Scribe scribe - syslog-ng and logrotate installer

[faria]

What is the location of your curl command?

which curl

/usr/sbin/curl --retry 3 "https://raw.githubusercontent.com/cynicastic/scribe/master/scribe" -o "/jffs/scripts/scribe" && chmod 0755 /jffs/scripts/scribe && /jffs/scripts/scribe install

edit:
also tried "/opt/bin/curl" after intalling entware Curl, Same result

 

[xilitol]

mesterul@RT-AC86U-4988:/tmp/home/root# openssl s_client  -connect www.github.com:443
CONNECTED(00000003)
depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert High Assurance EV Root CA
verify return:1
depth=1 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert SHA2 Extended Validation Server CA
verify return:1
depth=0 businessCategory = Private Organization, jurisdictionC = US, jurisdictionST = Delaware, serialNumber = 5157550, C = US, ST = California, L = San Francisco, O = "GitHub, Inc.", CN = github.com
verify return:1
---
Certificate chain
 0 s:/businessCategory=Private Organization/jurisdictionC=US/jurisdictionST=Delaware/serialNumber=5157550/C=US/ST=California/L=San Francisco/O=GitHub, Inc./CN=github.com
   i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 Extended Validation Server CA
 1 s:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 Extended Validation Server CA
   i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA
---

mesterul@RT-AC86U-4988:/tmp/home/root# which curl
/usr/sbin/curl

 

[cmkelley]

What is the location of your curl command?

which curl

I have the Entware curl on my AC86U, and I'm using the stock curl on my AC3200. I don't have problems with either device.

 

[cmkelley]

/usr/sbin/curl --retry 3 "https://raw.githubusercontent.com/cynicastic/scribe/master/scribe" -o "/jffs/scripts/scribe" && chmod 0755 /jffs/scripts/scribe && /jffs/scripts/scribe install

edit:
also tried "/opt/bin/curl" after intalling entware Curl, Same result

do you have Entware ca-bundle installed? I'm grasping at straws here. I have that on both my routers.

 

[faria]

I have the Entware curl on my AC86U, and I'm using the stock curl on my AC3200. I don't have problems with either device.

It must be something in our router config then.
already desabled stubby tried diferent , ntp servers , uninstalled ntpmerlin , tried another pc ,but same effect, weird.

 

[faria]

do you have Entware ca-bundle installed? I'm grasping at straws here. I have that on both my routers.

yes, and up to date.

 

[faria]

@cmkelley
Ok, just fired up the rt-ac87 with identical settings and updated without issues, only differences are wan ISP settings and its still running 384.11_beta1.
So the problem is at my end on the rt-ac86u.

 

[xilitol]

Found it - Diversion blocks "codeload.github.com" (I'm using medium list)
Once added to the whitelist, scribe update works as it should.

 

[faria]

Found it - Diversion blocks "codeload.github.com" (I'm using medium list)
Once added to the whitelist, scribe update works as it should.

Nice catch! fixed. thanks.

 

[cmkelley]

Found it - Diversion blocks "codeload.github.com" (I'm using medium list)
Once added to the whitelist, scribe update works as it should.

Ah. I use Diversion's standard list.

 

[WNorkle]

xilitol said: ↑

Found it - Diversion blocks "codeload.github.com" (I'm using medium list)
Once added to the whitelist, scribe update works as it should.

Good catch. Solved my problem too

 

[Goobi]

codeload.github.com whitelisted resolves for me as well.

 

[RMerlin]

Also of note, as of 384.11B1, when the webui calls restart_time, service-event-end is never started. However if restart_time is called on the command line, service-event-end is called. I have no idea why that is, and yes, I reported it RMerlin, so you don't need to.

Fixed with https://github.com/RMerl/asuswrt-merlin.ng/commit/962c6a4ba1d0232510a0460a9bf722dc67ceb470. service-event-end was only being run if one single event was sent. When multiple events are chained (like the System page does), it was being skipped.

 

[elorimer]

Blocked for me with standard+

 

[Butterfly Bones]

added some flags to sourcing /dev/log and /proc/kmsg which appear after short testing to have eliminated fractured IPTables (Skynet) messages

I just want to confirm that I do get full Skynet information, at least with what is sent to Loggly. Well done! Thanks.

 

[cmkelley]

Blocked for me with standard+

As of this morning, same for me (Diversion updates Sunday @ 0200 by default). Who the #$#@*&#$ thought putting codeload.github.com on a blocking list was a good idea?

POINT OF ORDER: thelonelycoder does NOT maintain the blocking lists! The most he could do is add it to his permanent whitelist, which I've asked him to consider.

It's apparently on both the standard and small lists now as well according to the information given when I whitelisted it.

 

[elorimer]

Who the #$#@*&#$ thought putting codeload.github.com on a blocking list was a good idea?

Be wary, wary afwaid.

Neither diversion nor pixelserv live there, but I can think of a lot of advertisers (excuse me, bad actors) who don't know that but would prefer home routers not have all this power.

 

[L&LD]

I did exactly that, but no blankmsg.log file was generated after about an hour, so I went back and commented the line out. It is there now, timestamp May 4 8:55 but I did the v.10_1 install just before 7am my time. (I've learned to get at least one cuppa in me, before I post in the morning.)

I'll leave it for now, and just watch it as you are. The only thing I don't scrape our of syslog / messages now is dropbear and other unusual errors. I created a filter /helper file to clean out the rc_service & custom_script messages that have arrived with 384.11_ betas, I'll share if anyone wants it, in fact here is a listing of my filter / helper files, most of them are provided by scribe, of course:

 0loggly
 blankmsg
 chkwan
 crash
 divstats
 ethernet
 expandlog
 logrotate
 openvpn
 pixelserv
 rc_service
 skynet
 syslogng
 vpnfailover
 wlceventd

Butterfly Bones, I would like most of the filter/helper files you have above (I don't run loggly though). Care to share these?

 

[cmkelley]

V0.10_2 is now available.

Now checks firmware version as well as ensuring Merlin and Entware are both installed. Other cosmetic changes and some internal logic updates.

I need to do some digging to ensure I've chosen the right minimum firmware (380.68) which was honestly chosen because that's what @Jack Yaz requires for his scripts.

EDIT: Because I'm a lousy programmer, it will likely complain about a bad number. However you should still get a question "Do you wish to force re-installation of scribe script?" to which you should answer 'y" and it will properly update. This should be a one-time event due a change in how I store the version number.

 

[L&LD]

V0.10_2 is now available.

Now checks firmware version as well as ensuring Merlin and Entware are both installed. Other cosmetic changes and some internal logic updates.

I need to do some digging to ensure I've chosen the right minimum firmware (380.68) which was honestly chosen because that's what @Jack Yaz requires for his scripts.

I have whitelisted codeload.github.com in Diversion and processed the files afterward (and also shut down Diversion too), but scribe still says GitHub repository is unavailable.