export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$JBOSS_HOME/../native/lib
-
Recent Posts
Recent Comments
Archives
Categories
Meta
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$JBOSS_HOME/../native/lib
IP tables port forwarding can be used to direct requests from one port to another. It is extremely helpful in situation where you need to run your application as non-root but still need to serve the app on port 80. This will also eliminate the need for root/sudo privileges.
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8000
Problem
Splunk reports error “Your maximum disk usage quota has been reached. The search was not run” when doing searches.
Solution
Login to Splunk.
Click on Jobs link on top right corner.
Delete the jobs and run search again.
You can build a Tealeaf report template to identify which web and app servers are hit by the users. This can save your troubleshooting time and get to the root cause quickly.
I) Setup an Event
1) Launch RealiTeaPro viewer.
2) Navigate to Edit -> Event Editor -> Attributes
3) Create an Attribute jk-attr-webserver with Attribute Type as Text.
4) Navigate to Edit -> Event Editor -> Categories
5) Create a Category jk-ctg-webserver
Flag: Active selected
Match Type: 0-String pattern
Case: Insensitive
Encoding: No Translation
Buffer: Request
Start Tag: \njk-webserver-req-set-field=
End Tag: \r
6) Navigate to Edit -> Event Editor -> Events
7) Create an Event jk-evt-webserver
Group: SysOps
Value Tyoe: Default
Match Type: 16-Data is NOT null
Buffer: Filtered by Category
Flag: Interesting Event selected
Event Result Type: Text
Attribute Name: jk-attr-webserver
Category: jk-ctg-webserver
8) Save and Commit the changes.
II) Setup Privacy Filter
1) From the browser, login to Tealeaf portal.
http://{tealeaf-server}/portal/TMS.aspx
2) Navigate to WorldView -> Transport Service -> Privacy Filter configuration -> View/Edit Raw
3) Create or Edit one of the rules
[Rule3]
Enabled=true
Actions=IndexRemote_Addr, IndexRequest_Method, ReqSetTLTURL, ReqSetjk-action-webserver
BIGipServer{cookienameforwebserver}. You can find this field/cookie name from Request data when replaying the Tealeaf session. In my case, BigIP LTM injects a cookie with prefix BIGipServer. This can be any cookie injected by the server.
5) Save the config
6) Click on Transport Service and restart.
III) Build a Tealeaf Report Template
1) From the browser, login to Tealeaf portal.
http://{tealeaf-server}/portal/SearchTemplateConfig.aspx
2) Create a new template ‘Operations Template’ or add the relevant columns to the existing template.
3) Add the WebServer column
Title: WebServer
Field: Session Attribute Value
Attribute: jk-attr-webserver
Operation: Display Field Value
4) Save.
Your report now displays the column titled WebServer with cookie value. With this cookie value, you can find out which server is being hit. The same procedure can be repeated to track JBOSS appserver by reading the corresponding cookie.
If you are using BigIP LTM, you can track the server using cookie. Please refer
http://techwaver.blogspot.com/2008/12/decode-bigip-cookie-to-identify-pool.html
Please make sure your JBOSS LDAP connection works fine with clear password before proceeding with encryption.
1) Create a mbean file named encrypt-service.xml and place it in the deploy folder.
encrypt-service.xml
——————————————————————————
<mbean code="org.jboss.security.plugins.JaasSecurityDomain"
——————————————————————————
name="jboss.security:service=JaasSecurityDomain,domain=jk-ldap-security">
<constructor>
<arg type="java.lang.String" value="jk-ldap-security"></arg>
</constructor>
<attribute name="KeyStorePass">rchitect</attribute>
<attribute name="Salt">rchitect</attribute>
<attribute name="IterationCount">66</attribute>
</mbean>
Note: The Salt value should be 8 bytes long. More than 8 bytes is not accepted at the moment.
2) Restart the server if required.
3) Login to jmx-console http://{ip-address}:8080/jmx-console/
4) From the left hand side navigation Object Name Filter, select jboss.security and click on the link domain=jk-ldap-security,service=JaasSecurityDomain
10) Replace the clear text KeyStorePass with the folllowing in encrypt-service.xml
<attribute name=”KeyStorePass”>{CLASS}org.jboss.security.plugins.FilePassword:${jboss.server.home.dir}/conf/server.password</attribute>
If you prefer not to use mbean for encryption, you can also use the following command to encrypt the ldap bind password.
java -cp common/lib/jbosssx.jar org.jboss.security.plugins.PBEUtils $saltvalue $iterationcountvalue $password $encryptpassword
Splunk search dashboard summary displays sources, sourcetypes and hosts. These hosts will list your actual server name. If you would like to have user friendly name for your hosts, follow these steps.
1) Navigate to http://{splunk_agent_host}:8000 and login to Splunk agent on target host.
2) Manager -> System settings -> General settings -> Index settings.
3) Update the Default host name (optional) field to have user friendly name
4) SSH into splunk agent and run these commands
$SPLUNK_HOME/bin/splunk stop
$SPLUNK_HOME/bin/splunk clear all
$SPLUNK_HOME/bin/splunk start
5) Login to Splunk server and check the dashboard for discovery of user friendly host.
Note: The password may get reset due to clear all command.
——————————————————————————
By default, Splunk dashboard lists 10 hosts. When you have large no. of hosts, navigating 10 hosts at a time might be cumbersome. To increase the size of hosts displayed,
1) Navigate to Manager -> User interface -> Views -> Select ‘search’ as app context from dropdown -> dashboard.
2) Update this block in the section after <!– The list of hosts –>
<module name=”Paginator”>
<param name=”count”>25</param>
<param name=”entityName”>settings</param>
<param name=”maxPages”>25</param>
<module name=”SearchLinkLister”>
3) Restart splunk server
JBOSS Active Directory LDAP Integration
2) Please note that the role JBossAdmin defined above is referenced from WEB-INF/web.xml of the application.
<security-role>
<role-name>JBossAdmin</role-name>
</security-role>
1) SSH into LTM, update /config/bigip.conf with desired changes.
Load the file:
bigpipe load
bigpipe save
1) Install Splunk server
2) Install Splunk on host machines you want to monitor. Please have splunk forwarder license on the host.
3) Setup Splunk server as a receiver and the splunk on other target systems as forwarder
4) Setup Receiver
Navigate to Manager > Forwarding and Receiving > Receive data > Configure receiving > New
Set up port as 8090 or any available port
Restart splunk
5) Setup Forwarder
Navigate to Manager > Forwarding and Receiving > Forward data > Configure forwarding > New
Provide {splunk_server_ip_from_step4):8090
Restart splunk
Note: If you are copying splunk install from one machine another, please do this step
Login to Splunk
Navigate to Manager > System settings > General settings
Splunk server name and Default host name should match the host name
Save and restart.