Weblogic HTTP access extended log

Similar Messages

• Continous HTTP access error logged when using Weblogic Cluster

  I am not sure if this is the right forum for this discussion, but here we go anyways.
  We have created a Weblogic Cluster with one Administration Server and up to 12 Managed Servers. Our Weblogic version is 9.2.
  SSL has been enabled for all Servers and the HTTP Listen Ports are all turned off. The cluster and all applications are working fine and communicating over HTTP as expected, however the logs grow 3MB+ per hour due to an error that repeatedly logged. This error appears to be an attempt by an internal Weblogic process to access some resource over HTTP.
  Here are the various messages received in the logs. There are 3 messages logged per error occurred.
  This first log message is from the domain log (I replaced the hostname/IP info with <PEER>):
  ####<Aug 11, 2008 12:08:46 PM GMT+00:00> <Warning> <Security> <PEER> <ManagedServer7> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1218456526962> <BEA-090475> <Plaintext data for protocol HTTP was received from peer <PEER> instead of an SSL handshake.>
  This second log message is from the ".out" log from the Administration Server:
  ####<Aug 11, 2008 12:08:58 PM GMT+00:00> <Info> <ServletContext-/bea_wls_internal> <PEER> <AdminServer> <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <> <1218456538658> <000000> <HTTPClntLogin: Login rejected with code: 'Failed', reason: java.net.ProtocolException: HTTP tunneling is disabled
  at weblogic.rjvm.http.HTTPServerJVMConnection.acceptJVMConnection(HTTPServerJVMConnection.java:88)
  at weblogic.rjvm.http.TunnelLoginServlet.service(TunnelLoginServlet.java:80)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:856)
  at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
  at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
  at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:283)
  at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:175)
  at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3231)
  at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
  at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
  at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2002)
  at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:1908)
  at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1362)
  at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
  at weblogic.work.ExecuteThread.run(ExecuteThread.java:181)
  This last message is from the access.log for the Admin Server:
  <PEER> - - [11/Aug/2008:12:08:58 +0000] "GET /bea_wls_internal/HTTPClntLogin/a.tun?wl-login=https+dummy+WLREQS+9.2.2.0+dummy+%0A&rand=8038349418070109915&AS=2048&HL=19 HTTP/1.1" 200 1337
  I have searched all over trying to find a solution but with no luck thus far. I have seen some posts about turning on HTTPTunneling and this does seem to prevent the error from occurring, but this is not a solution for us.
  I could really use some help in understanding whats going on and trying to resolve this issue. Our client will make a big deal out of this and will want a solution. Any help would be greatly appreciated.
  Message was edited by:
  user651444

  Hi,
  We had this problem with WebLogic Platform 9.2 MP2, running on Solaris. The patch CR344429 worked fine. The corresponding patch for 9.2 MP3 is CR370091. You can get these patches through Oracle Support.
  A couple of points:
  1. We did not have to set StartScriptEnabled=true for the patch to work. We use the SSL Niode manager.
  2. Using the t3: protocol (-Dweblogic.management.server=t3://<admin server listen address>:<admin server listen port) does stop these exceptions, but causes these warning messages to appear in the administration server log file:
  <Warning> <[STANDBY] ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <...> <BEA-002637> <Failed to register a disconnect listener because of weblogic.rmi.extensions.DisconnectMonitorUnavailableException: Could not register a DisconnectListener for [weblogic.rmi.internal.BasicRemoteRef ......>
  <Warning>  <[STANDBY] ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <...> <BEA-002637> <Failed to register a disconnect listener because of weblogic.rmi.extensions.DisconnectMonitorUnavailableException: Could not register a DisconnectListener for [weblogic.rmi.internal.BasicRemoteRef ......>
  Hope these comments help.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       

• Extending HTTP access log file

  I am trying to extend the HTTP access log file using the information given at http://e-docs.bea.com/wls/docs81/adminguide/web_server.html#113868
  However, I havent been able to succeed in doing that. I have written my own class
  authType.java to display that information in the log file. I compiled the class
  and placed it under the lib directory thereby guaranteeing that it will be loaded.
  However, the log file only seems to place a '-' at the location where it should
  have actually placed the contents of the method getMethod().
  Help will be appreciated.
  [authType.java]

  Not at the moment. We are working on adding a property in an upcoming
  release.
  This is documented at:
  http://www.weblogic.com/docs51/adminhelp/AdminPropertyHelp.html
  Thanks,
  Michael
  Michael Girdley
  Product Manager, WebLogic Server & Express
  BEA Systems Inc
  Sean Scott <[email protected]> wrote in message
  news:8fhpl1$50t$[email protected]..
  Is there a property to set the max size of the http access.log file?

