...
WCS Core logging is handled by the log4j.properties config and a number of settings in flashphoner.properties:
Logging settings in flashphoner.properties
...
This is a standard config of the log4j format.
Settings description
...
To switch client logging off the following should be set in flashphoner.properties file
Code Block | ||||
---|---|---|---|---|
| ||||
enable_extended_logging=false |
...
Code Block | ||||
---|---|---|---|---|
| ||||
client_log_level=INFO |
Managing automatic purging of these logs is performed using the settings: keep_extended_logs_max_days, extended_logs_dir_depth, check_extended_logs_interval. By default, It is recommended to use cron in conjuction with find to periodically purge client logs. For example, to check for outdated logs is performed every 24 hours and delete all logs older than 30 days are deleted. To modify client logs storage and deletion rules, edit these settings and restart the WCS server.
Logging level managing "on the fly"
Logging level for certain session may be changed on the go, without server restart. To do this, REST queries are used
REST query should be HTTP/HTTPS POST request such as:
- HTTP: http://test.flashphoner.com:8081/rest-api/logger/enable_client_log
- HTTPS: https://test.flashphoner.com:8444/rest-api/logger/enable_client_log
Here:
...
add the following cron task
Code Block | ||||
---|---|---|---|---|
| ||||
0 0 * * * find /usr/local/FlashphonerWebCallServer/logs/client_logs/ -type d -mtime +30 | xargs rm -rf |
Logging level managing "on the fly"
Logging level for certain session may be changed on the go, without server restart. To do this, REST queries are used
REST query should be HTTP/HTTPS POST request such as:
- HTTP: http://test.flashphoner.com:8081/rest-api/logger/enable_client_log is REST method used
REST methods and response statuses
...
REST method
...
Example of REST request
...
Example of REST response
...
Response status
...
Description
...
- log
- HTTPS: https://test.flashphoner.com:8444/rest-api/logger/enable_client_log
...
language | js |
---|---|
theme | RDark |
...
Here:
- test.flashphoner.com is WCS server address
- 8081 is WCS standard REST / HTTP port
- 8444 is WCS standard HTTPS port
- rest-api is required URL prefix
- /logger/enable_client_log is REST method used
REST methods and response statuses
REST method | Example of REST request | Example of REST response | Response status | Description | |||||||
---|---|---|---|---|---|---|---|---|---|---|---|
/logger/enable_client_log |
| 200 - Logging level is changed 404 - Session not found | Set the logging level specified in session specified | ||||||||
/logger/disable_client_log |
| 200 - Logging is disabled 404 - Session not found | Fully disable logging in session specified |
...
Logging level changes with REST queries affects only the session specified, but not another sessions including sessions that will be created later.
Using flight recorder
Flight recorder function allows to cyclically write some latest events for stream published. This information may help to diagnose problems with stream publishing without full client debug logs enabling. Flight recorder is enabled with the following parameter in flashphoner.properties file
Code Block | ||||
---|---|---|---|---|
| ||||
enable_flight_recorder=true |
It is necessary to set events category that will be written (defined by developer)
Code Block | ||||
---|---|---|---|---|
| ||||
flight_recorder_categories=WCS1438 |
The events are written for publisher client to flight_recorder.log file, if stream publishing stops by some error, or stream is corrupted by some way.
...
Enabling debug log for all the client sessions
To diagnose a problem, sometimes it is necessary to enable debug logging for all newly connected client sessions, to write to client logs connection establishing process and stream publishing start. This feature can be enabled since build 5.2.512 with the following parameter
Code Block | ||
---|---|---|
| ||
client_log_force_debug=true |
For all newly connected clients debug logs will be recorded during interval defined with the following parameter in seconds
Code Block | ||
---|---|---|
| ||
client_log_force_debug_timeout=60 |
By default client debug logs will be written in 60 seconds for each session connected.
These settings can be changed win CLI and applied without server restart.
Using flight recorder
Flight recorder function allows to cyclically write some latest events for stream published. This information may help to diagnose problems with stream publishing without full client debug logs enabling. Flight recorder is enabled with the following parameter in flashphoner.properties file
Code Block | ||||
---|---|---|---|---|
| ||||
enable_flight_recorder_test=true |
without restarting WCS server. It saves the events to file for all publishers connected.
Warning |
---|
The enable_flight_recorder_test parameter is not intended to use in production |
...
