LWQWW (LW Queue Watcher Watching) is the light weight command line agent that polls Sterling B2B Integrator (SI) performance related data including: execution queues information, Database pools usage, heap information, etc …
LWQWW is a java application created by the EMEA B2B customer support and Services team (Alf Auklend, Carsten Michel, Mounir Babari, Frank Strecker, Sorin T., …). This useful tool is used by many customers on production. The application is bundled as a jar and can be installed on the Sterling Integrator server or on any other machine that can access the SI server using HTTP/S.
Link to the LWQWW download page.
In the recent IBM B2B Sterling Integrator (SI) versions, new security features were introduced to reinforce security and address various vulnerabilities. Since version 525, security tokens were added by default to prevent Cross-Site Request Forgery CSRF.
In this blog, I will explain how to enable SSL with LWQWW to poll Sterling Integrator Queue Watcher on the HTTPS port.
1*/ I assume lwqww.jar and the lwqww.properties (and appinfo.properties from version 206) files are copied to your target machine, where you want to tun the LWQWW tool (can run from the same SI server or remotely).
2*/ From a browser make sure you can access Queue Watcher. Type:
https://ip:sslport/queueWatch
You will get the welcome screen:
3*/ If you want to use HTTP only (and not HTTPS), you will just need to edit your LWQWW.properties with your host, port and user:
port=0000 wfid=on solicitPW=true node=1 user=USER memory=on threshold=90.0 nohup=false target=queueWatch rate=5000 logon=on jdbc=off debug=on host=0.0.0.0 ssl=false workdir=. stop_After=0
To run LWQWW in HTTP only:
/PathToYourJRE/java -jar lwqww.jar -prop LWQWW.properties
You can run the tool in the background with nohup. A file with a name format of nodeX-que-date.txt will be created in the working directory.
Enabling SSL for LWQWW:
1*/ If your Sterling Integrator is not HTTPS enabled, follow these steps: Switch from HTTP to HTTPS in SI.
2*/ We need to import the SI certificate into our local keystore or truststore:
a. Go to SI dashboard/portal menu trading Partner Digital Certificates System
b. Choose the system certificate used for the admin interface. By default it is the ASISslCert.
c. Check out the certificate as DER.
d. Copy the exported public key into your client java machine where you want to run LWQWW from.
3*/ Creating the Keystore and Truststore:
keytool -genkey -keyalg RSA -alias selfsigned -keystore keystore.jks -storepass Changeme -validity 3600 -keysize 2048
[OPTIONAL: create a truststore for sharing purposes]
keytool -genkey -keyalg RSA -alias selfsigned -keystore truststore.jks -storepass Changeme -validity 3600 -keysize 2048
4*/ Add the SI certificate to your newly created keystore:
keytool -import -trustcacerts -alias mydomain -file ./ASISslCert.der -keystore truststore.jks
Use the same password from the previous step!
5*/ Change the lwqww.properties to enable SSL:
Insert the following lines:
keyStoreType=jks trustStoreType=jks keyStore=./keystore.jks trustStore=./truststore.jks keyStorePassword=Changeme trustStorePassword=Changeme ssl=true
Change the property file to use the HTTPS port.
6*/ Run LWQWW:
java -jar lwqww-210.jar -prop lwqww.properties
Depending on your JDK version you may need to specify the default security protocol:
java -Dcom.ibm.jsse2.overrideDefaultProtocol=TLSv12 -jar lwqww-210.jar -prop lwqww.properties
New versions of lwqww need a file called appinfo.properties to be added to the lwqww folder:
program.COMPANY=IBM program.COPYRIGHT=COPYRIGHT program.DESCRIPTION=LWQWW 210 program.BUILDNUM= 2.1.0 program.BUILDDATE= APRIL 2019 program.AUTHOR=Support
Example of LWQWW recorded output:
The LWQWW recording output will be very useful to understand the SI system load, processing queue usage, Business process execution times, memory usage, Database pool usage, etc …
The output can be analyzed using a separate IBM internal tool called: Queue Watcher Analyzer QWA:
How to encrypt your password in LWQWW (from version 2.1.0):
In version 2.1.0 a password properties was added to lwqww.properties
The first time you run LWQWW (2.1.0) you need to type the password.
