Where I work, I'm using Jboss AS7 Server to run about 4 applications.
We just finished developing a new application for our companie's partners.
The thing is we are currently getting a couple of connections from other countries like Nigeria and France (we are located in Brazil) and are suspecting that this new application might be opening a window to possible attacks.
Also it might be possible that the recent update to AS7 might be the issue.
What I want to know is if there is an extension for the AS7 Server which allows us to see which pages were accessed in which applications that are running on the server.
The subsystem web should be able to produce an access log. In the standalone.xml, in the subsystem container :
<virtual-server name="FQDN" enable-welcome-root="false">
<alias name="FQDN"/>
<access-log pattern="%t %a %u %r %s %b %{Referer}i %{User-Agent}i %S %T %{X-Transaction-ID}i"/>
</virtual-server>
Those are standard ELF field, so you should be able to customize. Hope it helps.
Related
Hello I saw some 11g tutorials with a Google search:
http://saltnlight5.blogspot.com/2014/04/how-to-setup-remote-debug-with-weblogic.html
http://java.dzone.com/articles/how-setup-remote-debug
They both specify adding something like:
JAVA_OPTIONS="$JAVA_OPTIONS -Xrunjdwp:transport=dt_socket,address=8000,server=y,suspend=y"
Two questions I have is:
One, at my work we have domains/domainName/bin/setDomainEnv.sh and in the same "domainName" directory another folder called servers, with a bunch of our servers on it. I am not an expert in infrastructure but I am looking for a way to remotely debug an application on Weblogic through Eclipse that is located on one of the servers. What is the best way to sync up the one server and its application with Eclipse rather than effecting all of the severs (unless I am misunderstanding).
Second, is there not a way to set this up through the Weblogic Administration Console? I tried looking around for anything intuitive, but nothing stood out.
If you are starting your servers with NodeManager, you should be able to add the arguments to "Arguments" in the Weblogic Admin Console under:
Environment -> Servers -> Your Server -> Configuration (tab) -> Server Start (sub-tab)
setDomainEnv - set debugFlag="true" and every server you start will listen on the port specified, allowing remote debug connections.
Inside of Eclipse, select, Run > Debug Configuration and then select Remote Java Application Choose the host your server runs on with the port from setDomainEnv
This will affect all servers, so if you have two running on the same host you will have a port conflict. You can do something simple like putting an if statement into setDomainEnv so the debug is only turned on for a specific SERVER_NAME
<domain>/servers - this is the folder where weblogic caches security information, application information, startup params, etc for each server. You shouldn't be manipulating this directly on the file system
Another thing that may be of interest to you it the Oracle Enterprise Pack for Eclipse (OEPE). It allows you to start/stop servers directly from Eclipse as well as additional debug support.
Sample from my setDomainEnv.sh:
debugFlag="true"
export debugFlag
JAVA_DEBUG=""
export JAVA_DEBUG
if [ "${debugFlag}" = "true" ] ; then
JAVA_DEBUG="-Xdebug -Xnoagent -Xrunjdwp:transport=dt_socket,address=8453,server=y,suspend=n -Djava.compiler=NONE"
export JAVA_DEBUG
JAVA_OPTIONS="${JAVA_OPTIONS} ${enableHotswapFlag} -ea -da:com.bea... -da:javelin... -da:weblogic... -ea:com.bea.wli... -ea:com.bea.broker... -ea:com.bea.sbconsole..."
export JAVA_OPTIONS
fi
Any good suggestion for Monitoring JBOSS 7 in Production ? I would also like to configure alerts based on certain condition. Of course , It has to be Open source.
Thanks.
You can use standard JConsole that comes with JBoss dependencies added. It's used to monitor your servers state and mbeans, it's very useful.
To test it on localhost start your server and then run the JConsole from your server/bin directory and select JBoss in the Local process selection.
To use it on "remote" server, start your server on "REMOTE_HOST" and then run JConsole from an JBoss/bin directory and connect with the followin string
service:jmx:jmx-remoting://REMOTE_HOST_NAME:9999 (or the port you use) and enter the username and password.
Secondly, for more detailed info of objects creation, memory leaks, CPU% (profiling) there is another one as:
http://jbossprofiler.jboss.org/
You can try to use free open source APM like scouter.
It shows very useful realtime performance information of every request.
And also you can set a threshold of resources and can make plugin for alerting to external.
https://github.com/scouter-project/scouter
JBoss7 need to set module option.
-Djboss.modules.system.pkgs=~~~,scouter
I have terrible issue with Webtop 6.7 SP1 P12 (I have tried also testing P26) with SSO (kerberos) login into Webtop application.
On the user enviroment Web browser is in version IE 8.0.7601.17514 and operation system is Windows 7.
When I login into application (SSO authentication is succesful) result screen is missing some frame:
Sometimes frames are not behaving like this:
in this case URL is also strangely modified (part of it was deleted).
