Webslinger - Technical Reference
Geneos Webslinger is an application which provides the Gateway output in a view-only HTML format. It enables users and managers to view the status of their environment in near real-time via a web browser.
Webslinger runs as a server. It establishes TCP/IP connections to the specified Gateways and acts as a Web Server, serving pseudo-pages that reflect the latest status of the managed entities from the connected Gateways.
To view details of your environment, enter the name of the Webslinger server host and the Webslinger configured listen port number into the browser address field, for example
http://server1:8080. The Webslinger display contains the Hierarchy Page
and Details Page.
The initial view shows the state of top levels of the hierarchy plus the status of the connected Gateways.
To expand the view, click on one of the branches. To remove all the components deemed as in an ‘OK’ state, click on the button at the top of the screen.
This will only display elements which have been identified as requiring attention.
To view the details of any component requiring attention, expand the branch to its lowest level and click on the specific managed entity. This will drill down to the variable that has been identified as operating outside acceptable parameters.
The Webslinger package contains the following files:
|webslinger.linux||The main Webslinger binary.|
|webslinger.setup.tmpl||Template setup file.|
|webslinger.sun||The main Webslinger binary.|
|OpenSSL library, required by libcurl.so to provide cryptographic functions for authentication.|
|OpenSSL library, required by libcurl.so to provide support for HTTPS URLs.|
Note: This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org).
Note: There is no option to specify the location of the
webslinger.res file. If you change the default launch location of your Webslinger binary you must create a symlink to the resources file within that directory. For example, launching the file from
/root requires the resource directory to be specified using this command:
ln -s /usr/local/geneos/webslinger/webslinger.res /root/webslinger.res
Download Webslinger from the ITRS Downloads site and extract into your installation directory.
webslinger.setup file so that it points to the Gateways that you wish to view through your web browser and then
execute the Webslinger binary.
Enforcing mode, it may deny certain functions of Geneos depending on the implemented configurations and policies.
To see which functions
/var/log/audit.log, where the log type entry is
AVC. The audit log provides the details of any denied access. For example, denied connection to the TCP port.
If you experience issues related to this mode, you may opt to disable, or create policy modules to grant the required access. Please contact your administrator or security team for assistance.
Command Line Options
You can use the following command line options:
|-ssl-certificate||This is the file that contains the signed SSL server certificate (in PEM format).|
|-ssl-certificate-key||This is the file that contains the signed SSL server private key (in PEM format). If this option is not specified but the certificate is, then the Webslinger will look for the private key in the same file as the server certificate.|
|-ssl-certificate-chain||This is the file that contains the trusted certificate authority.|
|-secure||If this option is present, Webslinger will listen on a secure port rather than an insecure port.
|-key-file||Tells Webslinger to use the key within this file for decoding AES-256 passwords.|
|-aes256-encrypt <password> [-key-file <file>]||Webslinger will output the AES-256 encrypted password, optionally using a specified key file.|
|-log <logfilename>||Overrides the log file name and location. See Webslinger log for more information.|
|-setup||Specifies the location of setup files.|
The setup file is a text file. Please see example below.
********************************************************************************************* *** WEBSLINGER setup file ********************************************************************************************* *** List of Gateways to connect to. *** One line per Gateway. *** Port should be the Gateway's EMF2_PORT *** Stand-alone Gateway or Secure Gateway with no authentication GATEWAY = hostname:port SECURE_GATEWAY = hostname:port *** Stand-alone Gateway or Secure Gateway with password authentication *** Passwords can be plain text or AES-256 encrypted GATEWAY = hostname:port AUTHENTICATION = user:password SECURE_GATEWAY = hostname:port AUTHENTICATION = user:+encs+D3689B794A64A248B2B243A57BD3885A
*** Stand-alone Secure Gateway with SSL Certificate authentication *** SSL Certificate authentication only available with Secure Gateways SECURE_GATEWAY = hostname:port AUTHENTICATION = username AUTHENTICATION_METHOD = SSL*** Hot-standby enabled Gateway pair with no authentication GATEWAY = primary-hostname:port, secondary-hostname:port *** Hot-standby enabled Gateway pair with authentication GATEWAY = primary-hostname:port, secondary-hostname:port AUTHENTICATION = admin:+encs+D3689B794A64A248B2B243A57BD3885A *** Hot-standby Secure Gateway pair with SSL certificate authentication SECURE_GATEWAY = primary-hostname:port, secondary-hostname:port AUTHENTICATION = username AUTHENTICATION_METHOD = SSLLISTEN_PORT = 8080 VIEW_PATH = COUNTRY , TOWN, SYSTEM VIEW_REFRESH_RATE = 10 MAIN_REFRESH_RATE = 30 ********************************************************** *** SSO Authentication options *** All the following are enabled only when using SSO Authentication: *** SSO_PROVIDER = https://192.168.0.0:8080 *** SSO_KEYFILE = C:\itrs\ssoKeyFile.txt *** GROUPS = ADMIN, GRP1, GRP2 *** WEB_SERVICE_URL = http://WebServiceName *** SESSION_KEY = WebServiceName_8080
GATEWAY — specifies the name of the Geneos Gateway host and port number. Webslinger can connect to multiple Gateways, and each Gateway should be specified on a separate line.