Client logs structure:
It is necessary to set events category that will be written (defined by developer)
Code Block | ||||
---|---|---|---|---|
| ||||
flight_recorder_categories=WCS1438 |
The events are written for publisher client
...
to flight_recorder.log file, if stream publishing stops by some error, or stream is corrupted by some way.
To test flight recorder, the parameter should be set
Code Block | ||||
---|---|---|---|---|
| ||||
enable_flight_recorder_test=true |
without restarting WCS server. It saves the events to file for all publishers connected.
Warning |
---|
The enable_flight_recorder_test parameter is not intended to use in production |
Client log structure and content
Client logs structure:
Code Block | ||||
---|---|---|---|---|
| ||||
client_logs
---- 2018-05-16
-------- 84gij60a6u3ni7docsr1di1l5b-15-06-59
------------ flashphoner.log
------------ client-84gij60a6u3ni7docsr1di1l5b-2018.05.16.15.07.26-1526458046646.report
------------ MediaDump-85d65b00-639e-4a7e.31002-31004-31006-31008.pcap |
...
Media traffic dumps
If in the flashphoner.properties settings file a non-zero value is set for the client_dump_level setting, a dump session is additionally recorded for a client:
...
SDR records are written to the sdr.log file located at logs/cdr. A new log file is created every 24 hours. Data are recorded as a CSV file, so they can be easily processed.
Field names are not recorded to the file.
Record format:
Code Block | ||||
---|---|---|---|---|
| ||||
end;mediaProvider;name;mediaSessionId;duration;disposition;info;type;subscribers; |
Record example:
Code Block | ||||
---|---|---|---|---|
| ||||
2015-11-11 08:36:13;Flash;stream-Bob;5c2d75c0-7d87-421d-aa93-2732c48d8eaa;00:00:48;UNPUBLISHED;;PUBLISH;3; |
...
Field
...
Description
...
end
...
Date and time the session ended
...
mediaProvider
...
The media used in WCS JavaScript API: WebRTC, Flash
...
name
...
Name of the published / played stream
...
mediaSessionId
...
Media session identifier
...
duration
...
Duration of the session
...
disposition
...
Session result: UNPUBLISHED, STOPPED, FAILED
UNPUBLISHED - publishing of the stream was stopped
STOPPED - playing of the stream was stopped
FAILED - incorrect session end
...
info
...
If disposition==FAILED, this field contains the description of the reason
...
type
...
PUBLISH if publishing the stream
SUBSCRIBE if playing the stream
...
subscribers
...
The number of subscribers in case of publishing the stream; 0 if playing the stream
CONNDR logs
Connection Detail Record is a WebSocket sessions log.
CONNDR records are written to the sdr.log log file located at logs/cdr. A new log file is created every 24 hours. Data are recorded as a CSV file, so they can be easily processed.
Field names are not recorded to the file.
Record format:
Code Block | ||||
---|---|---|---|---|
| ||||
end;mediaSessionId;disposition;info;duration; |
Record example:
Code Block | ||||
---|---|---|---|---|
| ||||
2018-04-25 19:29:08;/5.44.168.45:52199/95.191.131.64:8443;DISCONNECTED;Normal disconnect;17; |
...
Field
...
Description
...
end
...
Data and time the session ended
...
mediaSessionId
...
Media session identifier
...
disposition
...
Session result: DISCONNECTED, FAILED
DISCONNECTED - the session ended by client's initiative
FAILED - incorrect session end
...
info
...
Contains information about the session end
...
duration
...
Duration of the session
GC logs
By default garbage collector log files are located in /usr/local/FlashphonerWebCallServer/logs directory.
...
theme | RDark |
---|
...
names are not recorded to the file.
Record format:
Code Block | ||||
---|---|---|---|---|
| ||||
start;mediaProvider;name;mediaSessionId;duration;disposition;info;type;subscribers; |
Record example:
Code Block | ||||
---|---|---|---|---|
| ||||
2015-11-11 08:36:13;Flash;stream-Bob;5c2d75c0-7d87-421d-aa93-2732c48d8eaa;00:00:48;UNPUBLISHED;;PUBLISH;3; |
Field | Description |
---|---|
start | Date and time the session started |
mediaProvider | The media used in WCS JavaScript API: WebRTC, Flash |
name | Name of the published / played stream |
mediaSessionId | Media session identifier |
duration | Duration of the session |
disposition | Session result: UNPUBLISHED, STOPPED, FAILED UNPUBLISHED - publishing of the stream was stopped STOPPED - playing of the stream was stopped FAILED - incorrect session end |
info | If disposition==FAILED, this field contains the description of the reason |
type | PUBLISH if publishing the stream SUBSCRIBE if playing the stream |
subscribers | The number of subscribers in case of publishing the stream; 0 if playing the stream |
CONNDR logs
Connection Detail Record is a WebSocket sessions log.
