@Ricardo thanks, that all looks ok to me. Basically what is happening is that Mango uses a pool of TCP/IP connections to the database and when choosing one to use it tests it first to ensure it is still connected. In this case Mango sees that the connection is broken and the database pool library (Hikari) is logging that.

For some reason the database connections that Mango is opening are being closed. This is not normal. From your log posting I can see that the delay is pretty close to 10 minutes, so I would be looking for any settings between Mango and your MySQL server that timeout at 10 minutes. It is possible you have a Proxy or Firewall between the 2 that is severing the connections at 10 minutes...

If none of that helps then I suggest you post the mango.properties for your database. The begin like this:

# MySQL database settings. Your MySQL instance must already be running and configured before this can be used. db.type=mysql ...

This is a bug and will be corrected in Mango v4.3.

@jared-wiltshire Since I cannot do database conversion, I tried reinstalling mango via the script again and was successful after creating the .mylogin.cnf file for the root account.

sudo -s
mysql_config_editor set --host=...

Thanks for your help!

Any advise?

Hi Craig,

Thank you for your reply. I copied the web/ directory from the beta.12 download over my existing beta.12 instance. I set the system information to development and performed the upgrade via the modules pages. I am happy to report back that the system is now on beta.14.

BR,
Ricardo

Of course, one of my suggestions was doing the whole thing as a reusable directive. If you can think of it, the only limitations are hardware and imagination

Fox

Hi Joel, I am able to confirm the function is working in v4.0.0 Beta.14. Many thanks for your reply.

Just a thought, but is there not an internal mango datapoint you can take a snapshot of with a meta datapoint? Either that or make api calls and store the result.
At least then you could graph that however you like.
Nice idea with the SQL query Ralf

Fox

@ricardo
Try the 'No change' event detector or others as shown below:

00010f54-4fd9-43fb-bb3f-46305a54e016-image.png

Yes, when you set a read permission to a datapoint it removes the implicit "user" permission, pretty sure that's stated in the docs.
It's how I prevent users from seeing other users data combined with tags. just to be sure.

Fox

Nicely done, thanks for giving it a go!
Ok I suggest you try the ma-get-point-value component.

<tr ng-show="assigned[device].value=='yes'" ng-repeat="device in deviceNames"> <td>{{device}}</td> <td><ma-point-value point-xid="{{'DP_' + device + '-Alarm'}}"></ma-point-value></td> <td><ma-get-point-value point-xid="{{'DP_' + device + '-Assigned'}}" point="assigned[device]"></ma-point-value>{{assigned[device].value}}</td> <td><ma-point-value point-xid="{{'DP_' + device + '-Location'}}"></ma-point-value></td> <td><ma-point-value point-xid="{{'DP_' + device + '-Location'}}" display-type="dateTime" date-time-format="LTS"></ma-point-value></td> </tr>

Fox

@craigweb said in SNMP Publisher / Agent:

Hi @ricardo

Mango only has 4 publishers: BACnet, Modbus, Mango PTCP and an HTTP publisher

Also Twilio and Pachube.

I would say the closest we are to having a fail-over system right now would involve some development work to revive some of the NoSQL database integrations we've done in the past, which would generally lead to increased costs in either licensing the database engine or the increase in disk and processing power some of those database engines require. It also means we're not necessarily in control of solving every encountered issue (which we still aren't, but this was a large reason of why we kept improving out own NoSQL database).

It's completely possible for authenticated users to crash Mango by making too many and/or too large of requests. Give someone data source permission and there's even more potential for trouble.

That said, a single, well managed instance can achieve the metrics specified in your post of requirement 5. Thinking of your own deployments, do they already meet that standard?

@ricardo said in Authentication:

1.1. The password, if stored in the system, should be stored in a one-way salted hash.

By default the passwords are stored in Bcrypt format which uses a salt.

1.2. The system shall enforce strong password at least 8 characters long with reasonably complex composition.

The minimum length of passwords as of Mango v3.5 is 8 characters, we intend to make this configurable. "reasonably complex composition" is not a very specific requirement, but again we are intending to add password complexity rules.

1.3. The system shall enforce period change of password of user accounts.

You can setup password expiration in the system settings as of Mango v3.5. It's under "System settings" > "Password settings".

1.4. The system shall prevent brute-force password attack. [Comply by editing rateLimit.* in env.properties?]

Correct there is a rate limiter for authentication attempts which can be configured in env.properties. There are limits per IP and per username. Attempts to exceed the rate limit are logged to ma.log at WARN level (class name com.serotonin.m2m2.web.mvc.spring.security.MangoAuthenticationFailureHandler)

1.5. The system shall provide a secure mechanism for user password reset self-service. [Comply with "Forgot password" in login page?]

Yes, there is password reset available via a one-time JWT token sent via email.

1.6. Security events of user account activities shall be logged and kept for at least 3 months including [Comply with event log?]:

There are Mango events for login and logout. The timestamp, username and IP address is recorded for login. The event is "returned to normal" when the user logs out, there is a timestamp recorded when events return to normal.

Failed logins are only logged to your ma.log file (same class as mentioned above, again WARN level), they are not events. The timestamp, username and IP address are logged.

There is no "lockout", but you can disable users, this is logged in the "Audit trail" in "System status" (tracks all changes to users, including password changes). The audit trail logs the timestamp and the username of the user who made the change but there is no IP address recorded.

I think we can look at improving the logging of security related events to ma.log and provide a log4j2.xml configuration file which sends all the security events to a separate log file.

Hi Ricardo,

There is not a setting to modify how that duration is formatted currently.

If one wanted to achieve something like this, they could create a modified, custom version of the <ma-events-table></ma-events-table> directive and modify the Moment.js function invoked on the duration in the durationFilter.js from 'humanize' at https://github.com/infiniteautomation/ma-dashboards/blob/main/UI/web-src/ngMango/directives/eventsTable.html#L72 to a function that results in the format you seek. Then you could use this modified directive (you'd have to give it a different name) on custom pages.

Tested with HTTP 3.4.1 and updated the log4j2.xml per your instruction. It is all good. Thanks.

This should also be supported in the current release. You can enable swagger to review the API: https://help.infiniteautomation.com/explore-the-api/