Friday, June 3, 2011

Configure persistent logging (syslog) on ESXi host

ESXi 4.1 maintains a log of activity in log files, using a syslog facility. The
following logs are available:
• hostd.log
• messages
• vpxa.log (only if the host has been joined to a VirtualCenter instance)

By default, the messages log on ESXi are stored only in the in-memory file system. The logs are lost upon reboot, and only 1 day’s worth of logs are stored.
According to VMware Security Hardening Guide you can configure persistent logging to a datastore and a dedicated records of server activity are available for that host always.

VMware kb has recommendations about how to make it possible. But manual changes in 07.logger file work only for current session. After restart all changes reverted (kb has note about this). David note in this thread explains this issue. But how to resolve it and make possible persistent logging? Well, yes, vSphere Client works perfect and you can change syslog settings there. But I need to change it from TSM.

I have tried to edit '/etc/syslog.conf' file and it works! Between vSphere Client stores its changes for syslog settings in this file also.
So you need to:
- set your path to log file with 'logfile=' parameter. ie

logfile=/vmfs/volumes/4d5abbeb-22518c58-5ddc-000c2954a30d/logging/messagesX

where '4d5abbeb-22518c58-5ddc-000c2954a30d' is your storeID. You can use datastore label also (like "datastore1") in this path. Be sure that all folders in this path exist.

- find existing syslogd process and restart it:
ps | grep syslog > PID of syslogd
kill -HUP $syslogPID (restart process with selected PID)

Check that syslogd logs in the new file. Keep in mind that it continues to log in original "messages" file also (/var/log/messages). New log file is rotated and old versions are compressed automatically.
Posted by Maxim Shulga (aka MaxBeard12) at 10:47 AM 0 comments
Labels:

Manage ESXi Lockdown Mode from DCUI

If your VMware ESXi 4.0 & 4.1 servers are joined in VMware vCenter Server infrastructure then you can enchance security for these hosts. Follow on VMware Security Hardening you need to enable Lockdown Mode to restrict root access (HCN02 requirement).

Lockdown mode forces all operations to be performed through vCenter Server (you can continue to use Direct Console User Interface aka DCUI to manage host).

VMware Security Hardening guide notes that lockdown mode can be enabled or disabled in two places:
• In the vSphere Client, when connected to the vCenter Server managing the host
• In the DCUI of the host

In ESXi 4.0:
To check if Lockdown mode is enabled, run the command:
vim-cmd -U dcui vimsvc/auth/admin_account_is_enabled

To disable Lockdown mode, run the command:
vim-cmd -U dcui vimsvc/auth/admin_account_enable

To enable Lockdown mode, run the command:
vim-cmd -U dcui vimsvc/auth/admin_account_disable

In ESXi 4.1:
To check if Lockdown mode is enabled, run the command:
vim-cmd -U dcui vimsvc/auth/lockdown_is_enabled

To disable Lockdown mode, run the command:
vim-cmd -U dcui vimsvc/auth/lockdown_mode_exit

To enable Lockdown mode, run the command:
vim-cmd -U dcui vimsvc/auth/lockdown_mode_enter

See VMware kb to more details
Posted by Maxim Shulga (aka MaxBeard12) at 10:11 AM 0 comments
Labels: , ,

Wednesday, October 6, 2010

SharePoint 2010 Client Object Model: "(400) Bad Request" error

If you use Microsoft.SharePoint.Client.FileCollection.Add or Microsoft.SharePoint.Client.File.SaveBinary
method to create (or change) file in SharePoint 2010, you can get "The remote server returned an error: (400) Bad Request" error.

To resolve this issue you need to change default Maximum Message Size for WCF calls:

open SharePoint 2010 Management Shell
type:
$ws = [Microsoft.SharePoint.Administration.SPWebService]::ContentService
$ws.ClientRequestServiceSettings.MaxReceivedMessageSize = your_value
$ws.Update()

I recommend to set MaxReceivedMessageSize to Int32.MaxValue - 1 (2147483646).

Sometimes you may need to run "iisreset /noforce" to enforce changes applying.

Also you can use Microsoft.SharePoint.Client.File.SaveBinaryDirect approach that does not have this limitation.
Posted by Maxim Shulga (aka MaxBeard12) at 1:35 PM 5 comments
Labels:

Tuesday, September 7, 2010

How to add new aspx pages to SharePoint programmatically

There are two different solutions to create new aspx pages in SharePoint.

First one is using of SharePoint Services RPC Methods:
1. Create query in XML format to call NewWebPage method:
<?xml version="1.0" encoding="UTF-8"?>
<Batch>
<Method>
<SetList Scope="Request">DocLib_ID</SetList>
<SetVar Name="ID">New</SetVar>
<SetVar Name="Cmd">NewWebPage</SetVar>
<SetVar Name="Type">BasicPage|WebPartPage</SetVar>
<SetVar Name="WebPartPageTemplate">LayoutID</SetVar>
<SetVar Name="Title">AspxTitle</SetVar>
<SetVar Name="Overwrite">true</SetVar>
</Method>
</Batch>
Where:
  • DocLib_ID is ID (GUID) of document library where do you need to create new aspx file.
  • BasicPage|WebPartPage type of aspx. Use BasicPage for page without layout (LayoutID =0) and WebPartPage for all other terms
  • LayoutID specifies page layout [1...8]
2. Call SPWeb.ProcessBatchData method with this query.
3. If you need to create aspx file in document library subfolder, create it in doclib and move to the necessary subfolder with SPFile.MoveTo method.

But this approach doesn't work for meeting workspace where you can create several pages with access via convenient multi-page web part.
To create new pages there you need to use SPMeeting.AddPage (AspxTitle, InstanceID, out resNewPageUrl) method. Set InstanceID = 0 to create page directly in the Workspace Pages library.
Posted by Maxim Shulga (aka MaxBeard12) at 1:01 PM 0 comments
Labels:
Subscribe to: Posts (Atom)