SGD: logging client source address

With the admin console, it's easy to see who is logged into global desktop and also which application servers they are running sessions on. I have need to know where they're connecting from. Is there a log filter or any other mechanism that will show me the hostname or ip address of the client where the user is logged in from?
TIA for the help.
-Dan

you should be able to see the client IP via
$ tarantella webtopsession list
User: .../_ens/o=organization/ou=People/ou=SGD/cn=Tom
Client: 192.168.1.77
Connection type: Secure
Logged in at: 2008-06-17 11:24:36.725
Logged in to: yourserver.yourcompany.com
Print state: Ready
Profile: .../_ens/o=organization/ou=People/ou=SGD/cn=Tom
if you are using Firewall forwarding, then the emulatorsession list will show the loopback
$ tarantella emulatorsession list
User: .../_ens/o=organization/ou=People/ou=SGD/cn=Tom
Application: .../_ens/o=applications/ou=Apps/cn=xterm
Application Server: .../_ens/o=appservers/cn=Tarantella server sgd
Application Server User: tom123
Client: 127.0.0.1
Protocol Engine ID: 16614
Resumable For: Always
Session ID: sgd.solaris.org:1212766049959:-7733236712545113475:Li4uL19lbnMvbz1vcmdhbml6YXRpb24vb3U9UGVvcGxlL291PVJTRC9jbj1SaWNoYXJk
Start Time: 2008-06-06 08:27:29.966
Status: Suspended
If you are on a Sunray, then you might not see the IP of the DTU. The next version of SGD should report the DTU IP.

Similar Messages

How to print the client ip address at the server side( reqd for logging )??

Hello everybody...
joined this forum recently.....
In RMI programming.... is there any way by which the server can know the the Client ip address or machine name.... i want to know this bcoz i need to create a log file as to who all had connected withe the server..
need a solution soon..... thanks in advance....

@ejp....
thanks buddy....
u made my world a better place to live.....

Terminal prompt starts with client IP Address

I named my macbook pro as "pine" and add the following line to the .bash_profile file
export PS1='\h:\w> '
Normally, it displays "pine:~>", but after I connect my laptop to the wireless network via a VPN, the prompt becomes
client-77-104-71-149:~>
Why does the terminal prompt look so weird? How to change it back to normal?

The issue occurs on a daily basis for about 100 laptops that are normally docked to a wired connection (subnet 10.2.3.x), but when undocked the laptop transitions to a wireless connection (10.2.5.x). When initially docked, a laptop connected to
a wired connection will properly negotiate with DHCP all four parts of the handshake in the classic way and get an IP address (10.2.3.101 for example).
The problem begins about 5 - 10 minutes later when the same laptop makes a DHCPDiscover with a source address of 10.2.3.101 and destination address of 255.255.255.255. This continues every 10 minutes or so until the laptop is undocked or taken off
the wire. It only acquires on additional address once, but if we delete it off the DHCP server, then it reacquires the bad, additional lease.
When the laptop reach 50% of its lease life or later (undocked and returned the next day), it make a DHCPRequest for 10.2.3.101 from source address 0.0.0.0 to destination address 255.255.255.255. It then reacquires the lease like normal.
Yes, the docking and undocking will move them between subnets by changing the interface. If we disable the wireless adapters while the laptop is docked, it stops sending DHCPDiscover packets from source address 10.2.3.101 to destination address 255.255.255.255.
When we reenable the wireless adapters, then the bad behavior starts up again. We see this in Wireshark packet captures and the DHCP client logging. None of the events or strings have from the logs have either given us an explantion or solution.
Thanks again,
Mark

Install PT8.53 with Linux Issue: Jolt client (ip address 192.168.196.102) does not have proper application password

