Re: mod_jk 1.2.10 and tomcat 5.5.9 buffer overflow (logging)
Bill, so far all I've gotten out of FINE logging is a lot of these: Jul 14, 2005 1:44:36 PM org.apache.jk.common.MsgAjp processHeader FINE: Received 560 18 We have been monitoring the server, and even though I got no SEVERE messages, it appears to have hung as before. Am I excluding SEVERE logging messages when I specify FINE as logging such as this? (I'm quite positive this is an inclusive logging setting) org.apache.jk.common.MsgAjp.level = FINEST org.apache.jk.server.JkMain.level = FINEST I any case, I have yet to catch the mod_jk in the act of doing a buffer overflow since changing the logging parameters. Thanks for any help you can give, Collin - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: mod_jk 1.2.10 and tomcat 5.5.9 buffer overflow (logging)
Bill, Thanks again for this tip. After reading the document to my best ability, I added this line to the end of /usr/local/tomcat/common/classes/logging.propeties : org.apache.jk.common.MsgAjp = ALL I got as a result what seemed like no logging at all for this class. I am setting it to DEBUG now to see what happens, but am I doing this correctly at all? Thanks for your help, Collin Bill Barker wrote: http://jakarta.apache.org/tomcat/tomcat-5.5-doc/logging.html - Original Message - From: Collin McClendon [EMAIL PROTECTED] To: Tomcat Developers List tomcat-dev@jakarta.apache.org Sent: Tuesday, July 12, 2005 10:57 AM Subject: Re: mod_jk 1.2.10 and tomcat 5.5.9 buffer overflow Thanks so much for replying! I can understand that concept. Given that we are using mod_jk to connect the Apache frontend to Tomcat running OpenCMS on the backend, perhaps the way that the application is working that is giving us this result? Also in response to Bill, where can one turn on DEBUG logging for a specific class such as org.apache.jk.common.MsgAjp ? I'm thinking that would be in one of the xml config files and I will do more research on that, but if you had a quick answer, I'd be happy to hear it. On the suggestion of Mladen Turk, I did upgrade to mod_jk 1.2.14, I hope to see some difference there. Thanks again, Collin Remy Maucherat wrote: Bill Barker wrote: The message is simply that you have a header value that is too big for the AJP/1.3 protocol to handle. If you enable DEBUG logging for org.apache.jk.common.MsgAjp, you should get a dump of the partial data that should include the name of the bad header. Given the line, it could be a monster header value, possibly a cookie (the size is 18KB, which is way over the AJP/1.3 capabilities). Rémy (with the neophyte AJP developer hat on) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Collin McClendon Sr. Microsoft Systems Engineer Digicon, Inc. [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This message is intended only for the use of the person(s) listed above as the intended recipient(s), and may contain information that is PRIVILEGED and CONFIDENTIAL. If you are not an intended recipient, you may not read, copy, or distribute this message or any attachment. If you received this communication in error, please notify us immediately by e-mail and then delete all copies of this message and any attachments. In addition you should be aware that ordinary (unencrypted) e-mail sent through the Internet is not secure. Do not send confidential or sensitive information, such as social security numbers, account numbers, personal identification numbers and passwords, to us via ordinary (unencrypted) e-mail. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Collin McClendon Sr. Microsoft Systems Engineer Digicon Corporation [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: mod_jk 1.2.10 and tomcat 5.5.9 buffer overflow (logging)
That's for log4j. For Juli, you want FINE (or FINEST). - Original Message - From: Collin McClendon [EMAIL PROTECTED] To: Tomcat Developers List tomcat-dev@jakarta.apache.org Sent: Wednesday, July 13, 2005 8:15 AM Subject: Re: mod_jk 1.2.10 and tomcat 5.5.9 buffer overflow (logging) Bill, Thanks again for this tip. After reading the document to my best ability, I added this line to the end of /usr/local/tomcat/common/classes/logging.propeties : org.apache.jk.common.MsgAjp = ALL I got as a result what seemed like no logging at all for this class. I am setting it to DEBUG now to see what happens, but am I doing this correctly at all? Thanks for your help, Collin Bill Barker wrote: http://jakarta.apache.org/tomcat/tomcat-5.5-doc/logging.html - Original Message - From: Collin McClendon [EMAIL PROTECTED] To: Tomcat Developers List tomcat-dev@jakarta.apache.org Sent: Tuesday, July 12, 2005 10:57 AM Subject: Re: mod_jk 1.2.10 and tomcat 5.5.9 buffer overflow Thanks so much for replying! I can understand that concept. Given that we are using mod_jk to connect the Apache frontend to Tomcat running OpenCMS on the backend, perhaps the way that the application is working that is giving us this result? Also in response to Bill, where can one turn on DEBUG logging for a specific class such as org.apache.jk.common.MsgAjp ? I'm thinking that would be in one of the xml config files and I will do more research on that, but if you had a quick answer, I'd be happy to hear it. On the suggestion of Mladen Turk, I did upgrade to mod_jk 1.2.14, I hope to see some difference there. Thanks again, Collin Remy Maucherat wrote: Bill Barker wrote: The message is simply that you have a header value that is too big for the AJP/1.3 protocol to handle. If you enable DEBUG logging for org.apache.jk.common.MsgAjp, you should get a dump of the partial data that should include the name of the bad header. Given the line, it could be a monster header value, possibly a cookie (the size is 18KB, which is way over the AJP/1.3 capabilities). Rémy (with the neophyte AJP developer hat on) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Collin McClendon Sr. Microsoft Systems Engineer Digicon, Inc. [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This message is intended only for the use of the person(s) listed above as the intended recipient(s), and may contain information that is PRIVILEGED and CONFIDENTIAL. If you are not an intended recipient, you may not read, copy, or distribute this message or any attachment. If you received this communication in error, please notify us immediately by e-mail and then delete all copies of this message and any attachments. In addition you should be aware that ordinary (unencrypted) e-mail sent through the Internet is not secure. Do not send confidential or sensitive information, such as social security numbers, account numbers, personal identification numbers and passwords, to us via ordinary (unencrypted) e-mail. