mod_net_trace

mod_net_trace is a diagnostic module to trace the data which flows between the web server and the network.

Supported server versions:

IHS 2.0.42 and above on AIX, Linux, Win32, HP-UX, and Solaris

(Note: The version of this module for IHS 1.3 is described here.)

IBM recommendation

Enable this module only when gathering information for a suspected IHS or application problem related to the data which is sent between the web server and the client.

Installation

Copy mod_net_trace.so for your platform to the modules directory in the web server installation location (e.g., to /usr/IBMIHS/modules).

Activation

Use the following LoadModule directive and use the NetTraceFile and NetTrace directives to tailor mod_net_trace to your environment.

LoadModule net_trace_module modules/mod_net_trace.so

Add the following to httpd.conf, replacing 111.222.333.444 with the IP address of the client that will recreate the problem.

LoadModule net_trace_module modules/mod_net_trace.so
<IfModule mod_net_trace.c>
NetTraceFile /tmp/nettrace
NetTrace client 111.222.333.444 dest file event senddata=100000 event recvdata=100000
(entire NetTrace directive on one line)
</IfModule>

If more than 100,000 bytes of sent or received data needs to be collected, adjust the senddata and recvdata parameters as necessary.

Deactivation

Comment out the LoadModule directive for mod_net_trace.

Documentation for all directives and parameters

NetTraceFile filename

The default filename is logs/trace. You can use this this directive with a full path or a path relative to the server root to specify where you want traced data to be stored.

This only affects data traced due to rules that specified dest file.

NetTrace keyword value...

Keywords:

client

This allows you to match on specific client IP addresses. The value for this keyword can be * to match all clients or ip-address to match a particular client or ip-address/num-prefix-bits to match particular subnets. It only works with numeric IP addresses (IPv4 or IPv6).

You shouldn't code client more than once.

dest

This specifies the destination of the collected data for this rule. You can specify more than one destination. Here are the values for dest:

serverport

If specified, the server port for the connection must match the value of this operand.

clientport

If specified, the client port for the connection must match the value of this operand.

This is only useful in some limited test scenarios.

event

This specifies the events which will be traced. By default, send and receive-related API crossings will be traced. Here are the possible values for event:

url

If specified, the URL for the request must match this value. This is not determined until after the request has been read, so the HTTP request header will be traced even if the URL is different.

examples

NetTrace client 9.0.0.0/8 dest file dest memory event \
senddata event recvdata=4096 serverport 8080

NetTrace client 127.0.0.1 dest errlog event recvdata=4096

NetTraceFile /tmp/netr
For requests received from client 127.0.0.1 (loopback), the first 4096 bytes of data received (but none of the data sent) will be written to the Apache/IHS error log.

For requests received from the 9.0.0.0/8 subnet with server port 8080, the first 1024 bytes of data sent and the first 4096 bytes of data received will be written to the file /tmp/netr and will be kept in memory for analysis in case a core dump is subsequently generated during the processing of the connection.