Folks,
Hello.
I am installing PeopleTools 8.53 with Oracle Database Server 11gR1 and OS Oracle Linux 5.10.
Data Mover Bootstrap and Application Designer can log into Database instance successfully. My procedure to run PIA is below:
Step 1: start Oracle Database Server and LISTENR is listening.
Step 2: start Application Server ./psadmin and 8 processes are started.
Step 3: start WebLogic Server PIA /opt/PT8.53/webserv/PT853/bin/startPIA.sh
In Browser, http://192.168.196.102:8000/ps/signon.html comes up successfully. But when sign in using UserID PSADMIN and password "myname", I get the error message in Browser as below:
The application server is down at this time.
CHECK APPSERVER LOGS. THE SITE BOOTED WITH INTERNAL DEFAULT SETTINGS, BECAUSE OF: bea.jolt.ServiceException: Invalid Session
We've detected that your operating system is not supported by this website. For best results, use one of the following operating systems:
Mac OS X 10.6(Snow Leopard)
Mac OS X 10.5(Leopard)
iPad
Oracle Linux Enterprise
Mac OS X 10.4(Tiger)
Windows 8
Windows 7
Mac OS X 10.7(Lion)
Regarding Application Designer, both Database Type "Oracle" and Connection Type "Application Server", UserID "PSADMIN" and password "myname" login successfully. I view TUXLOG (current Tuxedo log file) and its last screen is below:
191723.lucylinux.lucydomain!JSH.32462.2485226496.-2: JOLT_CAT:1626: "ERROR: Jolt client (ip address 192.168.196.102) does not have proper application password"
191723.lucylinux.lucydomain!JSH.32462.2485226496.-2: JOLT_CAT:1626: "ERROR: Jolt client (ip address 192.168.196.102) does not have proper application password"
191723.lucylinux.lucydomain!JSH.32462.2485226496.-2: JOLT_CAT:1626: "ERROR: Jolt client (ip address 192.168.196.102) does not have proper application password"
191724.lucylinux.lucydomain!JSH.32462.2485226496.-2: JOLT_CAT:1626: "ERROR: Jolt client (ip address 192.168.196.102) does not have proper application password"
191724.lucylinux.lucydomain!JSH.32462.2485226496.-2: JOLT_CAT:1626: "ERROR: Jolt client (ip address 192.168.196.102) does not have proper application password"
191724.lucylinux.lucydomain!JSH.32462.2485226496.-2: JOLT_CAT:1626: "ERROR: Jolt client (ip address 192.168.196.102) does not have proper application password"
191724.lucylinux.lucydomain!JSH.32462.2485226496.-2: JOLT_CAT:1626: "ERROR: Jolt client (ip address 192.168.196.102) does not have proper application password"
191724.lucylinux.lucydomain!JSH.32462.2485226496.-2: JOLT_CAT:1626: "ERROR: Jolt client (ip address 192.168.196.102) does not have proper application password"
191725.lucylinux.lucydomain!JSH.32462.2485226496.-2: JOLT_CAT:1626: "ERROR: Jolt client (ip address 192.168.196.102) does not have proper application password"
191725.lucylinux.lucydomain!JSH.32462.2485226496.-2: JOLT_CAT:1626: "ERROR: Jolt client (ip address 192.168.196.102) does not have proper application password"
191725.lucylinux.lucydomain!JSH.32462.2485226496.-2: JOLT_CAT:1626: "ERROR: Jolt client (ip address 192.168.196.102) does not have proper application password"
191726.lucylinux.lucydomain!JSH.32462.2485226496.-2: JOLT_CAT:1626: "ERROR: Jolt client (ip address 192.168.196.102) does not have proper application password"
191726.lucylinux.lucydomain!JSH.32462.2485226496.-2: JOLT_CAT:1626: "ERROR: Jolt client (ip address 192.168.196.102) does not have proper application password"
191726.lucylinux.lucydomain!JSH.32462.2485226496.-2: JOLT_CAT:1626: "ERROR: Jolt client (ip address 192.168.196.102) does not have proper application password"
191726.lucylinux.lucydomain!JSH.32462.2485226496.-2: JOLT_CAT:1626: "ERROR: Jolt client (ip address 192.168.196.102) does not have proper application password"
191726.lucylinux.lucydomain!JSH.32462.2485226496.-2: JOLT_CAT:1626: "ERROR: Jolt client (ip address 192.168.196.102) does not have proper application password"
191727.lucylinux.lucydomain!JSH.32462.2485226496.-2: JOLT_CAT:1626: "ERROR: Jolt client (ip address 192.168.196.102) does not have proper application password"
191727.lucylinux.lucydomain!JSH.32462.2485226496.-2: JOLT_CAT:1626: "ERROR: Jolt client (ip address 192.168.196.102) does not have proper application password"
191727.lucylinux.lucydomain!JSH.32462.2485226496.-2: JOLT_CAT:1626: "ERROR: Jolt client (ip address 192.168.196.102) does not have proper application password"
191727.lucylinux.lucydomain!JSH.32462.2485226496.-2: JOLT_CAT:1626: "ERROR: Jolt client (ip address 192.168.196.102) does not have proper application password"
I View APPSRV_1023.LOG (current server log file) and its content is below:
PSADMIN.32259 (0) [2013-10-23T18:55:12.134](0) Begin boot attempt on domain PT853
PSAPPSRV.32290 (0) [2013-10-23T18:55:35.701](0) PeopleTools Release 8.53 (Linux) starting. Tuxedo server is APPSRV(99)/1
PSAPPSRV.32290 (0) [2013-10-23T18:55:35.923](0) Cache Directory being used: /home/user/psft/pt/8.53/appserv/PT853/CACHE/PSAPPSRV_1/
PSAPPSRV.32290 (0) [2013-10-23T18:56:19.256](2) App server host time skew is DB+00:00:00 (ORACLE PT853)
PSAPPSRV.32290 (0) [2013-10-23T18:56:23.504](0) Server started
PSAPPSRV.32290 (0) [2013-10-23T18:56:23.507](3) Detected time zone is EDT
PSAPPSRV.32338 (0) [2013-10-23T18:56:25.793](0) PeopleTools Release 8.53 (Linux) starting. Tuxedo server is APPSRV(99)/2
PSAPPSRV.32338 (0) [2013-10-23T18:56:26.003](0) Cache Directory being used: /home/user/psft/pt/8.53/appserv/PT853/CACHE/PSAPPSRV_2/
PSAPPSRV.32338 (0) [2013-10-23T18:57:08.871](2) App server host time skew is DB+00:00:00 (ORACLE PT853)
PSAPPSRV.32338 (0) [2013-10-23T18:57:10.662](0) Server started
PSAPPSRV.32338 (0) [2013-10-23T18:57:10.663](3) Detected time zone is EDT
PSSAMSRV.32388 (0) [2013-10-23T18:57:12.159](2) Min instance is set to 1. To avoid loss of service, configure Min instance to atleast 2.
PSSAMSRV.32388 (0) [2013-10-23T18:57:12.168](0) PeopleTools Release 8.53 (Li nux) starting. Tuxedo server is APPSRV(99)/100
PSSAMSRV.32388 (0) [2013-10-23T18:57:12.265](0) Cache Directory being used: /home/user/psft/pt/8.53/appserv/PT853/CACHE/PSSAMSRV_100/
PSSAMSRV.32388 (0) [2013-10-23T18:57:59.414](0) Server started
PSSAMSRV.32388 (0) [2013-10-23T18:57:59.416](3) Detected time zone is EDT
PSADMIN.32259 (0) [2013-10-23T18:58:48.149](0) End boot attempt on domain PT853
PSAPPSRV.32290 (1) [2013-10-23T18:59:06.144 GetCertificate](3) Returning context. ID=PSADMIN, Lang=ENG, UStreamId=185906140_32290.1, Token=PT_LOCAL/2013-10-23-11.59.26.248432/PSADMIN/ENG/vSz0ix+wq8d+zPRwQ0Wa4hcek0Q=
~
I think the error is indicated in TUXLOG file "ERROR: Jolt client (ip address 192.168.196.102) does not have proper application password". The application password "myname" in Browser http://192.168.196.102:8000/ps/signon.html page is not working. I use the same password "myname" to login Data Mover Bootstrap mode, Application Designer, and Application Server psadmin configuration successfully. I have tried a few other passwords in Browser http://192.168.196.102:8000/ps/signon.html page but not working.
My question is:
How to solve Sign In issue on http://192.168.196.102:8000/ps/signon.html that is "ERROR: Jolt client (ip address 192.168.196.102) does not have proper application password" ?
Thanks.