• Nothing being written to http access log.

  I added a custom field for extended logging, turned extended logging on and I know that the class is being invoked and the log method is being called. However my access.log is empty.
  what gives ?! I dont quite know how to debug this one. short of crawling through thedebugger

  Hi,
  What you can do is to set the buffer-size-kb parameter value to "0" in config.xml so that it can start logging once the server starts coming up rather then waiting for the default size which is 8kb to pass.
  Something like below:
  <web-server-log>
  <buffer-size-kb>0</buffer-size-kb>
  <web-server-log>
  For more details check the below link:
  Search for: CR302493
  http://download.oracle.com/docs/cd/E11035_01/wls100/issues/known_resolved.html
  Hope this helps you.
  Regards,
  Ravish Mody

• Logging HTTP access protocol

  Is there any way to log the HTTP access protocol in the access.log file (HTTP vs
  HTTPS). I tried the extended format using the following format:
  #Fields: c-ip date time cs-method cs-uri status bytes
  The log entries I get are of the format:
  169.254.114.81 2003-09-12 06:31:50 GET /test/HelloWorld.jsp - 459
  Note that the URI is relative to the document root and does not include the protocol
  (HTTP vs HTTPS). Also the status is showing up as a dash, which is surprising.
  Thanks.
  Naresh

  For getting the status use, sc-status in the field header.
  The whole URL can be logged by using a custom Java Class that can be added
  to the 'Fields' header.
  Thanks,
  Selva-
  [email protected]
  "Naresh Bhatia" <[email protected]> wrote in message
  news:3f61d993$[email protected]..
  >
  Is there any way to log the HTTP access protocol in the access.log file(HTTP vs
  HTTPS). I tried the extended format using the following format:
  #Fields: c-ip date time cs-method cs-uri status bytes
  The log entries I get are of the format:
  169.254.114.81 2003-09-12 06:31:50 GET /test/HelloWorld.jsp -459
  >
  Note that the URI is relative to the document root and does not includethe protocol
  (HTTP vs HTTPS). Also the status is showing up as a dash, which issurprising.
  >
  Thanks.
  Naresh

• How to configure WLS to send HTTP access log to syslog under Solaris?

  I understand there is a way configuring WLS to use syslog via log4j. Is it possible only to direct HTTP access logs to syslog and keep the rest of logs in normal log files? Thanks!

  I've been following the "How to do UD Document" https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/58f4db47-0501-0010-a2bf-ff01b150fdff and more specifically the document for Sybase  https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/c0d70315-958f-2a10-bc88-eb91e36f4037
  I am using the latest .jar file from Sybase http://www.sybase.com/detail?id=1002257
  When I navigate to http://<hostname>:50000//TestJDBC_Web/TestJDBCPage.jsp and Select connection name SDK_JDBC I get the following error message:
  Could not connect to database. Connection is inactive or does not support JDBC
  com.sap.ip.bi.sdk.exception.BIConnectionFailedException: Cannot open the connection
  Caused by: com.sap.ip.bi.sdk.exception.BIResourceException: Class DriverName is not found
  Caused by: java.lang.ClassNotFoundException: com.sybase.jdbc2.jdbc.SybDataSource
  Found in negative cache
  Loader Info -
  ClassLoader name: [connector:default]
  Parent loader name: [Frame ClassLoader]
  library:SYBASE
  Resources:
     /usr/sap/BWD/JC02/j2ee/cluster/server0/apps/sap.com/com.sap.ip.bi.sdk.dac.connector.sapq/connector/connectors/bi_sdk_sapq.rar/bi_sdk_sapq.jar
     /usr/sap/BWD/JC02/j2ee/cluster/server0/apps/sap.com/com.sap.ip.bi.sdk.dac.connector.jdbc/connector/connectors/bi_sdk_jdbc.rar/bi_sdk_jdbc.jar
     /usr/sap/BWD/JC02/j2ee/cluster/server0/apps/sap.com/cafbwadapterassembly/connector/connectors/cafbwadapterassembly.rar/sap.comcafbwadaptercaf.bw.adapter.jar
     /usr/sap/BWD/JC02/j2ee/cluster/server0/apps/sap.com/com.sap.ip.bi.sdk.dac.connector.xmla/connector/connectors/bi_sdk_xmla.rar/bi_sdk_xmla.jar
  Loading model: {parent,references,local}
  Any thoughts/insites?
  Thanks, Steve

