Friday, January 9, 2015

IHS Log Rotation

This topic is about how to rotate the log , means how to generate a new log day by day with file size 5MB.

Making IBM HTTP Server Logs Rotates/Rolls Dialy


IBM HTTP Server has many Logs for it under Folder "<Installation_Directory>/IBM/HTTPServer/logs", sometimes those logs take much more time to open if they were too large and logged many data, you can customize those log files , we can say that defaults log in IBM HTTP Server are:


image
  1. Admin Log : admin_access.log
  2. Admin Error Log : admin_error.log.
  3. Access Log : access_log.
  4. Error Log : error_log.
In This tutorial we well represent how to make "Access log and Error Log" Rolling By Day and by Size :
Note : This tutorial in IBM HTTP Server v8.5 and Red hat Linux , take care when implementing it on other OS's

Steps in Appending the Logs it seems Like Apache Http Server :


  1. Locate IBM HTTP Server in <Installation_DIR>/IBMHTTPServer/conf in Your Operating System, to edit the configuration.
  2. Then Open httpd.conf.

    image


     
  3. Locate the line : CustomLog log/access_log common.
  4. Comment the line, after this line type :

    CommonLog "|/opt/IBM/HTTPServer/bin/rotatelog -l /opt/IBM/HTTPServer/log/access_log.%Y.%m.%d 5M" common
    Where"y"represents Year, "m" for month, "d" for date and "5M" for 5MB files size.
    image

     
  5. Locate the Line : ErrorLog log/error_log.
  6. Comement the Line and press enter and Enter the Code Below instead the current one :

    ErrorLog "|/opt/IBM/HTTPServer/bin/rotatelog -l /opt/IBM/HTTPServer/log/error_log.%Y.%m.%d 5M"

    image
     
  7. Then Restart IBM HTTP Server .
  8. Type the URL  for the Host for IBM HTTP Server from Browser and you can see the access log is logging by the Current date.

    image

For Every 5 minutes an new log will be generated and the old log will be saved as above 

References :

rotatelogs - Piped logging program to rotate Apache logs  is a simple program for use in conjunction with Apache's piped logfile feature. It supports rotation based on a time interval or maximum size of the log
Posted by at No comments:
Labels:

Certificate expire issue in Websphere Application server

RECOMMENDATION: Servers self-signed certificate will get replaced 60 days before they expire. That means about 10 months after the self-signed certificate gets created. This will cause a server outage on services like WebServer where the managing of the client signer certificate is a manual step. So this change will extend the life span of the default self-signed certificate to 15 years and provide addition warning time before certificates are automatically replaced.
 In WAS 6.1 the default certificate expires in one year. Just before the expiration, the cert is renewed automatically. After this automatic cert renewal, dmgr cannot talk to nodeagents, resulting in “JSSL0080E SSL HandShake Execption”. If the renewal is done while WAS is up and running, the user has to update dmgr/trust.p12 and appsrv/trust.p12 when prompted during the next WAS shutdown. This does not work If WAS is running as a service on Windows platforms. If the cert is expired while WAS is NOT running, WAS has to be started with expired cert. Automatic renewal runs during the next start-up of dmgr. The user has to run sync node.
As a work around, the user currently has to add manually the renewed certs to the trust stores. Add the cert of Cell to Node, and the other one of Node to Cell. The error is produced as a direct result of automatice cert renewal. The renewed cert should be added to Cell and Node trust stores automatically.
Additionally, the certificate expiration monitor has been modified to properly handle this condition; this fix has been shipped in APAR PK48659. Local fix As a work around, the user currently has to add manually the renewed certs to the trust stores. Add the cert of Cell to Node, and the other one of Node to Cell.
How to create & add a new Signer certificates for existing profile.
Create new key.p12 keystore
SSL certificate and key management > Key stores and certificates > CellDefaultKeyStore > Personal certificates
Create Self Signed Cert
Alias:
Common Name:
Validity Period: 3650
Organization: xyz
Click OK
Extract certificate
SSL certificate and key management > Key stores and certificates > CellDefaultKeyStore > Personal certificates > Extract certificate
Certificate file name: -key.arm ex: Server Name-key.arm
Data type: Base64-encoded ASCII data
Default location for file to be created is:
/profiles/dmgr/etc/ ex: /opt/was61/profiles/dmgr/etc/
Import certificate created trust.p12
SSL certificate and key management > Key stores and certificates > CellDefaultTrustStore > Signer certificates
Alias: -key
File Name: /profiles/dmgr/etc/-key.arm
Data type: Base64-encoded ASCII data
Copy trust.p12 and key.p12 to all the nodes
FROM:
/profiles/dmgr/config/cells//trust.p12
/profiles/dmgr/config/cells//key.p12
TO: /profiles/dmgr/config/cells//nodes//trust.p12
/profiles/dmgr/config/cells/ /nodes/ /key.p12
Restart nodes and dmgr from command line. When prompted to accept certificate, accept the certificate.
Start dmgr
Sync nodes manually to dmgr. When prompted to accept certificate, accept the certificate.
8. SSL certificate and key management > SSL configurations > CellDefaultSSLSettings
Select the certificate that you created in the following drop downs:
Default server certificate alias
Default client certificate alias
Click ->Get Certificate Aliases
Click -> OK
9. SSL certificate and key management > Manage endpoint security configurations
NOTE: This is a similar process the needs to be completed for all nodes and cells, both inbound and outbound
Select Node Level:
Change
Certificate alias in key store: Certificate that you imported
Click -> Update Certificate Alias List
Click -> OK
Repeat for Node Level – Inbound and Outbound
Repeat for Cell Level – Inbound and Outbound
Posted by at No comments:
Labels:

Thursday, January 8, 2015

Request flow WAS

The basic flow of the application starts when the user’s request to a URL.
  • The URL is a combination of the Hostname, port no and context root of the specific application. 
  • The URL has a valid hostname/IPAddress of the application installed machine.
  • In most general, A HTTP Server/Webserver can handle the HTTP requests. 
  • Webserver maintains and serve the static pages to the users and for dynamic pages it will direct the requests to the Application Server.
  •  The Webserver plug-in uses a XML configuration file to determine whether a request is for WAS and identifies the request as addressing a Java servlet and utilizes its configuration data to pass the request on to the servlet runtime engine code. The appropriate servlet is invoked via HTTP.
  •  Next, the servlet understands which method or call it needs to make to obtain the information to satisfy the client request. 
  •   The third step involves business logic written as part of the Enterprise JavaBeans, which connects to the back-tier database and performs the transaction.
  •  When the query results are sent back to the WebSphere middle-tier environment, the Java servlet regains control and manages the response page generation which needs to be served back to the client making the original request. 
  • To do that, an appropriate Java Server Page can be selected to help generate the dynamic content. The computed Web page with the results of the query is then served back to the Web client via the HTTP server.    
Posted by at No comments:
Labels:
Subscribe to: Posts (Atom)