Dear Nicolas,
Hello. I have used the same password for "DomainConnectPswd" in the file Configuration.properties with that for Application Server setting. Eventually, UserID PSADMIN sign in http://192.168.196.102:8000/ps/signon.html successfully. PeopleTools 8.53 runs correctly in Browser.
It seems that whether upgrade Oracle Linux 5.0 to the latest 5.10 does not have effect !
I am very grateful to your great help for this installation of PT8.53 with Linux and Oracle Database !

Retrieve Client IP Address in a Oracle WebServices Manager Custom Policy

Hi everybody,
For some reasons i had to implement a custom policy in the OWSM, to restrict the access to webservices by Client IP Addresses. I´ve been following the examples for custom policies mentioned in the books: "Oracle Web Services Manager, Oracle Web Services Manager" by Sitaraman Lakshminarayanan, and the "Oracle® Web Services Manager Extensibility Guide 10g (10.1.3.3.0)" by Oracle. I followed the examples mentioned in those books to implement my Custom policy, the policy is successfully deployed to OWSM and it works, only by the issue that when i want to retrieve the Client Ip address it returns null, and following the example by the Oracle Guide, the HttpServletRequest its also returns null, im desperated because in every site that i finally find some info about it, quotes any of these 2 examples in those books, and mine doesnt work! this is the code of the custom policy, i´ve combined the 2 aproaches:
package project1;
import com.cfluent.ccore.util.logging.ILogger;
import com.cfluent.ccore.util.logging.Level;
import com.cfluent.ccore.util.logging.LogManager;
import com.cfluent.pipelineengine.container.MessageContext;
import com.cfluent.policysteps.sdk.AbstractStep;
import com.cfluent.policysteps.sdk.Fault;
import com.cfluent.policysteps.sdk.IMessageContext;
import com.cfluent.policysteps.sdk.IResult;
import com.cfluent.policysteps.sdk.InvocationStatus;
import com.cfluent.policysteps.sdk.Result;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Vector;
import javax.servlet.http.HttpServletRequest;
public class CustomPolicy extends AbstractStep {
private static String CLASSNAME = CustomPolicy.class.getName();
private static ILogger LOGGER = LogManager.getLogger(CLASSNAME);
private String allowedIpAddress = null;
private String allowedRoleName = null;
private String protectedServiceMethodName = null;
public CustomPolicy() {
public void init() throws IllegalStateException {
// nothing to initialize
public void destroy() {
* This is the main method which will validate that the request is coming from
* the correct IP Address and has permission to access the specified metod.
public IResult execute(IMessageContext messageContext) throws Fault {
LOGGER.entering(CLASSNAME, "execute");
Result result = new Result();
result.setStatus(IResult.FAILED); //initialize result
String processingStage = messageContext.getProcessingStage();
LOGGER.log(Level.INFO, "Processing stage is " + processingStage);
HttpServletRequest httpServletRequest = (HttpServletRequest)
messageContext.getProperty("javax.servlet.request");
String remoteAddr = httpServletRequest.getHeader("Host");
LOGGER.log(Level.SEVERE, "Dir IP:"+remoteAddr);
String remoteHost = httpServletRequest.getRemoteHost();
LOGGER.log(Level.INFO, "ADDR" + remoteAddr+ "HOST"+remoteHost);
boolean isRequest =
(IMessageContext.STAGE_REQUEST.equals(messageContext.getProcessingStage()) ||
IMessageContext.STAGE_PREREQUEST.equals(messageContext.getProcessingStage()));
//Execute the step Only when its a Request pipeline else return success
if (!isRequest) {
result.setStatus(IResult.SUCCEEDED);
return result;
MessageContext msgCtxt = (MessageContext)messageContext;
String _MethodName = msgCtxt.getRequest().getMethodName();
LOGGER.log(Level.INFO,
"Writing Allowed IP Addr before creating SOAP header " +
allowedIpAddress);
LOGGER.log(Level.INFO,
"Writing Remote IP Addr before creating SOAP header " +
msgCtxt.getRemoteAddr());
/*LOGGER.log(Level.INFO,
"Writing Remote IP Addr before creating SOAP header " +
remoteAddr);*/
String cadTempo = allowedIpAddress;
Vector vect = new Vector();
for (int i = 0; i < allowedIpAddress.length(); i++) {
if (cadTempo.indexOf(",") != -1) {
//vect.add(cadTempo.substring(0, cadTempo.indexOf(",") - 1));
vect.add(cadTempo.substring(0, cadTempo.indexOf(",")));
cadTempo =
cadTempo.substring(cadTempo.indexOf(",") + 1, cadTempo.length());
LOGGER.log(Level.INFO,
"AQUI111");
} else {
if (!cadTempo.equalsIgnoreCase("")) {
vect.add(cadTempo);
LOGGER.log(Level.INFO,
"AQUI222");
break;
for(int i=0;i<vect.size();i++){
String temp = (String)vect.get(i);
if (temp.equals(msgCtxt.getRemoteAddr()) &&
_MethodName.equals(protectedServiceMethodName)) {
LOGGER.log(Level.INFO,
"AQUI333");
result.setStatus(IResult.SUCCEEDED);
break;
} else {
msgCtxt.getInvocationStatus().setAuthorizationStatus(InvocationStatus.FAILED);
LOGGER.log(Level.INFO,
"AQUI444");
/*if(allowedIpAddress!=null){
result.setStatus(IResult.SUCCEEDED);
/*if (allowedIpAddress.equals(msgCtxt.getRemoteAddr()) &&
_MethodName.equals(protectedServiceMethodName)) {
result.setStatus(IResult.SUCCEEDED);
} else {
msgCtxt.getInvocationStatus().setAuthorizationStatus(InvocationStatus.FAILED);
// Set the result to SUCCESS
//result.setStatus(IResult.SUCCEEDED);
return result;
public String getIpAddress() {
return allowedIpAddress;
public void setIpAddress(String IpAddress) {
this.allowedIpAddress = IpAddress;
LOGGER.log(Level.INFO, "IP Address is.. " + allowedIpAddress);
public String getServiceMethodName() {
return protectedServiceMethodName;
public void setServiceMethodName(String serviceMethodName) {
this.protectedServiceMethodName = serviceMethodName;
public String getRoleName() {
return allowedRoleName;
public void setRoleName(String roleName) {
this.allowedRoleName = roleName;
And the xml:
<csw:StepTemplate xmlns:csw="http://schemas.confluentsw.com/ws/2004/07/policy"
name="Custom authenticate step" package="project1"
timestamp="Oct 31, 2005 05:00:00 PM" version="1"
id="0102030405">
<csw:Description>Custom step that authenticates the user against the
credentials entered here. This step requires Extract
credentials to be present before it in the request pipeline.</csw:Description>
<csw:Implementation>project1.CustomPolicy</csw:Implementation>
<csw:PropertyDefinitions>
<csw:PropertyDefinitionSet name="Basic Properties">
<csw:PropertyDefinition name="Enabled" type="boolean">
<csw:Description>If set to true, this step is enabled</csw:Description>
<csw:DefaultValue>
<csw:Absolute>true</csw:Absolute>
</csw:DefaultValue>
</csw:PropertyDefinition>
</csw:PropertyDefinitionSet>
<csw:PropertyDefinitionSet name="Custom Access Rules">
<csw:PropertyDefinition name="IpAddress" type="string" isRequired="true">
<csw:DisplayName>IpAddress</csw:DisplayName>
<csw:Description>IP Address that is allowed access</csw:Description>
<csw:DefaultValue>
<csw:Absolute>192.168.0.1</csw:Absolute>
</csw:DefaultValue>
</csw:PropertyDefinition>
<csw:PropertyDefinition name="ServiceMethodName" type="string"
isRequired="true">
<csw:DisplayName>ServiceMethodName</csw:DisplayName>
<csw:Description>Service Method Name that is Protected (Secured)</csw:Description>
<csw:DefaultValue>
<csw:Absolute>getTime</csw:Absolute>
</csw:DefaultValue>
</csw:PropertyDefinition>
</csw:PropertyDefinitionSet>
</csw:PropertyDefinitions>
</csw:StepTemplate>
Please any tip or idea is welcome, thanks in advance for the help.
Carlos.