• WLS http access logs not written to when starting WLS instance using nodemanager

  When starting managed WLS instances using node manager the HTTP access logs are
  not written to (the WLS log in the same directory is written to). All other functionality
  of the WLS instances seem to operate just fine when started using node manager.
  When we start the same managed WLS instances using a start-up script the HTTP
  access logs are written to.
  ===
  How can we get HTTP access logs to be written to when starting a WLS instance
  using node manager?

  I think I know the answer to this one!
  I got bitten by the same bug (at least I think it is a bug). Check the location
  specified for the HTTP-access log for your server instance. It is probably a relative
  location, right?
  According to the docs, relative paths should start from the Root Directory (see
  your Remote Start config), but it seems like the BEA-programmers forgot to retrieve
  the Root Directory and instead blindly writes to the process' current working
  directory (CWD).
  And when started by the Node Managet, the CWD = WL_HOME/common/nodemanager.
  If you are as paronoid as I am (and you should be too), that directory should
  not be writeable by anyone. Because my BEA installation was owned by 'bin', and
  the processes run by 'beawls', I got an error message in my NM-logs pointing to
  the problem. In your case, you are probably running NM as a user that has write-access
  to your NM-home, and all your missing HTTP-access logs are deep, down there.
  Jan Bruun Andersen

• Re: Disable HTTP access to Weblogic 6.0

  Appears to be: http://e-docs.bea.com/wls/docs60///////config_xml/properties.html
  On 20 Jul 2001 08:35:38 -0800, "Florian Kirchhoff" <[email protected]> wrote:
  >
  Is this possible in Weblogic 6.0?
  "Don Dwoske" <[email protected]> wrote:
  It looks like you've got a couple of different things going on
  here.
  If you want to disable http, do this in the WL properties file:
  weblogic.httpd.enable=false
  your getInitialContext should figure out what port your naming
  service is on unless you've hardcoded it to be localhost:80, true?
  I switch between ports 80 and 7001 all the time without problems.
  -Don
  "Gagan Bhalla" <[email protected]> wrote:
  Hi,
  Can someone tell me how do I disable the HTTP access to
  Weblogic.
  The environment I am running on my dev machine would be
  Win2000+
  Weblogic 5.1+ SP6. I am redirecting any HTTP request to
  the secure
  port and that part is working. But I want to be able to
  completely
  disable any HTTP requests all together. Is there a way
  to do this.
  In the weblogic.properties file, if I change the weblogic.system.listenPort
  property to point to anything other than port 80, it gives
  me errors
  on the WLInitialContext. What else do I need to change
  in this
  so that I can listen on a port other than 80?
  Thanks for your help,
  Gagan
  javax.naming.CommunicationException. Root exception is
  java.net.ConnectException: No server found at T3://localhost:80
  at weblogic.rjvm.RJVMFinder.findOrCreate(RJVMFinder.java,
  Compiled Code)
  at weblogic.rjvm.ServerURL.findOrCreateRJVM(ServerURL.java,
  Compiled Code)
  at weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialContextFactoryDelegate.java,
  Compiled Code)
  at weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialContextFactoryDelegate.java:148)
  at weblogic.jndi.WLInitialContextFactory.getInitialContext(WLInitialContextFactory.java:123)
  at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:671)

  I Need to keep HTTP session alive.
  But i need to block trace method or say get method.
  Any clue how can we do that.
  thanks

• HTTP Access logs

  Hi!
            Has anyone created custom field identifiers?
            I created a class for my custom field to access.log file and I changed the
            file
            so that it's in Extended Log Format.
            I placed the class file to classpath what the server uses when it starts up.
            Put it still do not work!!
            And the documents are useless...
            -Jussi Pöri
            

