Howto control Tomcat using wget

I just had to restart a webapp in Tomcat without stopping a second app running in the same tomcat instance.

Usually this can be done easily via the Tomcat Manager, but in this case I was not able to access the Manager due to firewall rules. Though I was able to access the server using ssh, but there was no curl installed.

Luckily wget did the trick too!

wget \
--http-user=manager-user \
--http-password=manager-password \
-q -O - http://localhost:8080/manager/html/reload?path=/test \
| grep -A1 Message|awk -F'>' '{print $NF}'

OK - Started application at context path /test

Perfect!

Howto: Log firewall from OpenWrt to a remote rsyslog

This is how I got remote logging from my OpenWrt router to the syslog daemon on the server box.

On the server side, I enabled remote logging over UDP (refer to the rsyslog or syslog-ng documentation).

On the OpenWRT box following steps are needed

Enable remote syslog logging

Edit /etc/config/system and enable remote logging by adding:

option 'log_ip' '192.168.1.2'

Now reboot the router and see if it logs correctly.

Enable firewall logging (-j LOG)

Update (2013): In recent Openwrt builds this is as simple as editing /etc/config/firewall and adding a line to each zone that you want to get logged

config 'zone'
        option 'name' 'wan'
        ...
        option 'log' '1'

That’s all.

 

The info below is valid only for old OpenWRT builds Kamikaze 8.09 and older!

Then I had to get IPtables to produce some log output. With Kamikaze’s new firewall config layout this was a bit tricky. I decided to just log SYN flood protection actions, and the dropping of INVALID packets on INPUT and FORWARD chains. Therefore we need to edit /lib/firewall/uci_firewall.sh and add 3 lines (those with -j LOG)

In function fw_defaults()

$IPTABLES -A INPUT -m state --state INVALID -j LOG --log-prefix "DROP INVALID (INPUT): "
$IPTABLES -A INPUT -m state --state INVALID -j DROP
...
$IPTABLES -A FORWARD -m state --state INVALID -j LOG --log-prefix "DROP INVALID (FORWARD): "
$IPTABLES -A FORWARD -m state --state INVALID -j DROP

and for the SYN flood stuff, in function load_synflood()

$IPTABLES -A syn_flood -j LOG --log-prefix "SYN FLOOD: "
$IPTABLES -A syn_flood -j DROP

 

Solaris and DNS

Just that I’ll never have to google this one up again….

To get Solaris to make use of your ususal DNS

cp /etc/nsswitch.conf /etc/nsswitch.conf.orig
cp /etc/nsswitch.dns /etc/nsswitch.conf
echo "nameserver xxx.yyy.zzz.bla" >> /etc/resolv.conf
svcadm restart nscd

There we go.