Hi again
copied your code for testing. And it works fine.
So both the code and policy-step definition is fine, log output below.
What is your log output?
Using soapui to send the request will give the ip of my localhost, using the test client will give the ip of the server, because that is the actual client.
I guess the server ip is 192.168.0.1 in your case, as you are testing from test console.
anyway, results from SOAPUI:
2009-05-19 09:52:15,096 FINE [HTTPThreadGroup-4] CSWComponent - Executing policy step. Policy='SID0003004', Step Name='Custom Policy Step', Step Class='com.*.soa.wsm.CustomPolicy'
2009-05-19 09:52:15,096 FINER [HTTPThreadGroup-4] wsm.CustomPolicy - com.*.soa.wsm.CustomPolicy execute:ENTERING
2009-05-19 09:52:15,096 INFO [HTTPThreadGroup-4] wsm.CustomPolicy - Processing stage is Request
2009-05-19 09:52:15,096 SEVERE [HTTPThreadGroup-4] wsm.CustomPolicy - Dir IP:hostname.domain:8890
2009-05-19 09:52:15,096 INFO [HTTPThreadGroup-4] wsm.CustomPolicy - ADDRhostname.domain:8890HOST10.47.89.116
2009-05-19 09:52:15,096 INFO [HTTPThreadGroup-4] wsm.CustomPolicy - MethodName=getHostNameElement
2009-05-19 09:52:15,096 INFO [HTTPThreadGroup-4] wsm.CustomPolicy - Writing Allowed IP Addr before creating SOAP header 10.47.89.116, 192.168.0.1
2009-05-19 09:52:15,096 INFO [HTTPThreadGroup-4] wsm.CustomPolicy - Writing Remote IP Addr before creating SOAP header 10.47.89.116
2009-05-19 09:52:15,096 INFO [HTTPThreadGroup-4] wsm.CustomPolicy - AQUI111
2009-05-19 09:52:15,096 INFO [HTTPThreadGroup-4] wsm.CustomPolicy - AQUI222
2009-05-19 09:52:15,097 INFO [HTTPThreadGroup-4] wsm.CustomPolicy - AQUI333
2009-05-19 09:52:15,097 FINER [HTTPThreadGroup-4] agent.Agent - com.cfluent.agent.Agent intercept:ENTERING
But if I use the test client the remote IP would be 10.47.137.50 and execution fails, as code is written

2009-05-19 09:54:12,266 INFO [HTTPThreadGroup-4] wsm.CustomPolicy - Writing Allowed IP Addr before creating SOAP header 10.47.89.116, 192.168.0.1
2009-05-19 09:54:12,266 INFO [HTTPThreadGroup-4] wsm.CustomPolicy - Writing Remote IP Addr before creating SOAP header 10.47.137.50
2009-05-19 09:54:12,267 INFO [HTTPThreadGroup-4] wsm.CustomPolicy - AQUI111
2009-05-19 09:54:12,267 INFO [HTTPThreadGroup-4] wsm.CustomPolicy - AQUI222
2009-05-19 09:54:12,267 INFO [HTTPThreadGroup-4] wsm.CustomPolicy - AQUI444
2009-05-19 09:54:12,267 INFO [HTTPThreadGroup-4] wsm.CustomPolicy - AQUI444
2009-05-19 09:54:12,267 FINE [HTTPThreadGroup-4] CSWComponent - Step execution failed: Policy=[SID0003004] Pipeline=[Request] Step Name=[Custom Policy Step] Step Class=[com.tandberg.soa.wsm.CustomPolicy]
2009-05-19 09:54:12,267 FINER [HTTPThreadGroup-4] common.PrepareForServiceStep - Step PrepareForServiceStep called