  Change "X-<class_of_extended_field>" to "x-<class_of_extended_field>".
  Andrzej Derlacki
  [email protected]

• Http proxy View access control log

  Access control log is broken. I get BMON window...operation cannot be
  completed.
  Tried TID 10026035 which did not work at all.
  Jerry Gunn

  If that is the only way, I guess it OK. Do you have a procedure to
  follow?
  Also... why doesn't TID 10026035 work? If its a usless TID who do I
  contact to get it removed or fixed?
  Thanks for your help.
  Jerry Gunn
  > If you're ready to throw away the access rules logs, you can start from
  > scratch by disabling all the components using btrieve (for instance,
  not
  > loading BM at the server startup, removing logging for the VPN, as
  > well), then disable all the logs in CSAUDIT, delete the contents of the
  > CSAUDIT directory and re-enable everything.
  >
  > --
  > Cat
  > NSC Volunteer Sysop

• Extended logging anomalies

  We recently turned on extended logging so that we could start analyzing
  things like the time-taken attribute. However, this has also changed
  the way that servlets and jsps are getting logged.
  We are using Weblogic 5.1sp4 on Win2000 machines. Our architecture is
  such that users hit servlets which do some processing and then forwards
  the request to a jsp which handles the display. (For the logging
  examples below, /citizenapp forwards to
  /citizen/registration/rg_home.jsp)
  With common logging it appears as I would expect, with the servlets
  showing up in the log:
  127.0.0.1 - - [27/Jul/2000:19:00:36 -0500] "GET /citizenapp HTTP/1.0"
  200 0
  127.0.0.1 - - [27/Jul/2000:19:00:36 -0500] "GET /images/headers/muni.gif
  HTTP/1.0" 200 7148
  127.0.0.1 - - [27/Jul/2000:19:00:36 -0500] "GET
  /images/headers/curve.gif HTTP/1.0" 200 1051
  However, when extended logging was turned on it seems that the servlets
  no longer get logged but the JSPs do:
  #Version: 1.0
  #Fields: date time s-ip c-ip cs-method cs-uri-stem cs-uri-query
  sc-status bytes time-taken
  2000-07-27 19:02:41 10.1.100.16:8001 127.0.0.1 GET
  /citizen/registration/rg_home.jsp - 200 0 2.073
  2000-07-27 19:02:41 10.1.100.16:8001 127.0.0.1 GET
  /images/headers/muni.gif - 200 7148 0.08
  2000-07-27 19:02:41 10.1.100.16:8001 127.0.0.1 GET
  /images/headers/curve.gif - 200 1051 0.1
  This is not the behavior I would have expected and makes it difficult to
  match up weblogic access logs with front end web server access logs. Is
  this a known problem? If so, is there a patch available to have the
  servlets appear in the extended log?
  Also, is there any way to have the actual content-length created by the
  jsp or servlet appear instead of zero? It would be very useful to be
  able to see the average size of outgoing requests. Especially for
  dynamic pages that populate themselves with things like search results.
  Finally, is the x-<logclass> functionality for application specific
  extended log entries implemented in the current release? If so, what is
  the interface that the log classes must implement?
  Any help would be appreciated. However I most certainly concur with the
  previous assertions that weblogic needs to beef up its logging
  facilities. Along the same lines, caching support in FileServlet would
  be greatly appreciated as would lazy reading of JDBC persistent sessions
  (which get read for each request right now even when serving up static
  content such as images).
  Jim LoVerde, Technical Architect
  Strategic Technology Resources
  http://www.str.com
  voice 312.674.4798 fax 312.697.3801
  mobile 773.398.9539 pager [email protected]
  [smime.p7s]

  hi
  By getting system properties of the client using an applet
  we can know the details of the client OS
  http://forums.bea.com/bea/message.jspa?messageID=600006451#600006451
  Prasanna Yalam

