xojo will support it better in future release of their IDE. For now I will put a comment on tab that things are “experimental”. Encrypting the data ourselves seems to be a good idea instead. The interface to configure that woul be simple: provide a password to encrypt, and one to decrypt. Switch these on the FileMaker side. Maybe some options to encrypt only fmsadmin traffic, and not the logs, so less critical things can remain readable.
  3. Peter Wagemans

    Quick find not working

    We are now 3 years later and there are still similar issues with QuickFind. make a popover and put a merge field and a regular field on it check "include field for Quick Find" select all objects on layout ( using shortcut ) unlock all objects uncheck "include field for Quick Find" open the popover and notice that QuickFind is not disabled. I have the impression that this also happens with objects in a group, but did not continue testing. Can anyone reproduce this? It took me a while to find out why QuickFind was simply crashing my FileMaker 17. Clicking the cancel button... still removes the cancel button, but does not cancel the search (another old bug). Which forces me to kill FileMaker after 10 minutes of drinking coffee. You are never sure that you did not miss any field that still has QuickFind enabled. With an XML clip editor, "quickfind=1" and "object flags="14"" seems to find objects with the QuickFInd flag on. I hope there will be a slightly less cumbersome way to find those object in the future. I wonder why the QuickFind option doesn't follow the defaults either. The "include field for Quick Find" checkbox is greyed out when you have no objects selected in the layout. This slightly forgotten technique allows you to set field defaults, but the developers who created QuickFind apparantly weren't notified. Especially for QuickFInd, it is very important NOT to have it enabled by default, or it becomes a FileMaker killer. Especially if you cannot cancel a very complicated QuickFind in progress. I consider this yet another bug. Go ahead if you're able to reproduce. I 've done my share of bug reporting, and would continue to do so, if it weren't so... unfulfilling. And I lost enough time already today because of these bugs. Aha. You KNOW when you have disabled them all when you get this dialog when executing a QuickFInd:
  4. Peter Wagemans

    Things to do

    I'm currently looking into this code, and I think I will implement it like this: you enter the frequency in seconds or you enter the number of seconds after the current minute and you enter the frequency of minutes Even with a frequency in seconds, you can experience peak moments, once the logging timer starts to drift, which it will. To avoid this, the logging can happen after a number of minutes, on the set second after that number. I hope this sentence is readable 🙂 You can then configure each of your daemons to another offset, and if they are all properly configured to use a time server, that should spread the load. The last field here doesn't really help spread the load, but allows you to have a greater interval than 60 seconds. Is this approach solving things?
  5. Peter Wagemans

    Things to do

    I think this something I should add in the config app, so you can specify it for every deamon separately. I think I have hard coded 30 seconds right now, and this can indeed result in peek traffic with so many daemons connected. I will give this priority. Thanks for the feedback, Stef.
  6. Peter Wagemans

    Things to do

    Yes, the MySQL server is much better equipped to do delete the records no longer needed. I wouldn't let the wbDaemon do all that. The MySQL workbench is a good interface to your data. I don't understand how the MySQL could be able to log excessive CPU usage. Maybe I just understand you wrongly. It could be a strategy to have a MySQL schedule that deletes CPU figures that are very low, and as that is most of the time the case, you would end up with a rather compact set of meaningful data. BTW, I have created a new version of the WBDaemon Config app, that CAN use SSL to connect. Setting up the MySQL server for SSL connections is not what I would call "easy peasy". Here's a good article use as a guideline: https://serverfault.com/questions/783861/enabling-ssl-in-mysql-when-using-windows-as-a-server-and-client . My MySQL test server runs on a Windows Server 2012 VM, so I do not have to translate this to MacOS, but I think it's probably about 99% the same, except for the paths, of course. You have to create a lot of certificates and keys, and in the config application, you need to enter the client private key, the client certificate and the Server CA certificate. There is now a "Test Connection" button that you can use to see if you entered everything correctly. If the 3 extra field ( actually I check only 1, lazy me ) are filled, the application tries to connect using SSLMode. I have dropboxed the config app to @Claus Lavendt, and he will let me know how it works for him, when he has some time to test it. I currently have no issues from the macOS config app, but - with exactly the same source code for the connection - the Windows config app is not able to connect using SSL, and connects without SSL, even if the MySQL (5.7) server is configured to only accept SSLMode. Weird, and probably a MySQL security bug. I plan to install MySQL 8.0 to see if this fixes the problem. Or it could be a Xojo MySQL Community Plugin problem. Anyway, I'm not yet completely stuck (yet), I'll come back here when I find out what's happening.
  7. Peter Wagemans