UNABLE TO RETRIEVE THE CLIENT IP ADDRESS AND HOST NAME OF A PORTAL USER

I'm trying to retrive the client IP address and host name of a portal user
trying to access a portal page using APIs:
PortletRenderRequest portletRequest =
(PortletRenderRequest)request.getAttribute(HttpCommonConstants.PORTLET_RENDER_REQUEST);
HttpServletRequest servletRequest =
(HttpServletRequest)portletRequest.getAttribute(HttpCommonConstants.SERVLET_REQUEST);
String l_szClientIPAddress = servletRequest.getRemoteAddr();
String l_szClientHost = servletRequest.getRemoteHost();
but i found that for all portal users on different machines IP addresses, the
returned IP is the same for all which is Portal middle tier IP address.
So how can retrive the IP addess of a portal user trying to access a portal
page ?

Brijesh,
Do you mean how to see hostname/ip address of client requests processed by the server? If yes, depending on what's your front ending component - Web Cache or OHS, you can configure the access log format to have this information recorded in either of these component's access log file.
For Web Cache access log file, refer this:
http://download.oracle.com/docs/cd/B14099_19/caching.1012/b14046/diagnostics.htm#sthref2090
For OHS access log file, refer this:
http://download.oracle.com/docs/cd/B14099_19/web.1012/b14007/servlog.htm#sthref439
By default, both Web Cache and OHS are configured to use Common Log Format (CLF) that does record hostname/ip address so if you haven't made any changes to log format, this info is already there for you. Look for $ORACLE_HOME/webcache/logs/access_log file for Web Cache and $ORACLE_HOME/Apache/Apache/logs/access_log file for OHS.
Thanks
Shail

How can I preserve Client IP address?

I am configuring the ACE for bridged mode. However, the real server is seeing VIP IP but not Client IPs. Our business requires that the real server must see client IPs. Do you have any idea how to set that up?
I tried to turn ON/OFF normalization but it is still not working.
Thanks,
Vincent
==============================
Here is my configuration:
rserver host 192.168.71.71
ip address 192.168.71.71
inservice
serverfarm host WEB_FARM
failaction purge
probe ICMP
rserver 192.168.71.71
    inservice
access-list PERMIT-BPDU ethertype permit bpdu
access-list ALL line 8 extended permit ip any any
sticky ip-netmask 255.255.255.255 address source WEB_FARM_Sticky
timeout 180
replicate sticky
serverfarm WEB_FARM
class-map match-all WEB_FARM_VIP
2 match virtual-address 192.168.71.154 tcp eq 80
class-map type management match-any remote_access
2 match protocol xml-https any
4 match protocol icmp any
5 match protocol telnet any
6 match protocol ssh any
7 match protocol http any
8 match protocol https any
9 match protocol snmp any
policy-map type loadbalance first-match WEB_FARM_Policy
class class-default
    sticky-serverfarm WEB_FARM_Sticky
policy-map multi-match WEB_VIPS
class WEB_FARM_VIP
    loadbalance vip inservice
    loadbalance policy WEB_FARM_Policy
    loadbalance vip icmp-reply active
    nat dynamic 6 vlan 31
    nat dynamic 5 vlan 21
interface vlan 21
description Client VLAN
bridge-group 171
no normalization
mac-sticky enable
access-group input PERMIT-BPDU
access-group input ALL
service-policy input WEB_VIPS
nat-pool 5 192.168.71.154 192.168.71.154 netmask 255.255.255.255 pat
interface vlan 31
description Server VLAN
bridge-group 171
no normalization
mac-sticky enable
access-group input PERMIT-BPDU
access-group input ALL
service-policy input WEB_VIPS
nat-pool 6 192.168.71.154 192.168.71.154 netmask 255.255.255.255 pat
no shutdown
interface bvi 171
ip address 192.168.71.3 255.255.255.0
no shutdown

Do you have a default route on the ACE and the rservers? Are they all pointing to the same IP? I have the same configuration. An ACE 4710 in transparent mode, but I have no NATing and my rservers are able to see the original client IPs (security requirement).
Here is part of my config for one serverfarm
rserver host RS_MIDTIER_220
description
ip address 172.31.0.131
inservice
rserver host RS_MIDTIER_221
description
ip address 172.31.0.132
inservice
rserver host RS_MIDTIER_222
description
ip address 172.31.0.133
inservice
rserver redirect RS_SSL_Redirects
webhost-redirection https://%h/%p 301
inservice
action-list type modify http SSL_URL_REWRITE
ssl url rewrite location ".*"
serverfarm redirect SF_SSL_Redirects
predictor leastconns
rserver RS_SSL_Redirects
inservice
serverfarm host SF_Midtier_Prod
description Midtier Production
predictor leastconns
probe APACHE
probe ICMP
rserver RS_MIDTIER_220 80
    inservice
rserver RS_MIDTIER_221 80
    inservice
rserver RS_MIDTIER_222 80
    inservice
ssl-proxy service SSL_PSERVICE_MIDTIER_PROD
key
cert
chaingroup EntrustChainGroup
sticky http-cookie JSESSIONID Sticky_Jsession_Cookie_Midtier_Prod
timeout 90
serverfarm SF_Midtier_Prod
class-map type management match-any REMOTE_MGT_ACCESS
description remote access traffic match
2 match protocol ssh source-address
4 match protocol https source-address
5 match protocol snmp source-address
class-map match-any VS_Midtier_Prod_L3SLB
description Midtier Prod IPs
2 match virtual-address 172.31.0.46 tcp eq https
3 match virtual-address 172.31.0.47 tcp eq https
class-map match-any VS_SSL_Redirects
description Redirects any http VIPS to https
5 match virtual-address 172.31.0.46 tcp eq www
6 match virtual-address 172.31.0.47 tcp eq www
policy-map type management first-match REMOTE_MGMT_ALLOW_POLICY
class REMOTE_MGT_ACCESS
    permit
policy-map type loadbalance http first-match Midtier_Prod_L4SLB
class class-default
    sticky-serverfarm Sticky_Jsession_Cookie_Midtier_Prod
    action SSL_URL_REWRITE
policy-map type loadbalance first-match SSL_Redirect_L4SLB
class class-default
    serverfarm SF_SSL_Redirects
policy-map multi-match Farm_VIPS
class VS_SSL_Redirects
    loadbalance vip inservice
    loadbalance policy SSL_Redirect_L4SLB
class VS_Midtier_Prod_L3SLB
    loadbalance vip inservice
    loadbalance policy Midtier_Prod_L4SLB
    loadbalance vip icmp-reply active
    ssl-proxy server SSL_PSERVICE_MIDTIER_PROD
interface vlan 100
description DMZ ACE frontside
bridge-group 1
access-group input BPDUALLOW
access-group input ALL
service-policy input REMOTE_MGMT_ALLOW_POLICY
service-policy input Farm_VIPS
no shutdown
interface vlan 110
description DMZ ACE backside
bridge-group 1
access-group input BPDUALLOW
access-group input ALL
no shutdown
interface bvi 1
ip address 172.31.0.150 255.255.255.0
no shutdown
rserver redirect RS_SSL_Redirects
webhost-redirection https://%h/%p
301
inservice
domain
ip route 0.0.0.0 0.0.0.0 172.31.0.1

