CODEWITHSUNDEEP
eclipseglassfish
JL_SO
JL_SO

Reputation: 1901

Unable to see Glassfish logs in eclipse console

I am unable to see Glassfish's log in the eclipse console.

I have tried right-clicking on the GlassFish server in Servers -> Glassfish -> View log file but it shows me a file which ends with this:

2018-09-04T18:36:51.945+0100|Severe: The SSL certificate has expired: [
[
  Version: V3
  Subject: OU=Equifax Secure Certificate Authority, O=Equifax, C=US
  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
  Key:  Sun RSA public key, 1024 bits
  modulus: 135786214035069526348186531221551781468391756233528066061569654028671100866720352830303278016129003918213826297308054231261658522889438712013757624116391437358730449661353175673177742307421061340003741057138887918110217006515773038453829253517076741780039735595086881329494037450587568122088113584549069375417
  public exponent: 65537
  Validity: [From: Sat Aug 22 17:41:51 BST 1998,
               To: Wed Aug 22 17:41:51 BST 2018]
  Issuer: OU=Equifax Secure Certificate Authority, O=Equifax, C=US
  SerialNumber: [    35def4cf]
Certificate Extensions: 7
[1]: ObjectId: 1.2.840.113533.7.65.0 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 0D 30 0B 1B 05 56 33   2E 30 63 03 02 06 C0     ..0...V3.0c....
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 48 E6 68 F9 2B D2 B2 95   D7 47 D8 23 20 10 4F 33  H.h.+....G.# .O3
0010: 98 90 9F D4                                        ....
]
]
[3]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
  CA:true
  PathLen:2147483647
]
[4]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
  [DistributionPoint:
     [CN=CRL1, OU=Equifax Secure Certificate Authority, O=Equifax, C=US]

which does not change at all, whether I stop,restart,run a webapp on the GF server, etc, and if I actually look at the file (...\glassfish5\glassfish\domains\domain1\logs\server.log) I find that the content that it is showing is at around line 5400 and there are actually 8600 lines in the server.log file, so there are actually over 3000 lines in the server.log file than the last ones that are shown in eclipse. For example, the timestamp in the log extract is 18:36 but the current time is 21:21 and the current tail of hte file is this:

[2018-09-04T21:02:45.234+0100] [glassfish 5.0] [INFO] [AS-WEB-GLUE-00172] [javax.enterprise.web] [tid: _ThreadID=100 _ThreadName=Thread-23] [timeMillis: 1536091365234] [levelValue: 800] [[
  Loading application [__admingui] at [/]]]

[2018-09-04T21:02:45.235+0100] [glassfish 5.0] [INFO] [NCLS-CORE-00022] [javax.enterprise.system.core] [tid: _ThreadID=100 _ThreadName=Thread-23] [timeMillis: 1536091365235] [levelValue: 800] [[
  Loading application __admingui done in 2,175 ms]]

[2018-09-04T21:14:29.419+0100] [glassfish 5.0] [INFO] [] [] [tid: _ThreadID=30 _ThreadName=Thread-8] [timeMillis: 1536092069419] [levelValue: 800] [[
  doGet - name=null]]

Furthermore, the server.log file, when I open it in Notepad++, maddeningly does not refresh when the file is modified. I have to reload it from disk to see changes in the file. Consequently, the only way it seems that I can actually monitor this log file is by using a tail -f from cygwin.

Anyone have any ideas how to fix this, in particular how I can see glassfish's log output, including SOPs, in real time in eclipse? It works fine in Netbeans.

Thanks very much for any help.

EDIT

I have noticed that when I restart the server, in eclipse's console the server.log file is re-read, but always (it seems) only up to the same point: the bit where the severe warning about the SSL certificate expiry appears:

2018-09-04T23:27:33.879+0100|Info: visiting unvisited references
2018-09-04T23:27:34.425+0100|Severe: The SSL certificate has expired: [
[
  Version: V3
  Subject: OU=Equifax Secure Certificate Authority, O=Equifax, C=US
  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
  Key:  Sun RSA public key, 1024 bits
  modulus: 135786214035069526348186531221551781468391756233528066061569654028671100866720352830303278016129003918213826297308054231261658522889438712013757624116391437358730449661353175673177742307421061340003741057138887918110217006515773038453829253517076741780039735595086881329494037450587568122088113584549069375417
  public exponent: 65537
  Validity: [From: Sat Aug 22 17:41:51 BST 1998,
               To: Wed Aug 22 17:41:51 BST 2018]
  Issuer: OU=Equifax Secure Certificate Authority, O=Equifax, C=US
  SerialNumber: [    35def4cf]
Certificate Extensions: 7
[1]: ObjectId: 1.2.840.113533.7.65.0 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 0D 30 0B 1B 05 56 33   2E 30 63 03 02 06 C0     ..0...V3.0c....
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 48 E6 68 F9 2B D2 B2 95   D7 47 D8 23 20 10 4F 33  H.h.+....G.# .O3
0010: 98 90 9F D4                                        ....
]
]
[3]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
  CA:true
  PathLen:2147483647
]
[4]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
  [DistributionPoint:
     [CN=CRL1, OU=Equifax Secure Certificate Authority, O=Equifax, C=US]

Here, the server.log stops. No further content from the server.log file ever appears in eclipse's console.

Upvotes: 7

Views: 3878

Answers (1)

Ivo Jonker
Ivo Jonker

Reputation: 306

What's strange, is that it - on a fresh glassfish install - initially isn't a problem and everything's logged as expected. But after a while, the log will become empty.

I finally found that removing the expired certificates from glassfish returns logging to normal.

What i did:

  1. Figure out the aliases for the expired certificates. Run: cd domains/<domain>/config keytool -v -list -keystore cacerts.jks For example you'll see that the equifax you've mentioned will resolve to the following alias: equifaxsecureca
  2. Remove the certificate from your certs file: RUN: keytool -delete -keystore cacerts.jks -alias equifaxsecureca -storePass changeit

For convenience, the below script is what i currently (28th july) use on glassfish & payara. 

cd ${GLASSFISH_HOME}/glassfish/domains/domain1/config/ && \
for cert in "equifaxsecureca" "gtecybertrustglobalca" "utnuserfirstclientauthemailca" "deutschetelekomrootca2" "secomvalicertclass1ca" "valicertclass2ca" "entrustsslca" "certplusclass2primaryca" "certplusclass3pprimaryca" "utndatacorpsgcca" "utnuserfirstobjectca" "utnuserfirstobjectca [jdk]" "utnuserfirsthardwareca" "cert_45_deutsche_telekom_root_ca_245" "cert_29_certplus_class_2_primary_ca29" "cert_38_deutsche_telekom_root_ca_238" "utnuserfirsthardwareca [jdk]" "certplusclass3pprimaryca [jdk]" "certplusclass2primaryca [jdk]" "utnuserfirstclientauthemailca [jdk]"; \
do \
keytool -delete -keystore cacerts.jks -alias "$cert" -storePass changeit || echo "cert not present";\
done

keytool can be found in your jdk/bin folder.

The same applies to payara as well.

Upvotes: 6

Related Questions