• Extended Log Format Issue

  Hello,
  I am rather new to BEA, and I am experiencing a little bit of a problem here. I am trying to configure the access logs in order for them to generate output concerning Browser information. I have gone through and was successfully able to change the configuration to extended. The browser information is now displayed.
  I have one MAJOR problem. When using the common log format, the usernames are logged just fine. But when I changed to the extended format, I only get a value of '-'. I believe all of my configuration is correct according to w3c standards, as I am using 'cs-username' in the '#Fields' directive. I have been searching all over for information reguarding how this field can be documented, but I cannot find anything.
  I have even gone out and tried to configure our apache logs to read this field, and yet I get the same '-' value there as well.
  If anyone could PLEASE help me in this matter, I would greatly appreciate it, as I am going down a river without a paddle on this one.
  Thanks in advance,
  Garret

  <p>Hello,</p>
  <p>Have you read through common log format doc and Enabling and Configuring HTTP Access Logs? Oddly they don't mension cs-username in the supported field identifiers section. You could try the common log format field name: auth_user. Or a custom identifier. I would also raise a support case with BEA if you don't get anywhere to make sure they do actually support this field.</p>
  <p>
  Hussein Badakhchani</br>
  </p>

• Extended Log Format

  Does iPlanet v6 support the Extended Log format [http://www.w3.org/TR/WD-logfile.html]?
  If so, would anyone recommend using the time-taken field to monitor page download times?

  Web Server does not directly support the Extended Log Format. In most cases, however, the flex-log format that Web Server does support can be manipulated to log the same data in the same order as the Extended Log Format.
  If you want to request time from Web Server then do this:
  1) Enable Statistics Gathering in the server (see the Performance and Tuning Guide for details), and
  2) Add \"%duration%\" to your flex-log init line in the magnus.conf (or via the Log Format Adming UI screen).
  This will log the time taken for a request to be completed to the access log.

• Extended Logging Format

  Hi, I have been asked to log and report data that is application specific. Rather than maintaining yet another application log I was hoping to make use Extended Log Format and have all the information wriiten to my existing web logs.
  I was wondering if WLS 8.1 supports Extended Log Format and if so how would I go about configuring it.
  Thanks in advance.
  Lisa.

  Hello,
  WebLogic Server does support extended log file format, version 1.0, as defined by the W3C.
  All you have to do is add a few directives to the log file itself. For complete instructions see:
  http://e-docs.bea.com/wls/docs81/adminguide/web_server.html#113870
  (scroll down a bit)
  Cheers,
  Hoos

• Sun Web Server Reverse Proxy and Weblogic HTTP to HTTPS redirection

  Hi,
  I am currently testing reverse-proxy from SJSW 7.0 update 5 to Weblogic server but I have encountered an issue.
  I have configured a context root to be forwarded to weblogic:
  Web Server: www.server.com
  URI: /path
  Reverse Proxy URL: wlserver:9000
  When I access https://www.server.com/path, I am getting the correct page. The issue is, the weblogic server is configured to redirect HTTP access to HTTPS, i.e., when I access http://www.server.com/path, it should be redirected to https://www.server.com/path. However, that is not the case. What happens is that I am being redirected instead to https://www.server.com/.
  If I don't use reverse proxy, that is, if I use the libproxy.so from weblogic, I get the correct redirection.
  Would appreciate it very much if someone can help me troubleshoot this issue.
  Thanks in advance!
  Edited by: agent_orange on Jul 29, 2010 2:30 AM
  Edited by: agent_orange on Jul 29, 2010 2:31 AM

  I am not sure, how you have configured your reverse proxy since you didn't attach / refer your current configuration file. this is how I would do it..
  - create a new configuration (using web server 7 admin gui , within configuration wizard, disable java option if you plan to use web server 7 only for reverse proxy)
  - select this new configuration and go to reverse proxy and try to reverse proxy / to the origin server.
  that is all it should need.
  your obj.conf or <hostname>-obj.conf depending on your configuration should look like following snippet
  <Object name="default">
  AuthTrans..
  NameTrans fn=map from="/" to="/path" name="reverse-proxy-/"
  </object>
  <Object name="reverse-proxy-/">
  Route fn=....
  Service ..
  </Object>
  this is all you should need..
  However, if you wanted to add complexity to your configuration, you could do some thing like
  <Object name="default">
  Auth..
  <If defined $security>
  NameTrans fn=map from="/" to="/path" name="reverse-proxy-/"
  </If>
  </Object>
  <Object name="reverse-proxy-/">
  Route...
  </Object>