There's an application where an embedded device foretells weblogic via Apache. Weblogic and Apache are on a single Solaris server, and that we are utilizing the weblogic module for Apache.
The communication works over http
It doesn't work over https, even though problem doesn't seem to be proportional to https (the SSL session is discussed fine plus some backwards and forwards happens). It seems the unit handles the communication in a different way when https can be used.
We'd want to see the http/https demands and reactions to debug this.
We are able to capture the information between tool and server using (e.g.) wireshark, but that is encoded so is not a tremendous help. Wireshark (or snoop) aren't seeing the neighborhood traffic around the server between Apache and Weblogic. Note: on Linux we're able to do that - but this is not on Solaris.
We do not really require the low-level packet capture of Wireshark - taking the headers and the body from the http demands and reactions could be sufficient.
Anybody understand how caused by this? Can there be an apache mod which will log all of the demands and reactions that go through, possibly (A google did not show anything apparent). Every other creative methods for carrying this out?
This can be of outside assistance. http://httpd.apache.org/paperwork/2.2/mod/mod%5Flog%5Fforensic.html
I requested an identical question on ServerFault, and also the best solution appeared to become to setup a TCP proxy on another machine, and pressure all communications to bounce through there.
So rather than:
Weblogic -> Apache
Weblogic -> (across network) TCP Proxy -> (across network) -> Apache
Then you may do whatever tcpdump/wiresharking you want. I made use of rinetd which labored well, however i know on Linux a minimum of, the built-in inetd also is able to do proxying (and logging).
Update: If you cannot do anything whatsoever over the network, you could utilize exactly the same concept then one like TcpProxy or something like that similar (potentially your family inetd) to complete the proxying and logging. You can make use of Netcat like a TCP Proxy. Another person has additionally recommended using DTrace to snoop on loopback traffic, since that may hook directly into the kernel.
My TCP capture program of preference is known as balance.
_ _ | |__ __ _| | __ _ _ __ ___ ___ | '_ \ / _` | |/ _` | '_ \ / __/ _ \ | |_) | (_| | | (_| | | | | (_| __/ |_.__/ \__,_|_|\__,_|_| |_|\___\___| this is balance 3.42 Copyright (c) 2000-2007,2008 by Inlab Software GmbH, Gruenwald, Germany. All rights reserved.
It's design like a tcp load balancer utility, but while using -p packet dump flag it really works pretty much to log all traffic out and in. It shows ASCII in ASCII and encodes everything as hex. It run fine as non-root when utilizing ports >1024.
You could utilize truss to capture the socket reads and creates carried out by among the processes.