Obtain remote client IP address from webservice with WL 7.0.7

Hi,
Please Help!!
I need to get the remote client IP address from inside a webservice but with WLS 7.0.7. I know it is possible with WL 8:
WebServiceContext wsContext = WebServiceContext.currentContext();
WebServiceHttpSessionImpl vHttp = (WebServiceHttpSessionImpl)wsContext.getSession();
vHttp.request.getRemoteAddr();
But WL 7 has not available WebServiceContext.currentContext() method.
Thank you very much

This was logged as an enhancement which I believe was hoping to make it into one of the later 6i releases of forms. Ref:<Bug:856958> if you can access via metalink or Support.
Grant Ronald.

Log Host IP Address

Hi,
Is it possible to log the IP address of the client (not the application server) in a database table along with other session values like last accessed time, last login time and log off time?
Once this is logged I need to show this information on the default dashboard page (which is the simple bit). :)
I have OBI 10.1.3.4 running on a Windows 2000 server with OC4J as the web server.
Many Thanks in Advance!

Web Applications do not care where users are coming from, the whole idea of a Web Application is that it can be accessed from anywhere in your IP network. From a security standpoint I don't think it matters where the user are coming from either. If you really care about this you should to implement an SSO solution using NTLM which is "virtually unspoofable". We use NTLM in our SSO solution and there is absolutely no way a user can login to OBIEE unless it is authenticated on the Windows domain first so there is no chance of a user login in with another user's details.

How is NTP reply routed when requesting router uses loopback as source address

The Cisco NTP Best Practices White Paper and DISA STIGs recommend setting the NTP source address to a loopback interface (e.g. "ntp source loopback0").
But this only seems to work if the requesting (NTP client) router is the default gateway for the NTP server.
Specifically, the NTP server will attempt to reply to the requesting router's loopback-based source address (taken from the NTP request packet). Since that address will always be non-local from the perspective of the NTP server, the NTP server will encapsulate the reply in a Layer 2 frame addressed to its default gateway. If the gateway was the source of the original NTP request, that should work. But in most other situations that gateway won't know how to reach a loopback-based address, and will discard the reply.
I have verified this in tests with routers running both 12.4 and 15.1 releases (and NTP debugging enabled). When the NTP source is a loopback address, NTP replies never reach the requesting router. With the default NTP source address (i.e. based on the exit interface) everything works fine.
Obviously, you could employ workarounds, such as static routes or injecting loopback addresses into your routing protocols. But that seems uglier than leaving NTP source addresses at their defaults.
Why is this "best practice" so commonly advocated without mention of some significant caveats regarding routing? Am I missing something?
Thanks,
Mark

Michel:
Thanks for the response. Actually, I understand what kind of routing workarounds could allow NTP to function in spite of this "best practice." But I am mystified as to why a Cisco "NTP best practice" paper (http://www.cisco.com/en/US/tech/tk869/tk769/technologies_white_paper09186a0080117070.shtml) and various security policies would call for setting a loopback address as the NTP source when that practice will often cause more problems than it solves.
The stability of a loopback address is nice when that address is used to uniquely identify the platform for a routing protocol or syslog. A loopback-based source address can also simplify ACL management, since that address won't change if an interface or link failure forces the router to send traffic from a different interface. But I keep seeing security configuration guides/policies that call for also using a loopback address as the source for two-way protocols, such as FTP and NTP. That just doesn't make sense to me when you balance the routing implications against the limited security benefits (stable device identification, simplified ACL maintenance, and obfuscation of device addresses).
I was hoping to learn that some obscure command might allow me to control which NTP exchanges use the loopback-based source address. For example, the loopback source address would work fine on outgoing NTP broadcasts (and probably in replies from NTP servers). But I would prefer that NTP client requests use a source address based on the exit interface. That way replies can be routed back to the client without cluttering up routing tables with routes to loopback addresses.
So far, it looks like I'll need to chalk this up to poor coordination between the network security and network administration communities.
Thanks again,
Mark

CSM 12 hour stickiness from two source addresses

We have an environment where the traffic only originates from two source IP addresses (shared port forwarders). The server group need a 12 hour stickiness window for the Citrix sessions to be hitting the same server.
If we have two servers, ServerA and ServerB, this is the problem.
When maintenance is performed on ServerA. All traffic is sent to ServerB. When ServerA is back in operation the traffic does not use this server due to the sticky timeout of 720 minutes.
Is there anyway to clear the connections from one source on the CSM so the processing of packets will spread the load between the two servers?
Thanks.

