본문으로 건너뛰기
KYRA MDR KYRA MDR Docs

JEUS & WebtoB Integration

Overview

This integration collects access logs and application logs from JEUS (Java EE application server) and WebtoB (web server) by TmaxSoft. These products are the standard middleware in Korean government agencies and financial institutions, holding over 60% of the public sector WAS market under domestic software procurement requirements.

Supported versions: JEUS 8, WebtoB 5

Prerequisites

  • A KYRA MDR Collector installed and running (Installation Guide)
  • Root or administrative access on the JEUS/WebtoB server
  • Network connectivity from the server to the collector on port 514

Configuration

JEUS Access Log

Enable access logging in the JEUS domain configuration (domain.xml):

<web-connections>
    <http-listener>
        <access-log>
            <format>%h %l %u %t "%r" %s %b</format>
        </access-log>
    </http-listener>
</web-connections>

WebtoB Access Log

Configure logging in the WebtoB configuration file (http.m):

*NODE
LOGGING = "log1"
*LOGGING
log1
    FILENAME = "/home/tmax/webtob/log/access.log"
    FORMAT = "DEFAULT"

rsyslog File Monitoring

Forward JEUS and WebtoB logs to the collector via rsyslog:

/etc/rsyslog.d/jeus-webtob.conf
module(load="imfile")
input(type="imfile" File="/home/tmax/jeus/domains/*/servers/*/logs/access*.log" Tag="jeus-access" Facility="local1")
input(type="imfile" File="/home/tmax/webtob/log/access.log" Tag="webtob-access" Facility="local1")
local1.* @@KYRA_COLLECTOR_IP:514

Restart rsyslog: sudo systemctl restart rsyslog

Collected Log Types

Log TypeSecurity UsePriority
Access logsSQL injection, XSS, path traversal detectionCritical
WebAdmin console accessAdmin console attack attemptsCritical
Deployment eventsUnauthorized .ear/.war deploymentHigh
Authentication failuresBrute force on admin console or app loginHigh
JVM errorsOutOfMemoryError, StackOverflow (DoS indicators)Medium
Application exceptionsSuspicious error patternsMedium

Troubleshooting

No Logs Received

  1. Verify access logging is enabled in domain.xml (JEUS) or http.m (WebtoB)
  2. Check that the log file paths in rsyslog match the actual JEUS/WebtoB installation paths
  3. Ensure port 514 is open between the server and collector
  4. Restart rsyslog after config changes: sudo systemctl restart rsyslog

Log Path Variations

  • JEUS log paths vary by domain and server name; use wildcard patterns in rsyslog
  • WebtoB log location depends on the FILENAME setting in http.m

For additional help, contact kyra@seekerslab.com.