    Things to do

    Tried doing it with a FileMaker Script but that get slow really fast. Problem seems to be the Process Logs. As I understand you use them to monitor the running of the FM services. But they generate about 300-500 Log entries a second with only 5 monitored servers. And deleting them from within filemaker is really slow. Truncating or deleting them from SQL is way faster. I found out a better way to do this. From the MySQL Server itself. Do this in MySQL Workbench: In the MySQL menu ( I have a an older version running here, things could be slighly different ) choose Server->Options File. Under the "General" tab, the first option is "event-scheduler". Enable that and put it to "On". Then restart the MySQL service. Then execute the following SQL: DELIMITER $$ DROP EVENT IF EXISTS Processes_Cleanup; CREATE EVENT Processes_Cleanup ON SCHEDULE EVERY 1 MINUTE STARTS CURRENT_TIMESTAMP + INTERVAL 60 MINUTE ON COMPLETION PRESERVE DO BEGIN SET SQL_SAFE_UPDATES = 0; delete FROM whistleblower.processes where TIMESTAMPDIFF(HOUR, TimeStamp, now())>96; END;$$ DELIMITER ; This creates an event that checks every hour if there are records that are older than 96 hours and deletes them. Of course you can adjust that number to whatever pleases you. You can check the event schedule with: show events ; After the interval time, your processes table will be cleaned up to contain only the more recent records. It is confusing indeed, but you need performance records over time if you want to make statistics over time with that data. If you do not want to do that, set the cuttoff to something really small.
  8. Peter Wagemans

    reverse proxy and SSL certificate check

    Aucun problème Tom. I saw from your screen shot you are French speaking. I also speak French but most of the time I do not know what I am saying. 🙂 I found the solution to the problem. Using https://www.markbrilman.nl/2012/07/creating-a-pfx-file-with-chain/ as documentation I created a pfx file that contains the main AND the intermediate certificate. I first removed the old wildcard crt file from the firewall, then imported the pfx file, and assigned it to the virtual servers that run over https. They now return a green A sign on sslabs and... the FileMaker client problem disappeared!! Thanks everyone for helping me understand and solve this.
  9. Peter Wagemans

    reverse proxy and SSL certificate check

    Indeed. I reinstalled the server to find the reason for the problem, and did not configure it yet. So the other test files are hidden now because they require a password. Thanks for mentioning it. There's no Pentagon secrets on this server, luckily. 🙂 You should now only see the HTML Snippet Library, which is a public freeware project I did years ago with Andries Heylen, and a PluginManager test file, that should be rather well protected. As for the problem itself, I discovered using the SSL Labs site https://www.ssllabs.com/ssltest/ that there is a problem with the intermediate certificate. And that explains the trouble I am having. The Sophos UTM firewall is only proxying the clarify.net certificate. But not the intermediate one, because there is not even a way to configure that. I'll take this up with Sophos, at least I know now where the problem orginates.
  10. Peter Wagemans

    reverse proxy and SSL certificate check

    Hi Tom, All DNS setup has been correctly done. Or I wouldn’t even be able to reach the server using fms.clarify.net, and make the screen shots. But... I have currently disabled the server, so if you try that address you will nog get a response anymore. Maybe that explains your reaction.
  11. Peter Wagemans

    Things to do

    Hi Tobias, Thanks for this feedback. Yeah, even on my test server, I was amazed by all the data it is generating. I think that FileMaker Server schedules are the best way to schedule regular deletion. @Claus Lavendt is this something we should create in the FileMaker front end? Maybe we could just make a deletion script with some parameters like a datestamp cutoff offset and a log file name, the script could default to all logs if that parameter would not be provided. The front end FileMaker solution is using an ODBC datasource as a FileMaker external reference for occurrences, so scripting this from FileMaker would be the best solution I think. Definitely something for me. I know. I've been spending considerable time installing Xojo on CentOS 7 ( Xojo installation on Linux really sucks ), and it already compiles - without functioning of course. But I should put that on hold and go for the encrypted connection first, I think it will be way more easy to implement. I think these are all features to put in the FileMaker front end file. That rough demo would be nice to look at. Are you doing it with or without plug-ins? Please post it here. I don't know exactly how the Prowl feature works, @Claus Lavendt also added this feature to the front end file. Maybe he can answer this one. The daemon/service only sends log data, interpretation of that data is done on the FileMaker side.
  12. Peter Wagemans

