Helper tools
Helper binaries
NevisProxy comes with some helper tools. These tools are usually preset in the configuration files, for example the log rotation tool bclogmgr or the passphrase getter keystorepwget. But you can use some tools for testing and debugging issues, too.
base62
Base62 encoding and decoding tool:
Usage: /opt/nevisproxy/bin/base62 [-d]
Base62 encode or decode standard input
-d Decode data.
bclogmgr
Log file rotation tool used by nevisProxy. See usage below.
usage: bclogmgr [pidfile=<file>] [size=<num>] [time=<time>] [compression=<command>] [archives=<num>] [archivedir=<dir>] [archivefmt=<format>] [persistent] [input=<file>] <logfile>
pidfile : File to write PID to. 'kill -USR1 <PID>' makes the bclogmgr reopen its logfile (useful with external rotation).
size : The file size in bytes for size based log rotation. Minimal size is 2048.
time : Time specification in cron format for time based log rotation. Will be ignored if size is configured
Format: min{,min} hour{,hour} day{,day} month{,month} wday{,wday}
Where : minute in range [0..59] or * for every minute
hour in range [0..23] or * for every hour
day of the month in range [1..31] or * for every day
month of the year in range [1..12] or * for every month
day of the week in range [0..6] with 0=Sunday or * for every day
Sample: 10,40 14 1,2 * *
Every 1st and 2nd of the month at 14:10 and 14:40
archives : Number of archived files to keep
archivedir: Directory where archived files are moved. If none specified, then the default is the current directory
archivefmt: Format to use when renaming archived files.
Format: Supported conversion specifiers
%f : name of log file without extension
%Y: 4-digit year
%y: last two digits of year [00..99]
%m: month [01..12]
%d: day of month [01..31]
%H: hour [00..23]
%M: M (minute [00..59]
Sample: archivefmt=%f-%Y%m%d.log
would produce archive files named (assuming the logfile is called mylog.log)
mylog-20070322.log
persistent: Disables program termination on EOF (useful when reading from named pipes).
input : File which gives the log's input. Default is standard input.
bcxmlparser
A simple XML parser with limited XPath support.
usage:
bcxmlparser nodes -in filename -xpath xpath
bcxmlparser values -in filename -xpath xpath
bcxmlparser set -in filename -out filename -xpath xpath -value string
bcxmlparser format -in filename -out filename
bcxmlparser add -in <xml_file> -out <xml-file> -xpath <element where ot add> -fragment <xml-file>
bcxmlparser remove -in <xml_file> -out <xml-file> -xpath <elements to be removed>
bin2hex
Prints out the hexadecimal representation of the input.
usage: ./bin2hex <input>
keystorepwget
Script to access the passphrase of certificates. For more information, see the bc.security.PassPhraseDialog low level property.
nevisproxy_pkcs11
The nevisproxy_pkcs11 command allows the dumping of information and contents of PKCS#11 (Cryptoki) devices. For more information, see Appendix E.
openssl
The most recent version of OpenSSL shipped by nevisProxy. Can be used to generate certificates, DH parameters, etc.
semflush
Lost semaphore remover tool. In case the proxy crashes or is stopped using SIGKILL then the used semaphores may not be cleaned up. This could lead to system resource shortage when this is repeated multiple times. Usage: call the tool without parameters with superuser privileges.
mod-qos utilities
The Apache module mod_qos provides optional tools for log data processing and analysis. For more information on these tools, see the official mod_qos documentation.
qscheck
Monitor tool testing the TCP connectivity to servers used by mod_proxy.
qsdt
Simple tool to measure the elapsed time between related log messages.
qsexec
Command execution triggered by patterns within log files.
qsfilter2
Rule generator. Creates QS_Permit directives and rule patterns from audit log files.
qsgeo
Adds the country code for the client IP address within a log file.
qsgrep
Searches a file for a pattern and prints the data in a new format.
qshead
A utility that reads from stdin and prints all lines to stdout until reaching the defined pattern.
qslog
A real time TransferLog/CustomLog data analyzer. It reads the per request log data from stdin and generates statistic records every minute. qslog collects request statistics (req/sec, bytes/sec, status codes, response times, memory consumption, server load) every minute and writes the collected data to the configured log file. This utility can be configured within the navajo.xml file as shown in the template that comes with the nevisProxy package.
The qslog is enabled by default in the navajo.xml file, via the CustomLog attribute. If you do not need the runtime statistics, it is safe to remove the qslog, or delete the CustomLog attribute altogether. The CPU usage of the qslog utility is small but not negligible.
qslogger
Shell command interface to the syslog(3) system log module.
qsre
Regular expression (pcre) pattern match test tool.
qsrespeed
Compares the expected processing time per regular expression.
qsrotate
Log rotation tool similar to Apache's rotatelogs.
qssign
A log data integrity check tool. It reads log data from stdin (pipe) and writes the signed data to stdout adding a sequence number and signature to every log line.qssign.rb is a Logstash filter plug-in that you can use to verify the signatures of log messages in real time.
qstail
Shows the end of a log file beginning at a defined pattern.
ipfilter
Simple tool to replace/hide IP addresses in log files.
wlsg
Internal binary for rule generation for the self-learning feature of input validation.
Internal binaries
Internal binaries used by nevisProxy: apachesv_2_4, navajosv2_4, nevisproxy, nevisproxy2_4.