Geneos Webslinger is an application which provides the Gateway output in a view-only HTML format. It enables users and managers to view the status of their environment in near real-time via a web browser.
Webslinger runs as a server. It establishes TCP/IP connections to the specified Geneos Gateways and acts as a Web Server, serving pseudo-pages that reflect the latest status of the Managed Entities from the connected Gateways.
To view details of your environment, enter the name of the Webslinger server host and the Webslinger configured Listen Port number into the Browser Address field, e.g. http://server1:8080. The Webslinger display contains the Hierarchy Page and Details Page.
The Initial view shows the state of top levels of the hierarchy plus the status of the connected gateways. To expand a view, simply click on one of the branches. To remove all the components deemed as in an ‘OK’ state, click on the button at the top of the screen.
This will display only elements which have been identified as requiring attention.
To view the details of any component requiring attention, expand the branch to its lowest level, and click on the specific Managed Entity. This will drill down to the variable that has been identified as operating outside acceptable parameters.
The Webslinger package contains the following files:
|webslinger.linux||The main Linux Webslinger binary.|
|webslinger.setup.tmpl||Template setup file.|
|webslinger.sun||The main Solaris Sparc Webslinger binary.|
|lib/libcrypto.so.1.0.0||OpenSSL library, required by libcurl.so to provide cryptographic functions for authentication.|
|lib/libssl.so.1.0.0||OpenSSL library, required by libcurl.so to provide support for HTTPS URLs.|
Note: There is no option to specify the location of the
webslinger.res file. If you change the default launch location of your Webslinger binary you must create a symlink to the resources file within that directory. For example, launching the file from
/root requires the resource directory to be specified using this command:
ln -s /usr/local/geneos/webslinger/webslinger.res /root/webslinger.res
Download Webslinger from the client area of the ITRS website and extract into your installation directory.
webslinger.setup file so that it points to the Gateways that you wish to view through your web browser and then
execute the Webslinger binary.
|-ssl-certificate||This is the file that contains the signed SSL server certificate (in PEM format)|
|-ssl-certificate-key||This is the file that contains the signed SSL server private key (in PEM format). If this is option not specified but the certificate is then the Webslinger will look for the private key in the same file as the server certificate|
|-ssl-certificate-chain||This is the file that contains the trusted certificate authority.|
|-secure||If this option is present, Webslinger will listen on a secure port rather than an insecure port. If -secure is specified, then an SSL server certificate and an server private key also need to be specified.|
|-key-file||Tells Webslinger to use the key within this file for decoding AES-256 passwords.|
|-aes256-encrypt <password> [-key-file <file>]||Webslinger will output the AES-256 encrypted password, optionally using a specified key file.|
|-log <logfilename>||Overrides the log file name and location. See Webslinger log for more information.|
|-setup||Specifies the location of set-up files.|
|-minTLSversion||Specifies the minimum TLS version. The accepted values are:
The setup file is a text file. Please see example below.
********************************************************************************************* *** WEBSLINGER setup file ********************************************************************************************* *** List of Gateways to connect to. *** One line per Gateway. *** Port should be the Gateway's EMF2_PORT *** Stand-alone Gateway or Secure Gateway with no authentication GATEWAY = hostname:port SECURE_GATEWAY = hostname:port *** Stand-alone Gateway or Secure Gateway with password authentication *** Passwords can be plain text or AES-256 encrypted GATEWAY = hostname:port AUTHENTICATION = user:password SECURE_GATEWAY = hostname:port AUTHENTICATION = user:+encs+D3689B794A64A248B2B243A57BD3885A
*** Stand-alone Secure Gateway with SSL Certificate authentication *** SSL Certificate authentication only available with Secure Gateways SECURE_GATEWAY = hostname:port AUTHENTICATION = username AUTHENTICATION_METHOD = SSL*** Hot-standby enabled Gateway pair with no authentication GATEWAY = primary-hostname:port, secondary-hostname:port *** Hot-standby enabled Gateway pair with authentication GATEWAY = primary-hostname:port, secondary-hostname:port AUTHENTICATION = admin:+encs+D3689B794A64A248B2B243A57BD3885A *** Hot-standby Secure Gateway pair with SSL certificate authentication SECURE_GATEWAY = primary-hostname:port, secondary-hostname:port AUTHENTICATION = username AUTHENTICATION_METHOD = SSLLISTEN_PORT = 8080 VIEW_PATH = COUNTRY , TOWN, SYSTEM VIEW_REFRESH_RATE = 10 MAIN_REFRESH_RATE = 30 ********************************************************** *** SSO Authentication options *** All the following are enabled only when using SSO Authentication: *** SSO_PROVIDER = https://192.168.0.0:8080 *** SSO_KEYFILE = C:\itrs\ssoKeyFile.txt *** GROUPS = ADMIN, GRP1, GRP2 *** WEB_SERVICE_URL = http://WebServiceName *** SESSION_KEY = WebServiceName_8080
GATEWAY - specifies the name of the Geneos Gateway host and port number. Webslinger can connect to multiple Gateways, and each Gateway should be specified on a separate line.
If two Gateways are configured as hot-standby pair, then they must be configured on the same line with a comma separating the two. The Primary gateway must be configured first followed by the Secondary gateway.
