1. Janos SUTO Avatar Janos SUTO
  2. Piler
  3. piler
  4. Issues

audit searches fail

Issue #654 resolved
Chris Huff created an issue

Hi there,

I have inherited two Piler systems, and I am having issues in one of them. On one system, I am able to do auditor searches with no issue. However, on my second system, any audit search I do returns the following error:

Empty search result. Try adding the wildcard character() after a word snippet, eg. duplic to find "duplicate", "duplicated", etc.

I have not been able to find much information about what might be happening here, and I don't have much Linux experience.

Comments (13)

  2. Chris Huff reporter

    There was not even a line for that setting. I added it to the site that was not working, but the problem still exists.

  3. Janos SUTO repo owner

    When you do some actions, then an sql entry should be created in the table audit. I'd like you to check this table:

    select * from audit limit 10;
  4. Chris Huff reporter

    mysql> select * from audit limit 10; +----+------------+-----------------------------------+-----------------------+--------+-------------+---------+------------------------------------+-------+ | id | ts | email | domain | action | ipaddr | meta_id | description | vcode | +----+------------+-----------------------------------+-----------------------+--------+-------------+---------+------------------------------------+-------+ | 1 | 1378929120 | admin@local | local | 3 | 10.3.40.100 | 0 | failed auth against user table | NULL | | 2 | 1378929128 | admin@local | local | 2 | 10.3.40.100 | 0 | successful auth against user table | NULL | | 3 | 1378931245 | admin@local | local | 4 | 10.3.40.100 | 0 | | NULL | | 4 | 1378931251 | mbrzozowski@selectquotesenior.com | selectquotesenior.com | 2 | 10.3.40.100 | 0 | successful auth against user table | NULL | | 5 | 1378931417 | mbrzozowski@selectquotesenior.com | selectquotesenior.com | 4 | 10.3.40.100 | 0 | | NULL | | 6 | 1378931423 | admin@local | local | 2 | 10.3.40.100 | 0 | successful auth against user table | NULL | | 7 | 1378931463 | admin@local | local | 4 | 10.3.40.100 | 0 | | NULL | | 8 | 1378931469 | auditor@local | local | 2 | 10.3.40.100 | 0 | successful auth against user table | NULL | | 9 | 1378931473 | auditor@local | local | 10 | 10.3.40.100 | 0 | any= test&sort=1&order=date | NULL | | 10 | 1378931474 | auditor@local | local | 5 | 10.3.40.100 | 1 | | NULL | +----+------------+-----------------------------------+-----------------------+--------+-------------+---------+------------------------------------+-------+ 10 rows in set (0.00 sec)

  5. Janos SUTO repo owner

    OK, the try the following: login as an auditor or administrator user, then select the audit search, and just hit the search button, and see the results, and the logged sql query.

  6. Chris Huff reporter

    ------------+-------+ | 1 | 1378929120 | admin@local | local | 3 | 10.3.40.100 | 0 | failed auth against user table | NULL | | 2 | 1378929128 | admin@local | local | 2 | 10.3.40.100 | 0 | successful auth against user table | NULL | | 3 | 1378931245 | admin@local | local | 4 | 10.3.40.100 | 0 | | NULL | | 4 | 1378931251 | mbrzozowski@selectquotesenior.com | selectquotesenior.com | 2 | 10.3.40.100 | 0 | successful auth against user table | NULL | | 5 | 1378931417 | mbrzozowski@selectquotesenior.com | selectquotesenior.com | 4 | 10.3.40.100 | 0 | | NULL | | 6 | 1378931423 | admin@local | local | 2 | 10.3.40.100 | 0 | successful auth against user table | NULL | | 7 | 1378931463 | admin@local | local | 4 | 10.3.40.100 | 0 | | NULL | | 8 | 1378931469 | auditor@local | local | 2 | 10.3.40.100 | 0 | successful auth against user table | NULL | | 9 | 1378931473 | auditor@local | local | 10 | 10.3.40.100 | 0 | any= test&sort=1&order=date | NULL | | 10 | 1378931474 | auditor@local | local | 5 | 10.3.40.100 | 1 | | NULL | +----+------------+-----------------------------------+-----------------------+--------+-------------+---------+------------------------------------+-------+ 10 rows in set (0.00 sec)

  7. Janos SUTO repo owner

    OK, I saw the contents of the audit table at the first time, however after that I was interested in the logged sql query (see mail log), and whether you can see anything after you just hit the search button.

  8. Chris Huff reporter

    my apologies, I am not that familiar with how to accomplish that. According to some googling, it suggests doing "cat ~/.mysql_history

    which returns (passwords changed)

    root@mailarchive:/var/log# cat ~/.mysql_history FLUSH PRIVILEGES; SET PASSWORD FOR root@'localhost' = PASSWORD('xxxxx'); FLUSH PRIVILEGES; USE mysql UPDATE user SET Password = PASSWORD('xxxxx') WHERE Host = 'localhost' AND User = 'root'; UPDATE user SET Password = PASSWORD('xxxxx') WHERE Host = 'localhost' AND User = 'root'; FLUSH PRIVILEGES; list databasets; list databases; list databases ; use piles UPDATE user SET Password=PASSWORD('yyyyyyy') WHERE User='root'; FLUSH PRIVILEGES; exit; show databases; use piler; update user set password='$1$PItc7d$zsUgON3JRrbdGS11t9JQW1' where uid=0; use piler; select * from users limit 1; select * from user limit 1; update user set password = '$5$TXL7EX$s17XtxwbCs1MDAzuulF/STauTkH0h/KJGHudlNQt3R4' where uid=0; use piler show databases show databases; use piler SELECT * FROM main1,dailydelta1,delta1 LIMIT 10; SELECT * FROM dailydelta1,delta1 LIMIT 10; show tables; show databases; show tables; use piler show tables;

  9. Janos SUTO repo owner

    Well, not quite. I'd suggest you to catch me on skype (janos.suto), and let's see it via teamviewer. It would be a much faster resolution.

  14. Log in to comment
Assignee
Type
bug
Priority
minor
Status
resolved
Votes
0
Watchers
2
Jira: the preferred issue tracker for Bitbucket. Join the team!