Java (1.6.0.27) is installed correctly. I also checked security setttings on JAVA and IE, but I don't see any incorrect parameters here.
When I use web browser Firefox 3.5.19 to login into the Webtop (SSO is active too) GUI is loaded correctly with frames..
My another test was under operation system Windows XP, IE 8.0.6001.18702. The Webtop GUI workiing correctly.
When I tried logging into Webtop instead of the hostname by use IP address application server, GUI working correctly. In this case SSO is off.
I tried change verzion JAVA vs IE but nothing helps.
Wireshark network protocol analyze capture this HTTP issue:
this problem occurs on 6 users of total 100.
Please, do you have any ideas for me?
Thank you so much.
Lukas
Investigating further we found that non-working users were part of 100+ AD groups resulting in a large kerberos token size.
I changed tomcat config file "server.xml" to increase http header limit to "maxHttpHeaderSize="16384"".
<Connector port="8080" maxHttpHeaderSize="16384" protocol="HTTP/1.1" ... />
Here is the link to fix:
http://blogs.adobe.com/livecycle/2012/08/avoiding-livecycle-kerberos-based-sso-problems-for-active-directory-users-with-large-group-memberships.html
does any one know how to deactivate the automatic clustering in a JBoss 5.1.0?
we have a JBoss running on each developer machine and because we are all in the same network, they do an auto clustering. The problem could be solved if each of us could get its own multicast ip, but the network hardware is not capable of that.
Isn't there a switch in jboss to deactivate this?
Under Eclipse under Windows, you can run the server using the following JVM property (see Open Launch Configuration) :
-Djboss.partition.name=${env_var:COMPUTERNAME}
This way each of the developer machine will have its own cluster (with a single server if you run only one server). Under Linux, you will need to replace COMPUTERNAME by HOSTNAME.
If you run JBoss AS from the command line, you would use something like -Djboss.partition.name=%COMPUTERNAME% under Windows (not tested).
Note that using -Djgroups.udp.ip_ttl=0 (as proposed in another answer) has the following drawbacks:
server startup is slower (4 minutes instead of 1 minute in my case);
there are a lot of NAKACK warn/error logs;
the JGroups UDP multicast is limited to the local machine which could conflict with other applications based on JGroupds UDP;
other servers on the same machine with the same configuration will be in the same cluster, which may not be desired.
You can use different multicast or partition name to avoid conflict.
However, if you want to disable clustering in "production" or "all" configuration , you need to do following actions:
Remove
farm/
deploy-hasingleton/
deploy/cluster/
In deploy/messaging/*-persistence-service.xml, change Clustered to false:
<attribute name="Clustered>false</attribute>
and remove
<depends optional-attribute-name="ChannelFactoryName">jboss.jgroups:service=ChannelFactory</depends>
In conf/bootstrap/profile.xml, replace
<bean name="BootstrapProfileFactory" class="org.jboss.system.server.profileservice.StaticClusteredProfileFactory">
with
<bean name="BootstrapProfileFactory" class="org.jboss.system.server.profileservice.repository.StaticProfileFactory">
and remove the "farmURIs" property a few lines below that.
Replace deploy/httpha-invoker.sar with http-invoker.sar from the default profile
In the deployers/clustering-deployer-jboss-beans.xml, comment out WebAppClusteringDependencyDeployer.
In SOA-P, if you are removing clustering, you will need to take a few additional steps.
Copy the server/default/deploy/jbpm.esb/hibernate.cfg.xml to server//deploy/jbpm.esb/hibernate.cfg.xml
Remove server//deploy/riftsaw* and cp -R server/default/deploy/riftsaw* server//deploy/
You can do this by setting the TTL (time-to-live) on the multicast packets to zero. Clustering will still be enabled, but none of the JBoss servers running on the developer machines will be able to locate each other.
When starting JBoss, set the jgroups.udp.ip_ttl system property, e.g.
-Djgroups.udp.ip_ttl=0
You'll need to hack that into the JBoss startup script, most likely.
We upgraded from JBoss 4 (and JDK 5) to JBoss 5 (and JDK 6). The problem is that the start time has gone from 1.5 minutes (on JBoss 4) to more than 4 minutes.