    reverse proxy and SSL certificate check

    Thanks Mike, So are you saying that the SSL certificate verification is happening over port 5003, while the "view certificate" button uses port 443? Yes for the intercept part, yes for the configuring part, but no for the "instead". It is also configured on the FMS web server.I am using the exact same certificate on both the FileMaker Server and the reverse proxy. For the 5003 part I use simple NAT port forwarding, it has always worked fine and will probably continue to do so. I have a little trouble believing that the SSL verification is happening over port 5003. Port 5003 is not proxied, there is no interception anywhere. Important to know here is that from the private network, everything works correctly. This is a firewall issue I am trying to solve. I know how to configure FileMaker Server. I just have trouble configuring this freaking firewall, maybe I have to try another distribution like pfsense.
  13. Peter Wagemans

    reverse proxy and SSL certificate check

    Hi Steven, As you can see in the screen shots, I used the FQDN. Can you elaborate on the "ConnectionStatus 3"? Sounds interesting.
  14. Because I have only 1 external IP address in the office here, I have set up a reverse proxy on my Sophos UTM 9 firewall, they call it WAF or Web Application Firewall. In this setup, you define a number of "real" web servers with their internal IP addresses, you also define a number of "virtual" web servers by DNS name m type ( http or https ) and port ( 80, 443, or whatever you would like). This works great if you want to host different web servers on different internal machines. BTW they are all VMs. I also configured this for FileMaker Server, so everything https related is nicely routed to the fms machine. That also works great, apart from 1 small thing. The client complains about the certificate. There is nothing wrong with the certificate, as this works fine when I connect to the server internally ( using the same DNS name of course ). Everything nicely green. It only goes wrong when contacting it externally. FileMaker shows an error dialog that it cannot verify the identity of the server. See screen 1. When I click on "View Certificate" it shows perfectly fine certificates, as shown in screen 2, 3 and 4. There must be something wrong with the way the firewall is implementing the reverse proxy. I think I configured it correctly: I am passing the host headers, and the virtual filemaker site is correctly associated with the wildcard certifcate, just like the regular virtual apache web site that I am running as well and which gives not problems whatsoever. Someone at the Sophos forum indicated that perhaps the firewall is inserting some certificate information that is not making FileMaker itself happy. It appears to me that FileMaker is using 2 technologies here, one that is a custom FileMaker certificate client, which is detecting something it doesn't like, and the "View Certificate" dialog is almost certainly using standard system software ( webkit? ) and decides everything is fine. They are not agreeing with each other, that is for sure. Are there any IT people on this forum who have set up something like this? Any help is very much appreciated.
  15. Peter Wagemans

    Things to do

    It was great to see all those positive reactions when we presented WhistleBlower's functionality and installation during Berlin's dotFMP. There was also some good feedback, on what can be done next. Let me first explain about how Claus and I divided our efforts on this monitoring solution. While Claus has been working hard on the front end FileMaker solution, my job was to take care of the part that's installed on the FileMaker servers. We choose for a Windows service and a macOS daemon. We also choose to handle all monitoring communication by reading from, and writing to a MySQL database. The daemon uses the macOS FSEvents framework to monitor the FileMaker logs, and the service uses the FindFirstChangeNotification function. For process reporting, the service uses the Windows Management Instrumentation and a terminal feed from the top command on macOS. The rest of the code for the daemon and service is pretty much the same, and everything is written in Xojo. So Claus has been building the FileMaker solution, and while doing so, asked me to add and/or improve something in the WhistleBlower daemon/service, each time something was needed on the FileMaker side. The FileMaker solution we provide is an example of what you could do, but in fact you can brew your own FileMaker solution, and we even encourage that. We feel everyone has slightly different needs, For the daemon/service I have 2 things on my wish list: write the platform specific code for CentOS so WhistleBlower can run on a FileMaker Cloud Server. I already did some research on iNotify, and it seems to be the way to monitor the FileMaker Server logs. I have to set up a Xojo IDE and I' still not sure if I would be developing on Ubuntu or on CentOS, still a lot of things to prepare there, so don't hold your breath. improve the MySQL connection to use encryption. We already considered doing that, but decided not to include this in the first release. You can always setup a VPN client service on the FileMaker server machine to make things more secure, at least for the moment. Please feel free to share improvement ideas in this thread.
×

Important Information

By using this site, you agree to our Terms of Use.