Warning: If you have the same name for dataviews and entities in your Gateway, then Web Slinger might not display the correct information in State Tree. To avoid this, ensure that the dataview and entities names are unique.
If a Gateway is configured for user authentication then the details for each Gateway connection should be included after AUTHENTICATION on the same line (see example above). The user and password is specified as user:password and the password may be plain text or AES-256 encrypted (see Securing Gateway Authentication).
SECURE_GATEWAY - specifies the name of the Geneos Gateway host and port number. As with GATEWAY, each SECURE_GATEWAY line be used to specify a connection to a stand-alone gateway or a connection to a hot-standby pair.
If SECURE_GATEWAY is used, Webslinger connects to a Gateway using a secure connection. If GATEWAY is used, Webslinger connects to a Gateway using an insecure connection.
The optional field AUTHENTICATION_METHOD can be added to the SECURE_GATEWAY line to allow for SSL Certificate authentication. For more information, see SSL authentication on a Secure Gateway.
LISTEN_PORT - the port number that Webslinger will use to listen for web browser connections. The default value is 8080.
VIEW_PATH - Webslinger builds the Managed Entity hierarchy tree in the order of the attributes defined by the VIEW_PATH. These attributes must match the Attributes configured in the Managed Entity section of the Gateways.
VIEW_REFRESH_RATE - when set to a non-zero value, the Managed Entity View will automatically refresh at the defined rate. Defaults to 10, i.e. auto-refresh every 10 seconds.
MAIN_REFRESH_RATE - when set to a non-zero value, the Hierarchy View will automatically refresh at the defined rate. Defaults to 30, i.e. auto-refresh every 30 seconds.
SSO_PROVIDER - the URL and port of the Single-Sign-On (SSO) agent. If this option is not set then SSO authentication is disabled.
SSO_KEYFILE - The location of the file containing the public key of the SSO service. This key is used to verify that all JWT tokens have been generated by the SSO service and have not been manipulated by a third party. If the key cannot be verified then SSO authentication is disabled.
The key must be in PEM format, with lines no longer than 76 characters. For example:
-----BEGIN PUBLIC KEY-----
1wIDAQAB -----END PUBLIC KEY-----
GROUPS - A set of comma-separated values that define the user groups that are allowed to access Webslinger. This option is only used if SSO authentication is enabled.
An asterisk (
*) can be used as a wildcard to indicate any authenticated user. For example:
GROUPS = * # any authenticated user
GROUPS = EMEA* # any authenticated user in EMEA
WEB_SERVICE_URL - the URL of Webslinger. This is required if using SSO authentication.
Note: If the WEB_SERVICE_URL provided does not contain a port, Webslinger appends the URL with the port in the LISTEN_PORT parameter. If the WEB_SERVICE_URL provided does contain a port, Webslinger takes the URL as written and does not append with a port.
This may of be of note when Webslinger is behind a Load Balancer; in this case, the appropriate port should be added to WEB_SERVICE_URL and will override the LISTEN_PORT when Webslinger communicates with the SSO Agent.
SESSION_KEY - sets the name of the session (cookie) for Webslinger. If absent, the default value is 'sessionId'. Multiple instances of Webslinger on the same host require a unique value for each instance. This option is only used if SSO authentication is enabled.
Both the Gateway and Secure Gateway sections of the configuration allow you to specify authentication in the form of a username:password combination:
GATEWAY = ... AUTHENTICATION = username:password
The Secure Gateway also allows for SSL Certificate authentication. For more information, see SSL authentication on a Secure Gateway.
The password provided for authentication can be either plain text or AES-256 encrypted. You can get Webslinger to encrypt a password for you with:
webslinger -aes256-encrypt <password>
It is recommended that you use the most secure method of storing your passwords possible within your configuration. Currently this is an AES-256 implementation.
By default the Webslinger uses a default key. You may wish to supply your own key to increase the security of your passwords.
Warning: When you do this any existing AES 256 encrypted passwords will no longer be valid.
To do this you start Webslinger with a -key-file <filename> parameter. This tells the Gateway to use the key within this file for all encryption / decryption of AES passwords.
An AES-256 key has two parts: a key and an initialisation vector. You can generate this using the openssl tool on the command line.
>openssl enc -aes-256-cbc -k "Now is the winter of our discontent" -P -md sha1 salt=359D12769B1F9446 key=92358925C00DE524B4F325A7F488DF1F29646313F6D258090818E8C9B69CF4D8 iv =B8B606E4700FE4D05E24E1A682F5963D
You will see a different result each time you run this command. The -key-file parameter specifies a file that has “key=…” and “iv =…” lines. You can either copy these lines into a file or redirect the output of this command into a file. However, if the output of this command changes you will need to reformat into a valid key file.
Given that you can start a Webslinger with a different key you also need a way to generate passwords on the command line using this key. The –aes256-encrypt option has been extended to use a key file.
webslinger -aes256-encrypt <password> [-key-file <key-file>]
Assuming a Linux Webslinger a real example command line could look like:
webslinger.linux -aes256-encrypt PassW0rd -key-file shh.aes
The linux version of Webslinger currently requires the following libraries to run. These are listed along with the packages they can be found in for the following 64-bit operating systems.
|Library Name||Package Name|
|Library Name||Package Name|