Ben,
clearing the connections without clearing the sticky table is useless. Because the sticky entry will simply forward the new connections back to the same server.
Also, there is no way to clear a particular sticky entry.
Finally, I think the solution for you would be to create static sticky entry.
You can force a client ip to go to a specific server.
If the server is down for maintenance, the CSM will simply select another one but will go back to the initial one if available.
To configure static entries, use the following commands
sticky 66 netmask /32
static client source x.x.x.x real x.x.x.x
Gilles.

WRVS4400N - eth0: received packet with own address as source address

I am using a WRVS4400N as my primary router for a small office. I get the following message repeated over and over in my logs. This seems to happen for 2 or 3 days and then it will go away for about a week and then come back. Does anyone know what is causing this? The best I can tell I don't have any IP conflicts on the network and most of the time the network has very little traffic other than 2 or 3 computers surfing the web.
Jan 3 16:48:09 - eth0: received packet with own address as source address
Jan 3 16:48:09 - eth0: received packet with own address as source address
Jan 3 16:48:15 - eth0: received packet with own address as source address
Jan 3 16:48:27 - eth0: received packet with own address as source address
Jan 3 16:48:51 - eth0: received packet with own address as source address

any news on this issue?
I am getting more and more messages (20+/day) - hundreds this month.
Now Coming every 10 minutes - HELP
eth0: received packet with own address as source address
Done everything, now waiting for input from Cisco.
Please, anyone as Cisco got any answers?
1:38 AM [email protected] WRVS4400N Security Log [6B:C6:FD]
12:36 AM [email protected] WRVS4400N Security Log [6B:C6:FD]
2:38 AM [email protected] WRVS4400N Security Log [6B:C6:FD]
3:38 AM [email protected] WRVS4400N Security Log [6B:C6:FD]
4:38 AM [email protected] WRVS4400N Security Log [6B:C6:FD]
5:38 AM [email protected] WRVS4400N Security Log [6B:C6:FD]
6:38 AM [email protected] WRVS4400N Security Log [6B:C6:FD]
7:38 AM [email protected] WRVS4400N Security Log [6B:C6:FD]
8:38 AM [email protected] WRVS4400N Security Log [6B:C6:FD]

Client IP address in Portal Server

Is there a way to get end user client IP address in the Portal server? Currently, gateway intercepts the client request and from thereon gateway acts as the client for portal server. So all I see is gateway IP address.
We want to put IP information in our application log files. We are using Sun One Portal 6.0 version.
Thanks in Advance,
Nishchit

Hi !
I think it is adressed as bug id 5044891 and fixed in patch 116856-12. The latest patch now is 116856-15 Go to sunsolve.sun.com -> patchportal and enter 116856-15 in the search field.
hope this helps
/Per-Olov

Resolving client IP-address or machine name

In Tree Tier Configuration, how to resolve client IP address or machine name.
Database and App server are on same unix box, but clients are Windows PC's.
Configuration:
 Oracle RDBMS 8.1.7.3 on HP-UX 11.11
 Oracle Application Server Rel.1 (1.0.2.2.2) on HP-UX 11.11 (same as above)
 Oracle Application R11i