18:53:35,444 INFO [ServerImpl] JBoss (Microcontainer) [5.1.0.GA (build: SVNTag=JBoss_5_1_0_GA date=200905221053)] Started in 3m:9s:262ms
It seems like the component that is taking JBoss the longest time to initialize is the JMX
18:50:41,926 INFO [LogNotificationListener] Adding notification listener for logging mbean "jboss.system:service=Logging,type=Log4jService" to server org.jboss.mx.server.MBeanServerImpl#1adc122[ defaultDomain='jboss' ]
18:52:38,797 INFO [JMXConnectorServerService] JMX Connector server: service:jmx:rmi://lharel2/jndi/rmi://lharel2:1090/jmxconnector
From the DEBUG server log, I get these lines at the problematic time:
2009-12-18 18:51:00,886 DEBUG [org.jboss.deployment.MappedReferenceMetaDataResolverDeployer] (main) vfsfile:/C:/QC/Views/QCDev/jboss-5.1.0.GA/server/default/deploy/jmx-console.war/ endpoint mappings:
2009-12-18 18:51:00,886 DEBUG [org.jboss.deployment.MappedReferenceMetaDataResolverDeployer] (main) Processing unit=jmx-console.war, structure: jmx-console.war
2009-12-18 18:52:35,209 DEBUG [org.jboss.deployment.OptAnnotationMetaDataDeployer] (main) Deployment is metadata-complete, skipping annotation processing, ejbJarMetaData=null, jbossWebMetaData=org.jboss.metadata.web.spec.Web23MetaData#1f, jbossClientMetaData=null, metaDataCompleteIsDefault=false
There is no EJB in the project.
The memory settings are:
-Xms128m -Xmx512m -XX:MaxPermSize=256m
Do you have any idea how JBoss start time can be improved?
Update: so far no luck, I tried shreeni's suggestion (changed the scanning xmls). The server is not running in debug mode so MicSim's suggestion is not relevant
A shot into the blue sky without more information
Network timeouts: 1,5 minutes of delay when deploying jmx-console.war may indicate a network timeout (e.g. 3 x 30 seconds). Try to start JBoss and bind it to a specific IP address using the -b command line argument or the jboss.bind.address system property. Also, try to make sure your host and DNS resolution settings on your system are correct.
JMX is also using RMI and you may want to set the RMI server host name as system property. On some Linux distributions, RMI has problems with looking up the correct hostname and jmx-console.war may try to connect to the 'wrong localhost'. The system property is java.rmi.server.hostname
System tracing: If that does not help, you may want to use strace to start the java process, so you can see the point where the system hangs (if it really does hang due to a network timeout or similar).
That is an awfully big gap in the logs. I suggest changing the log configuration to log everything at DEBUG level, rather than INFO. This will generate an awful lot more log entries, but hopefully will help you narrow it down.
The easiest way to do this is to set the -Djboss.server.log.threshold=DEBUG system property when you start JBoss
I had an issue like this but I found a good improvement by setting the initial and max heap size to same values, I mean:
-Xms512m -Xmx512m
With this, I improved from 4 to 2 minutes the starting time.
Your suspicion about the jmx-console can be misleading. There may be other components doing work in the background unrelated to the jmx-console. In my experience, we had an issue where a small war file appeared to take 3 minutes to load! It was innocent. The culprit was partly due to an EAR file with many wars and jars.
While I'm no expert, I would suggest the following:
Try turning up the logging to TRACE. By doing this, I witnessed one of the deployers (EJBDeployer, I think) unnecessarily scanning WARs in one of our EARs. I then manually disabled the scanning of those WAR files.
Run wireshark during the startup. I discovered some war files were hanging while waiting for a response from an external DTD request. Those websites were either now non-existent or would not properly serve the DTD files to java-based programs. I could speed it up by either having the programmers use local DTD files or mirroring those DTDs locally and having /etc/host loopback locally.
You could refer to this link to avoid unnecessary annotation scanning which could speedup your server start
See http://community.jboss.org/wiki/jboss5xtuningslimming especially the "Tuning" part.
I'm using JBoss 5.1.0 with a Macbook pro (2.26ghz 4gb) without applications it start in 54s
15:00:26,449 INFO [ServerImpl] JBoss (Microcontainer) [5.1.0.GA (build: SVNTag=JBoss_5_1_0_GA date=200905221634)] Started in 54s:720ms
I made a new configuration based on the "default". The JMS dataosurce points to a Postgres database instead of the "Hypersonic Database" (in memory database)
I suppose you are starting in debug mode. This mode can be up to 3 times slower than normal mode.
But there might be also a problem when switching from JDK5 to JDK6. I found this solution here on the net:
I've solved that. It's a debugging issue. I've changed my debug settings from:
wrapper.java.additional.26=-Xdebug
wrapper.java.additional.27=-Xnoagent
wrapper.java.additional.28=-Djava.compiler=NONE
wrapper.java.additional.27=-Xrunjdwp:transport=dt_socket,address=7199,server=y,suspend=n
to:
wrapper.java.additional.26=-Xdebug
wrapper.java.additional.27=-Xrunjdwp:transport=dt_socket,address=7199,server=y,suspend=n
and JBoss becomes fast again.
Hope this helps.
Do you need the JMX console application? Pragmatic thing would be to un-deploy it from the server, you could still use the jconsole or jvisualvm for basically the same thing.
Turn off annotation scanning and other features you don't need https://community.jboss.org/wiki/jboss5xtuningslimming
When you start/stop JBoss from eclipse, it does not clean up the tmp & work folders correctly. Setup an External Tool configuration and run a batch file to delete everything in tmp & work folders before each startup.
I was able to speedup running the "default" profile from 15/20 minutes to 5 minutes.