Azure APIM Debugging

/ Azure / / Leave a Comment

Follow the steps below to enable and retreive debug logging from a specific APIM resource.

First retrieve an access token. This can be done by de following PowerShell commands (cloud shell):

az account set --subscription {subscription-id)
az account get-access-token

You can also use the folowing command to retrieve a list of apiIds so you can past the specific apiId path directly into the apiId key in the body.

az apim api list --resource-group {resource-group-name} --service-name {apim-service-name} --query "[].{Name:displayName, apiId:id}" -o table

Retrieve debug credentials by doing below HTTP POST. 

POST https://management.azure.com/subscriptions/{subscription-id}/resourceGroups/{resource-group-name}/providers/Microsoft.ApiManagement/service/{apim-service-name}/gateways/managed/listDebugCredentials?api-version=2023-05-01-preview HTTP/1.1
Content-Type: application/json
Authorization: Bearer {access-token}

{
    "credentialsExpireAfter": "PT1H",
    "apiId": "/subscriptions/{subscription-id}/resourceGroups/{resource-group-name}/providers/Microsoft.ApiManagement/service/{apim-service-name}/apis/{api-name}",
    "purposes": ["tracing"]
}

Copy the token from the reponse and add it as a header value (Apim-Debug-Authorization) in the specific api-call where you want the debugging to take place…

GET https://example.com/rest/api HTTP/1.1
Apim-Debug-Authorization: aid=api-name...

In the header value of the response from the specific api there should also be a header value (Apim-Trace-Id) which you can use to retrieve the trace.

POST https://management.azure.com/subscriptions{subscription-id}/resourceGroups/{resource-group-name}/providers/Microsoft.ApiManagement/service/{apim-service-name}/gateways/managed/listTrace?api-version=2023-05-01-preview HTTP/1.1
Content-Type: application/json
Authorization: Bearer {access-token}

{ "traceId": "{apim-trace-id}" }

GNU/Linux UFW Quickref / Examples

/ GNU/Linux / / Leave a Comment 
sudo ufw status [numbered]

sudo ufw [delete] allow 443/tcp
sudo ufw [delete] allow from 10.0.0.1 proto tcp to any port 443 comment 'allow https trafic from 10.0.0.1'
sudo ufw [delete] [insert 1] reject from 10.0.0.0/24 comment 'Denies all trafic from specific subnet'

sudo ufw [delete] reject out to any proto tcp port 25
sudo ufw [delete] reject out to 192.168.5.0/24 proto tcp port 80,443

sudo ufw delete {rownumber}

GNU/Linux Tripwire Quickref

/ GNU/Linux / / Leave a Comment 
# Add essential proc subs: /proc/sys, /proc/cpuinfo, /proc/modules

twadmin -m P /etc/tripwire/twpol.txt
tripwire --init

tripwire --check [--email-report]

tripwire --update --twrfile /var/lib/tripwire/report/servername-YYYYMMDD-HHMMSS.twr

Update script with last report:

lastfilename=(`ls -Art  /var/lib/tripwire/report/ | tail -n 1`)
sudo tripwire --update --twrfile /var/lib/tripwire/report/${lastfilename}

GNU/Linux Move Data Using Rsync

/ GNU/Linux / / Leave a Comment

I was doing some maintenance on my local NAS. I used the command below to effectively move data from one location to another without losing file attributes. 

rsync -avzhP --remove-source-files /mnt/das-2T-1/source/ /mnt/das-2T-1/destination/ [--dry-run]

You can also temporarily cancel the move and when you start the command again it continues where it stopped.

I also did some internal replication using replication tasks on my TrueNAS device. This creates a snapshot of the data set to replicate to an empty dataset. The destination dataset is overwritten so this option cannot be used to merge datasets. If you want to merge datasets is best to use the rsync option mentioned above.