An encrypted password string will be displayed
Encrypted Password .. 0A007EE9C48CF969AA
Then Paste the encrypted password to the password property:
password=F1D4BDD5CAF63A50FA
Restart the application and it should not ask for your password.
How to change an expired password:
If your password is changed, you need to remove it from the property file and restart the application. LWQWW will ask you to enter the new password and will display the new encrypted string to replace in the property file.
Did you like this powerful monitoring tool for B2B Integrator? leave a comment?
Pavan Neeli
Hello,
Thank you very much for the above post with details information. We are using this LWQWW tool and your post helped us a lot while setting up.
Regarding Queue Watcher Analyzer QWA, is there any way we can get it?
Thanks in advance
Pavan
Editor
Please ask IBM Support for Queue Watcher Analyzer QWA. This tool is not public as far as I know.
BD
Hi,
Thank you for the detailed overview of the product, can you please share the details about Queue Watcher Analyzer QWA, asking since not getting proper information about the same.
Andrew
Hi,
Thanks for the information.
Has anyone had an issue with the encrypted password not working ? I had followed the instructions on the first run to take the encrypted password value output and save it into the properties file, but when I run the command using the saved encrypted password, the calls to the queueWatcher page are failing. We use AIX platform.
Editor
Hi Andrew
What error do you get?
Regards
Rob
Hi,
When SSL is enabled, and the rate is set to anything greater than a few seconds) – only the first iteration is logged. Subsequent checks result in log messages like;
[2021-03-29 21:23:46] id= configureComs() No Proxy configured
[2021-03-29 21:23:46] id= run() Comms configured ….
[2021-03-29 21:23:48] id= run() Bounded with SI
[2021-03-29 21:23:49] id= run() reconnect..
[2021-03-29 21:24:19] id= receive(…) headerEnd check failed
[2021-03-29 21:24:20] id= run() reconnect..
[2021-03-29 21:24:50] id= QWAccess.receive(..) javax.net.ssl.SSLException: Connection has been shutdown: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
[2021-03-29 21:24:50] id= receive(…) headerEnd check failed
[2021-03-29 21:24:50] id= QWAccess.receive(..) javax.net.ssl.SSLException: Connection has been shutdown: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
[2021-03-29 21:24:50] id= run() reconnect..
Is this the secure token expiring?
I see the queues recorded for the first run, but 30 seconds later the next run fails.
Thanks,
somu
HI EMEA Team,
This tool is very much needed for us now but some how it was not working. I downloaded GITHUB 2.11 version of it.
I tried http and https in both cases it is not capturing the data.
here is what I have for https and I am starting this LWQWW app using sterling IBM JDK which is JDK 8
silence=
user=ramasis
password=
keyStorePassword=
trustStorePassword=
threshold=90.0
stop_after=0
target1=\!\u0014\u0016\u0006\u00128\u0013\u0010ELC\u001C8\f\u0015\u0011\u001C\f\u001C8\u001B\n\u0005\u0004%\u0015\r
keyStore=/sterling/qww/keystore.jks
workdir=/sterling/qww/LWQWW
jdbc=off
nohup=false
port=30001
ssl=true
memory=
host=bnlvwtxfsa.labcorp.com
logon=on
trustStore=/sterling/qww/truststore.jks
debug=on
node=1
wfid=
keyStoreType=jks
netdebug=ssl
header=
trustStoreType=jks
solicitPW=false
rate=5000
target=queueWatch
workdir=/sterling/qww/LWQWW
stop_After=0
Somu
Hi, I am having issue in launching this app in linux
I tried http and https in both cases i dont have luck.
is there anyway you can help me?