I don't have general answer, but I create small perl script for reading Forms server log file.
===========START readfrmlog.pl=========================
#!/usr/contrib/bin/perl
# Read FORMS6i Server logfile
# Autor: Mastakov Konstantin
if ((@ARGV!=2) || (($ARGV[0] ne '-d')&&($ARGV[0] ne '-a')&&($ARGV[0] ne '-x'))) {
&usage;
exit;
if ($ARGV[1] eq 'TEST') {
$logfile='/oracle/test/testora/8.0.6/forms60/log/TEST/frmlsnr.log';
$ORACLE_HOME='/oracle/test/testdb/8.1.7';
else {
$logfile='/oracle/prod1/prodora/8.0.6/forms60/log/PROD/frmlsnr.log';
$ORACLE_HOME='/oracle/prod1/proddb/8.1.7';
$ORACLE_SID=$ARGV[1];
$startread=false;
$vrati=-1;
if (open(FRMLOG,$logfile)) {
$poz=tell(FRMLOG);
while ($linija=<FRMLOG>) {
if (substr($linija,0,1) eq '[') {
$startread=$linija=~/::Server Start-up Data:/;
if ($startread) {
$serverData=&userDT(substr($linija,1,28));
$vrati=$poz;
$poz=tell(FRMLOG);
if ($poz>=0) {
seek(FRMLOG,$vrati,0);
while ($linija=<FRMLOG>) {
if (substr($linija,0,1) eq '[') {
$data=&userDT(substr($linija,1,28));
if ($linija=~/::LISTN: Connection Request/) {
$vtordel=$';
$vtordel=~/ConnId=/;
$tretdel=$';
$tretdel=~/,/;
$connId=$`;
$cetdel=$';
$cetdel=~/Addr=/;
$petdel=$';
$petdel=~/]/;
$ipAddr=$`;
$lsnr{$connId}->[0]=$data;
$lsnr{$connId}->[1]=$ipAddr;
if ($linija=~/::RUNFORM Client Connected/) {
$vtordel=$';
$vtordel=~/ConnId=/;
$tretdel=$';
$tretdel=~/,/;
$connId=$`;
$cetdel=$';
$cetdel=~/PID=/;
$petdel=$';
$petdel=~/]/;
$procId=$`;
$lsnr{$connId}->[2]=$procId;
if ($linija=~/::Client Status/) {
$vtordel=$';
$vtordel=~/ConnId=/;
$tretdel=$';
$tretdel=~/,/;
$connId=$`;
$cetdel=$';
$cetdel=~/PID=/;
$petdel=$';
$petdel=~/]/;
$procId=$`;
$lsnr{$connId}->[3]=$data;
if ($linija=~/::RUNFORM Client Disconnected/) {
$vtordel=$';
$vtordel=~/ConnId=/;
$tretdel=$';
$tretdel=~/,/;
$connId=$`;
$cetdel=$';
$cetdel=~/PID=/;
$petdel=$';
$petdel=~/]/;
$procId=$`;
$lsnr{$connId}->[3]=$data;
close FRMLOG;
if ($ARGV[0] eq '-a') {
@progList = ("ORACLE_HOME=$ORACLE_HOME; export ORACLE_HOME;".
"ORACLE_SID=$ORACLE_SID; export ORACLE_SID;".
"TNS_ADMIN=/oracle/etc/network; export TNS_ADMIN;".
"$ORACLE_HOME/bin/sqlplus ".'-s apps/apps@$ORACLE_SID @spid_to_forms2.sql >frmlog.lst');
system(@progList);
if (open(SQLLOG,'frmlog.lst')) {
while ($linija=<SQLLOG>) {
chop($linija);
@cpole=split(/\s+/,$linija);
$userList{$cpole[1]}=$cpole[0];
close SQLLOG;
unlink('frmlog.lst');
foreach $kluc (keys(%lsnr)) {
$lsnr{$kluc}->[4]=$userList{$lsnr{$kluc}->[2]};
$what="All" if ($ARGV[0] eq '-x');
$what="Disconnected" if ($ARGV[0] eq '-d');
$what="Active" if ($ARGV[0] eq '-a');
print("Print $what Connections\n");
print("Forms Server Up from: $serverData\n\n");
print("Connection Start Who ProcID Connection Ended User\n");
print("------------------- --------------------- ------- ------------------- ----------\n");
foreach $kluc (sort {$lsnr{$a}->[0] cmp $lsnr{$b}->[0]} keys(%lsnr)) {
$iP=substr($lsnr{$kluc}->[1]." ",0,21);
$pRoc=substr($lsnr{$kluc}->[2]." ",0,7);
$endTime=substr($lsnr{$kluc}->[3]." ",0,19);
if (($ARGV[0] eq '-x') || (($ARGV[0] eq '-a') && (length($lsnr{$kluc}->[3])<5)) ||
(($ARGV[0] eq '-d') && (length($lsnr{$kluc}->[3])>5))) {
print($lsnr{$kluc}->[0].' '.$iP.' '.$pRoc.' '.$endTime.' '.$lsnr{$kluc}->[4]."\n");
else {
print("Error reading Forms-log file: $logfile\n");
sub userDT {
my ($sto) = @_;
$mesec{'Jan'}='01';
$mesec{'Feb'}='02';
$mesec{'Mar'}='03';
$mesec{'Apr'}='04';
$mesec{'May'}='05';
$mesec{'Jun'}='06';
$mesec{'Jul'}='07';
$mesec{'Aug'}='08';
$mesec{'Sep'}='09';
$mesec{'Oct'}='10';
$mesec{'Nov'}='11';
$mesec{'Dec'}='12';
return substr($sto,20,4).".".$mesec{substr($sto,4,3)}.".".substr($sto,8,2)." ".substr($sto,11,8);
sub usage {
print("Usage: readfrmlog -x|-a|-d ORACLE_SID\n");
print(" -x all (Active and Disconnected) connection\n");
print(" -a only Active connection\n");
print(" -d only Disconnected connection\n");
===========END readfrmlog.pl=========================
===========START spid_to_forms2.sql==================
set lines 120
column user_name format a20
column user_form_name format a25
column time format a8
column pid format 99999
column spid format 99999
set pages 0
set feedb off
select distinct user_name,process
from fnd_signon_audit_view, v$process, v$session
where fnd_signon_audit_view.pid = v$process.pid and
v$session.paddr = v$process.addr
and user_form_name is not null
exit;
===========END spid_to_forms2.sql==================
Modify all hardcoded variables: ORACLE_SID, ORACLE_HOME, TNS_ADMIN, logfile, password of App R11, location of perl exe, ...
Regards,

How can I get the client IP address correctly?

Hi,
I am having a problem with getting the client ip address correctly using jsp. I am currently using the method request.getRemoteAddr() (JSP)to get the remote client IP. This method works fine with intranet addresses.
However, when I am using a dial-up connection through a ISP (internet service provider), it could not detect the actual IP that is assigned to my client PC, but instead got another IP address.
Could anyone advise me on that? And could anyone advise me on how to obtain the correct client ip address correctly using any of the java technologies?
Thanks,
Damien

>
I don't believe so. You can't establish aconnection
over the internet using a private IP. As far as I
know most, if not all routers, block them so itwon't
even move over the backbone.Well with port-mapping it is definately possible to
allow an external ip to "connect" to an internal ip, i
have done this very thing myself...Not the same.
You are addressing the external server with a public IP address. That is then translated into the internal connection.
That is not the same as using a private IP on the internet.
As I said, the backbone will not let a private IP through.
>
>
Yes, but my point is that at any given time, in the
world, many boxes might have one address. Even ifit
is a private IP is it still that IP for aparticular
box. So if you use java to get its IP that is theIP
that it gets. And that IP is useless for anything
unless that IP is meaningful for the othercomputer.
But all ips must be unique in a designated "internet"
be it an "intranet" or whatever, there cannot be a
situation where two identical ips in the same
"internet", such that an ip that is achieved from a
page-hit is valid and meangingful in order to send the
data it is requesting back to it, or find out more
about that computer, or log and report it if it is
doing something illegal; i don't think its that
meangingless is it?Yes it is. You can't use an IP to uniquely identify a box, and that is the sole criteria, when there might be two boxes with the same IP.
When you use java on a client box to get the IP of the box, it doesn't necessarily return an IP that it meaningful to the anyone outside the lan on which the box lives.
Because of this internet systems must do one of the following:
-Do not use the IP as an identifier.
-Require that the client has a public IP. This is often static. At least some security systems use this to validate users.

SGD: logging client source address

Similar Messages

Maybe you are looking for