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Collin McClendon Sr. Microsoft Systems Engineer Digicon Corporation [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This message is intended only for the use of the person(s) listed above as the intended recipient(s), and may contain information that is PRIVILEGED and CONFIDENTIAL. If you are not an intended recipient, you may not read, copy, or distribute this message or any attachment. If you received this communication in error, please notify us immediately by e-mail and then delete all copies of this message and any attachments. In addition you should be aware that ordinary (unencrypted) e-mail sent through the Internet is not secure. Do not send confidential or sensitive information, such as social security numbers, account numbers, personal identification numbers and passwords, to us via ordinary (unencrypted) e-mail. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: mod_jk 1.2.10 and tomcat 5.5.9 buffer overflow (logging)
Thanks, I didn't have my head screwed on right there. I see now after re-reading the documentation, I have to use the right keyword and I wasn't adding .level = at the end of the class name. Thanks so much for your help, I hope to have a crash to show logged in detail. If you or someone would glance at it, that would be of great help to me. Thanks, Collin Bill Barker wrote: That's for log4j. For Juli, you want FINE (or FINEST). - Original Message - From: Collin McClendon [EMAIL PROTECTED] To: Tomcat Developers List tomcat-dev@jakarta.apache.org Sent: Wednesday, July 13, 2005 8:15 AM Subject: Re: mod_jk 1.2.10 and tomcat 5.5.9 buffer overflow (logging) Bill, Thanks again for this tip. After reading the document to my best ability, I added this line to the end of /usr/local/tomcat/common/classes/logging.propeties : org.apache.jk.common.MsgAjp = ALL I got as a result what seemed like no logging at all for this class. I am setting it to DEBUG now to see what happens, but am I doing this correctly at all? Thanks for your help, Collin Bill Barker wrote: http://jakarta.apache.org/tomcat/tomcat-5.5-doc/logging.html - Original Message - From: Collin McClendon [EMAIL PROTECTED] To: Tomcat Developers List tomcat-dev@jakarta.apache.org Sent: Tuesday, July 12, 2005 10:57 AM Subject: Re: mod_jk 1.2.10 and tomcat 5.5.9 buffer overflow Thanks so much for replying! I can understand that concept. Given that we are using mod_jk to connect the Apache frontend to Tomcat running OpenCMS on the backend, perhaps the way that the application is working that is giving us this result? Also in response to Bill, where can one turn on DEBUG logging for a specific class such as org.apache.jk.common.MsgAjp ? I'm thinking that would be in one of the xml config files and I will do more research on that, but if you had a quick answer, I'd be happy to hear it. On the suggestion of Mladen Turk, I did upgrade to mod_jk 1.2.14, I hope to see some difference there. Thanks again, Collin Remy Maucherat wrote: Bill Barker wrote: The message is simply that you have a header value that is too big for the AJP/1.3 protocol to handle. If you enable DEBUG logging for org.apache.jk.common.MsgAjp, you should get a dump of the partial data that should include the name of the bad header. Given the line, it could be a monster header value, possibly a cookie (the size is 18KB, which is way over the AJP/1.3 capabilities). Rémy (with the neophyte AJP developer hat on) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Collin McClendon Sr. Microsoft Systems Engineer Digicon, Inc. [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This message is intended only for the use of the person(s) listed above as the intended recipient(s), and may contain information that is PRIVILEGED and CONFIDENTIAL. If you are not an intended recipient, you may not read, copy, or distribute this message or any attachment. If you received this communication in error, please notify us immediately by e-mail and then delete all copies of this message and any attachments. In addition you should be aware that ordinary (unencrypted) e-mail sent through the Internet is not secure. Do not send confidential or sensitive information, such as social security numbers, account numbers, personal identification numbers and passwords, to us via ordinary (unencrypted) e-mail. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Collin McClendon Sr. Microsoft Systems Engineer Digicon Corporation [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This message is intended only for the use of the person(s) listed above as the intended recipient(s), and may contain information that is PRIVILEGED and CONFIDENTIAL. If you are not an intended recipient, you may not read, copy, or distribute this message or any attachment. If you received this communication in error, please notify us immediately by e-mail and then delete all copies of this message and any attachments. In addition you should be aware that ordinary (unencrypted) e-mail sent through the Internet is not secure. Do not send confidential or sensitive information, such as social security numbers, account numbers, personal identification numbers and passwords, to us via ordinary (unencrypted) e-mail. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional
