We have evaluated CVE-2022-22963 and CVE-2022-22965, the "Springshell" vulnerability, and have determined that ConnectALL is not vulnerable. Details are posted on this page.


Monitor Server Logs


Introduction

ConnectALL allows you to monitor the server logs in the ConnectALL server. The log files display the list of events and activities related to your app-links and help you in monitoring and managing them.

Note

Admin users can access the logs related to the app-links in the group they belong to and will be able to view the Mule logs. However, the Tomcat logs will not be visible to an admin user.

Viewing the Logs

In the Monitor Logs screen,

  1. Click the cogwheel icon on the right side of the navigation bar. 
  2. Click the Monitor Logs option from the drop-down list. The Monitor Logs screen is displayed.
  3. Select the Log File Type (Depending on the option you choose the Log file path will display the respective file). 
    1. Mule
    2. Tomcat
  4. Select the Log file Path – If you have selected Tomcat under Log File Type, you can either select ConnecAll.log or ConnectAll_Audit.log file (Audit log file is explained in detail in the View Audit Logs section). 
  5. Click Play to display the logs. (Or) if you want to enable the Advance Configuration options, it is explained further below.



Tip

Based on the log file name you select, the server logs will be displayed. The filename patterns defined in the ConnectAll.properties file is based on regular expressions. A default configuration is given below:

mule.logfile.pattern=mule-app-ConnectAll*
tomcat.logfile.pattern=connectall*
Note

Starting from version 2.10.25, the logs generated in the ‘info’ mode will be encrypted. They will have to be decrypted before you can read the original contents. This feature is currently rolled out to our SAAS platform and is yet to be introduced for on-prem users.

Advanced Configuration

The Advanced Configuration allows you to modify and override the property configuration from the UI.  The changes in the Advanced Configuration are session scoped. Further, it allows you to provide the File Name Filter in a regx pattern.

            


To enable the Advanced Configuration: 

  1. Click the cogwheel icon. 
  2. Select the Max Log Fetch Size from the drop-down list. By default, 10 is displayed.  
  3. Enter the file key pattern and click the green checkmark.
  4. Click Play to display the logs.

Viewing Audit Logs

ConnectALL logs the admin activities separately in the ConnectAll_Audit.log file. It is provided as a separate file and is available under the Tomcat Log file type. The Audit log file records the following activities:

  • Creating app-link
  • Modifying app-link
  • Enable app-link
  • Disable app-link
  • Delete app-link
  • Clone app-link
  • User Management activities (Users tab and Groups tab).

            

To access the ConnectAll_Audit log file:

  1. Select Tomcat in the Log File Type drop-down list.
  2. Select 'ConnectAll_Audit.log' from the Log file path drop-down list.
  3. Select INFO from the adjacent drop-down list.
  4. Click Play. 

The log file will be displayed.

Accessing User Activity Information

There may be scenarios where you have ConnectALL running in many servers accessed by many users. In such situations, it is possible to track all user activities. ConnectALL allows you to configure and activate a user activity tracking mechanism that would provide all the user activity information. (i.e) It is possible to see the screens accessed by users, by doing the following configuration in the Apache Tomcat logs.

  1. Place the connectallvalve.jar in the Apache Tomcat system library.
  2. Navigate to the 'conf' directory in the tomcat location and open the server.xml.
  3. Search for the element <host> and the sub-element <valve>. In the 'valve' element, you can use the pattern value separated by space. The values for the pattern attributes are made up of literal text strings combined with pattern identifiers prefixed by the '%' character to cause replacement by the corresponding variable value from the current request and response. The pattern codes provided below are supported.
  4. In the same "valve" element (below), replace the existing class name as "com.connectall.custom.valve.ConnectAllLogAccessValve".
  5. Go to the ConnectAll.properties file. Set the property as ca.user.track.handle=true which will be loaded into ConnectALL code. By default this will be 'false'.
  6. Restart the Tomcat server.

Pattern Codes

%a - Remote IP address
%A - Local IP address
%b - Bytes sent, excluding HTTP headers, or '-' if zero
%B - Bytes sent, excluding HTTP headers
%h - Remote hostname (or IP address if enableLookups for the connector is false)
%H - Request protocol
%l - Remote logical username from identd (always returns '-')
%m - Request method (GET, POST, etc.)
%p - Local port on which this request was received. See also %{xxx}p below.
%q - Query string (prepended with a '?' if it exists)
%r - First line of the request (method and request URI)
%s - HTTP status code of the response
%S - User session ID
%t - Date and time, in Common Log Format
%u - Remote user that was authenticated (if any), else '-'
%U - Requested URL path
%v - Local server name
%D - Time taken to process the request, in a millisecond
%T - Time taken to process the request, in seconds
%F - Time taken to commit the response, in a millisecond
%I - Current request thread name (can compare later with stack traces)

Note: To print the ConnectALL user name in the localhost Access Logs, use the %u pattern.