IBM Support

PI95741: PENETRATION TESTING OF SIMULATED DDOS TO APPLICATION DISCOVERY 5.0.4.1 CAN RESULT IN LOGGING WHICH EVENTUALLY FILLS DISK.

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

 

APAR status

  • Closed as program error.

Error description

  • Client had been using Application Discovery 5.0.4.1
    successfully, but began having trouble
    starting the Configuration Server services, and had other
    issues related to the fact that the disk drive where
    Application Discovery was installed had filled up.
    A remote machine on the network performing penetration
    testing was sending multiple messages per second to an
    application server on the Application Discovery machine, and
    those messages looked similar to this in the Application
    Discovery logs:
    DEBUG 2018-03-17 09:01:28,960 [NanoHttpd Request Processor
    (#526)] com.ibm.ez.ad.ws.HttpServer - Request uri: /
    TRACE 2018-03-17 09:01:28,960 [NanoHttpd Request Processor
    (#526)] com.ibm.ez.ad.ws.HttpServer - Request details: uri=/,
    headers={cookie=Q=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
    AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
    AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
    AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
    AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
    AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
    AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
    etc.
    with many more "A" characters in each message.
    Note that the uri value is only "/" instead of an expected uri
    value.
    

Local fix

  • There are two properties which can be used to reduce the amount
    of space occupied by the log files (in the log4j.properties
    file for the component in question) to work around the issue of
    the disk space being filled by logging:
    log4j.appender.file.MaxBackupIndex - the maximum number of log
    files kept
    log4j.appender.file.MaxFileSize - the maximum size of a log file
    

Problem summary

  • There was an embedded instance of log4j.properties that was not
    intended to have logging set to a high level, and which was
    overriding the logging level set by the user in the
    log4j.properties available to the administrator.
    

Problem conclusion

  • The embedded log4j.properties file (that was overriding the
    user-accessible log4j.properties file) was removed so that the
    administrator-accessible log4j.properties file could now be
    used.
    

Temporary fix

  • To work around the problem of logging growing too large in
    5.0.4.1 and earlier, there are two properties which can be used
    to reduce the amount
    of space occupied by the log files (in the
    administrator-accesible
    log4j.properties
    file for the component in question):
    log4j.appender.file.MaxBackupIndex - the maximum number of log
    files kept
    log4j.appender.file.MaxFileSize - the maximum size of a log
    file.
    

Comments

APAR Information

  • APAR number

    PI95741

  • Reported component name

    APPL DISCOVERY

  • Reported component ID

    5737B1600

  • Reported release

    504

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2018-03-26

  • Closed date

    2018-03-26

  • Last modified date

    2018-03-26

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Modules/Macros

  • log4j.pr
    

Fix information

  • Fixed component name

    APPL DISCOVERY

  • Fixed component ID

    5737B1600

Applicable component levels

[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSRR9Q","label":"IBM Application Discovery for IBM Z"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"504","Edition":"","Line of Business":{"code":"LOB35","label":"Mainframe SW"}}]

Document Information

Modified date:
26 March 2018