If two Gateways are configured as hot-standby pair, then they must be configured on the same line with a comma separating the two. The Primary gateway must be configured first followed by the Secondary gateway.
Warning: If you have the same name for dataviews and entities in your Gateway, then Webslinger might not display the correct information in the State Tree. To avoid this, ensure that the dataview and entities names are unique.
If a Gateway is configured for user authentication then the details for each Gateway connection should be
included after AUTHENTICATION on the same line (see example above). The user and password is specified as
user:password and the password may be plain text or AES-256 encrypted (see Securing Gateway Authentication).
SECURE_GATEWAY — specifies the name of the Geneos Gateway host and port number. As with GATEWAY, each SECURE_GATEWAY line should be used to specify a connection to a stand-alone Gateway or a connection to a hot-standby pair.
If SECURE_GATEWAY is used, Webslinger connects to a Gateway using a secure connection. If GATEWAY is used, Webslinger connects to a Gateway using an insecure connection.
Note: Webslinger can only connect to a Gateway once, so you should only specify either a secure connection or insecure connection, not both at the same time.
The optional field AUTHENTICATION_METHOD can be added to the SECURE_GATEWAY line to allow for SSL Certificate authentication. For more information, see SSL authentication on a Secure Gateway.
LISTEN_PORT — the port number that Webslinger will use to listen for web browser connections. The default value is 8080.
VIEW_PATH — Webslinger builds the managed entity hierarchy tree in the order of the attributes defined by the VIEW_PATH. These attributes must match the attributes configured in the managed entity section of the Gateways.
VIEW_REFRESH_RATE — when set to a non-zero value, the managed entity view will automatically refresh at the defined rate. Defaults to 10, which means it auto-refreshes every 10 seconds.
MAIN_REFRESH_RATE — when set to a non-zero value, the hierarchy v View will automatically refresh at the defined rate. Defaults to 30, which means it auto-refreshes every 30 seconds.
SSO_PROVIDER — the URL and port of the Single Sign On (SSO) agent. If this option is not set then SSO authentication is disabled.
SSO_KEYFILE — the location of the file containing the public key of the SSO service. This key is used to verify that all JWT tokens have been generated by the SSO service and have not been manipulated by a third party. If the key cannot be verified then SSO authentication is disabled.
The key must be in PEM format, with lines no longer than 76 characters. For example:
-----BEGIN PUBLIC KEY-----
1wIDAQAB -----END PUBLIC KEY-----
GROUPS — set of comma-separated values that define the user groups that are allowed to access Webslinger. This option is only used if SSO authentication is enabled.
WEB_SERVICE_URL — the URL of Webslinger. This is required if using SSO authentication.
Note: If the WEB_SERVICE_URL provided does not contain a port, Webslinger appends the URL with the port in the LISTEN_PORT parameter. If the WEB_SERVICE_URL provided does contain a port, Webslinger takes the URL as written and does not append with a port.
This may of be of note when Webslinger is behind a Load Balancer; in this case, the appropriate port should be added to WEB_SERVICE_URL and will override the LISTEN_PORT when Webslinger communicates with the SSO Agent.
SESSION_KEY — sets the name of the session (cookie) for Webslinger. If absent, the default value is
sessionId. Multiple instances of Webslinger on the same host require a unique value for each instance. This option is only used if SSO authentication is enabled.
Securing Gateway Authentication
Both the Gateway and Secure Gateway sections of the configuration allow you to specify authentication in the form of a
GATEWAY = ... AUTHENTICATION = username:password
The Secure Gateway also allows for SSL Certificate authentication. For more information, see SSL authentication on a Secure Gateway.
The password provided for authentication can be either plain text or AES-256 encrypted. You can get Webslinger to encrypt a password for you with:
webslinger -aes256-encrypt <password>
It is recommended that you use the most secure method of storing your passwords possible within your configuration. Currently this is an AES-256 implementation.
By default the Webslinger uses a default key. You may wish to supply your own key to increase the security of your passwords.
Warning: When you do this any existing AES 256 encrypted passwords will no longer be valid.
To do this, start Webslinger with a
-key-file <filename> parameter. This tells the Gateway to use the key within this file for all
encryption and decryption of AES passwords.
An AES-256 key has two parts: a key and an initialisation vector. You can generate this using the openssl tool on the command line.
>openssl enc -aes-256-cbc -k "Now is the winter of our discontent" -P -md sha1 salt=359D12769B1F9446 key=92358925C00DE524B4F325A7F488DF1F29646313F6D258090818E8C9B69CF4D8 iv =B8B606E4700FE4D05E24E1A682F5963D
You will see a different result each time you run this command. The
-key-file parameter specifies a file that has
=… lines. You can either copy these lines into a file or redirect the
output of this command into a file. However, if the output of this
command changes you will need to reformat into a valid key file.
Given that you can start a Webslinger with a different key you also need a way to generate passwords on the command line using this key. The –aes256-encrypt option has been extended to use a key file.
webslinger -aes256-encrypt <password> [-key-file <key-file>]
Assuming you are using a Webslinger, a real example command line could look like:
webslinger.linux -aes256-encrypt PassW0rd -key-file shh.aes
The Webslinger currently requires the following libraries to run. These are listed along with the packages they can be found in for the following 64-bit operating systems.version of
|Library Name||Package Name|
|Library Name||Package Name|