Advanced scanning

Scanning cluster setups

Many larger stores run on a cluster environment, with different servers acting as web, file or database server. We recommend to install eComscan on each of these servers, unless the server has a read-only filesystem, where it does not make sense to monitor for file changes.

eComscan scans databases and shared filesystems by default. If multiple servers in your cluster are simultaneously scanning shared resoures, this may produce unneccesary load. In that case, we recommend the following setup:

  • Web servers only scan their local code base and do not scan shared resources such as NFS shares and database servers. eComscan should be ran with the --one-file-system and --skip-database options, and should use a scan path that is local to the web server (such as /var/www/yourdomain)
  • If you have a shared file system (eg for media uploads), the best is to scan this on the file server (to prevent unneccesary network traffic). eComscan should be ran with the --skip-database option there (unless the file and database server are the same).
  • With a separate database server, eComscan should run with default options, pointing to the platform configuration file (eg env.php, local.xml or wp-config.php). If required, the database connection can be overridden (see next section).

Override database connection

eComscan typically accepts a (disk-) path argument and will start scanning from there. Whenever it encounters a commerce configuration file, such as local.xml or wp-config.php, it starts scanning the relevant database.

For most stores this is sufficient. However, if your store uses dynamic database configuration, or you want to enforce a specific connection, you can override the connection information using the --force-dsn command line option. This takes a DSN, which is in the form:

USER:[email protected](SERVER)/DBNAME

So for example:

maguser:[email protected](database1.provider.com)/magento

To get a DSN dynamically from a Wordpress setup, you could use the following script, which you could call wp-dsn:

#!/usr/bin/php
<?php
    require_once($argv[1]);
    printf("%s:%[email protected](%s)/%s?prefix=%s\n",
        DB_USER,
        DB_PASSWORD,
        DB_HOST,
        DB_NAME,
        $table_prefix
    );
?>

First, check that your DSN generator works:

wp-dsn /path/to/dynamic/wp-config.php
# should show DSN

If that works, you can call ecomscan like this:

ecomscan --key=YOURKEY --force-dsn=$(wp-dsn /path/to/dynamic/wp-config.php) /path/to/wordpress

You can also override the DSN by setting an environment variable before running eComscan:

export ECOMSCAN_DSN=$(wp-dsn /path/to/dynamic/wp-config.php)

Scanning “cattle” (cloud) servers

If you deploy to anonymous cloud servers, the eComscan reports may not be immediately attributable to a specific store (eg. “report for [email protected]”). You can use the eComscan tag option to mark your mail and Slack alerts:

ecomscan --tag <projectname> 

This page was last updated at Sep 24th, 2020

Need expert advice?

We are here to help!

Get in touch