IBM Domino: Sending commands to the Server Console using HTTP
I found a way to send commands to the IBM Domino server console using HTTP requests.
To do this, i need to use Domino Web Administration (webadmin.nsf) tool.
In webadmin.nsf, I use the Quick Console to send commands to a Domino server that does not run under a Controller.
Using Mozilla Firefox, i debug the request that has the following syntax:
https://{hostname}/webadmin.nsf/agReadConsoleData$UserL2?OpenAgent&Mode=QuickConsole&Command={command}
Using Curl to send commands
Now i will use curl to do the send requests. Curl is a command line tool that will let you execute all kinds of requests that will make the computer you are at interact with HTTP services.
The syntax must be
curl -k "https://{hostname}/webadmin.nsf/agReadConsoleData$UserL2?OpenAgent&Mode=QuickConsole&Command={command}" -u {user}:{password}
Where:
- -k to avoid problem with self signed certificates
- -u {user}:{password} to send username and password
Important: you must setup SSL/TLS on http request, because password is sent as plain text on header.
Example 1 - Using Basic Authentication
Send a show server command, using Basic Authentication
curl -k "https://server1.company.com/webadmin.nsf/agReadConsoleData$UserL2?OpenAgent&Mode=QuickConsole&Command=show%20server" -u userA:secret
If your command has blank spaces, you must replace blank spaces with %20.
Console commands are asynchronous and can generate output or not. In this case the response was:
hApp.aPanel.serverstatus.hQuickConsole._sConsoleResponse = '\r\nIBM Domino (r) Server (64 Bit) (Release 9.0.1FP9HF for AIX/64) 21/02/2018 09:32:25\r\n\r\nServer name: server1/Company - Administração\r\nDomain name: Company\r\nServer directory: /domino/notesdata\r\nPartition: .domino.notesdata\r\nElapsed time: 13 days 21:53:20\r\nTransactions/minute: Last minute: 1548; Last hour: 1089; Peak: 38054\r\nPeak # of sessions: 577 at 19/02/2018 12:05:47\r\nTransactions: 37072292 Max. concurrent: 100\r\nThreadPool Threads: 100 (TCPIP Port)\r\nMember of cluster:\tCluster_Admin\r\nAvailability Index: 65 (state: AVAILABLE)\r\nMail Tracking: Enabled\r\nMail Journalling: Not Enabled\r\nNumber of Mailboxes: 3\r\nPending mail: 0 Dead mail: 6 \r\nWaiting Tasks: 0\r\nDAOS: Not Enabled\r\nTransactional Logging: Not Enabled\r\nFault Recovery: Enabled\r\nActivity Logging: Not Enabled\r\nServer Controller: Not Enabled\r\nDiagnostic Directory: /domino/notesdata/IBM_TECHNICAL_SUPPORT\r\nConsole Logging: Enabled (50000K)\r\nConsole Log File: /domino/notesdata/IBM_TECHNICAL_SUPPORT/console.log\r\nDB2 Server: Not Enabled\r\n';
So you can parse the output.
Example 2 - Using Session Authentication
My Domino server was configured to use Session authentication. So I needed to login to the server first.
curl -k --data "username=userA&password=secret" -c cookies.txt "https://server1.company.com/names.nsf?login"
This command will log you in and store the LTPA_Token and LTPA_Token2 cookies that is issued by Domino server in a file called cookies.txt.
Then i will send a show server command, using that cookies
curl -k "https://server1.company.com/webadmin.nsf/agReadConsoleData$UserL2?OpenAgent&Mode=QuickConsole&Command=show%20server" --cookie cookies.txt