CONNDR records are written to the sdr.log log file located at logs/cdr. A new log file is created every 24 hours. Data are recorded as a CSV file, so they can be easily processed.
Field names are not recorded to the file.
Record format:
Code Block | ||||
---|---|---|---|---|
| ||||
start;mediaSessionId;disposition;info;duration; |
Record example:
Code Block | ||||
---|---|---|---|---|
| ||||
2018-04-25 19:29:08;/5.44.168.45:52199/95.191.131.64:8443;DISCONNECTED;Normal disconnect;17; |
Field | Description |
---|---|
start | Date and time the session started |
mediaSessionId | Media session identifier |
disposition | Session result: DISCONNECTED, FAILED DISCONNECTED - the session ended by client's initiative FAILED - incorrect session end |
info | Contains information about the session end |
duration | Duration of the session |
GC logs
By default garbage collector log files are located in /usr/local/FlashphonerWebCallServer/logs directory.
Code Block | ||
---|---|---|
| ||
logs
---- gc-core-2018-12-18_20-02.log
---- gc-core-2018-12-18_19-56.log |
The location and prefix of the log files can be configured in wcs-core.properties file.
To enable log rotation by the JVM, the following options can be added to wcs-core.properties:
Code Block | ||
---|---|---|
| ||
-XX:+UseGCLogFileRotation
-XX:NumberOfGCLogFiles=10
-XX:GCLogFileSize=2M |
Then the log files will have names like
Code Block | ||
---|---|---|
| ||
logs ---- gc-core.log2018-12-14_18-57.log.0 ---- gc-core.log2018-12-14_18-57.log.1 ---- gc-core-2018.log2018-12-14_18-57.log.2 ---- gc-core.log2018-12-14_18_20-0257.log.3 ---- gc-core-2018.log2018-12-14_18_19-5657.log |
The location and prefix of the log files can be configured in wcs-core.properties file.
...
.4.current |
File with suffix 'current' is the file currently being recorded.
To remove creation time from log file names, remove date from variable GC_SUFFIX in bin/setenv.sh:
Code Block | ||
---|---|---|
| ||
-XX:+UseGCLogFileRotation -XX:NumberOfGCLogFiles=10 -XX:GCLogFileSize=2MGC_SUFFIX=".log" |
Then the log files will have names like
Code Block | ||
---|---|---|
| ||
logs ---- gc-core.log2018-12-14_18-57.log.0 ---- gc-core.log.01 ---- gc-core.log2018-12-14_18-57.log.1 ---- gc-core.log2018-12-14_18-57.log.2 ---- gc-core.log2018-12-14_18-57.log.3 ---- gc-core.log2018-12-14_18-57.log.4.current |
File with suffix 'current' is the file currently being recorded.
To remove creation time from log file names, remove date from variable GC_SUFFIX in bin/setenv.sh:
Code Block | ||
---|---|---|
| ||
GC_SUFFIX=".log" |
Then the log files will have names like
Code Block | ||
---|---|---|
| ||
logs ---- gc-core.log.0 ---- gc-core.log.1 ---- gc-core.log.2.current-core.log.2.current |
CVE-2021-44228 vulnerability
CVE-2021-44228 vulnerability in Apache log4j library cannot be exploited on WCS server. The logger can be configured via log4j.properties only, so attacker must have access to server file system. The vulnerability cannot be exploited via input fields etc. Let's check:
1. Use the URL https://log4shell.huntress.com/ to check the server. This page will generate an unique link to insert to a web page input fields
2, Open Two Way Streaming example page on demo server https://demo.flashphoner.com:8888/client2/examples/demo/streaming/two_way_streaming/two_way_streaming.html, click Connect
and insert the test link to stream name fields. Publish and play a stream:
3. Open a special link to view test results. If vulnerability is exploited, IP address
and Date/Time
columns will show connections from tested server
As test shows, the CVE-2021-44228 vulnerability cannot be exploited in latest WCS build 5.2.1109
Under the hoods: why WCS is not vulnerable
WCS uses Apache log4j 1.2.17. This old version does not support JDNI feature which is added since log4j 2.0-beta9. Therefore, CVE-2021-44228 vulnerability cannot be exploited in WCS.