You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Jussila Ville <vi...@hel.fi> on 2017/10/02 13:18:07 UTC
Tomcat accesslogs / Geoserver
Hi List,
We are running Geoserver 2.11.1 with Java 1.8.0_131 on Tomcat 8.0.44.
I have tried before Geoserver's own mailing list without any help, so now I try this one. Geoserver is a map engine to publish raster and vector data in the Internet. More information can be found here http://geoserver.org/
We are not able to record the username in the Tomcat Accesslog. Geoserver has it's monitor plugin and Auditlogs, which we have installed and logs are running nicely with recorded username. In the Tomcat's accesslog they don't show up no matter what I try. We prefer more using Tomcat's access logs, as we are not satisfied Geoservers format.
Here are parameters for the AccessLogValve in Tomcat 8.0\conf\server.xml file
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="D:\Data\GeoServer\Tomcat_logs"
prefix="localhost_access_log" suffix=".txt"
pattern="%a %{X-Forwarded-FOR}i %u %t "%r" %s %b" />
I have tried to replace "%u" parameter with different kinds of syntaxes example "%{username}s", "%{userName}s", "%{remoteUser}s", "%{remoteuser}s", but none of them had solved the problem. Not even replacing "s" with "i". With {Authorization}i, I was able to record that Geoserver is using Basic authentication as it is set in UI.
Can you help me?
With best regards
Mr. Ville Jussila
Cadastral Surveyor
City of Helsinki
Finland
Re: VS: Tomcat accesslogs / Geoserver
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Jussila,
On 10/3/17 1:40 AM, Jussila Ville wrote:
> Thanks for your fast answer.
>
> I'm quite new with Tomcat and HTTP. But as you said, Geoserver is
> taking care of the authentication itself. So this is the problem
> and we are not able to log the username in the access logs. I think
> we have to focus then on the Geoserver own logging.
I have an idea for you, and it will only work because of the use of
HTTP Basic authentication.
With HTTP Basic, the username and password are present in every HTTP
request. Just because Tomcat is ignoring them doesn't mean you have to
ignore them.
You can log the incoming HTTP header WWW-Authenticate and you'll
capture the user's username. Unfortunately, you'll also capture their
password, which is a REALLY BAD THING TO DO in a log file like that.
But that might be the beginning of a solution.
Tomcat's access log component is a Valve, which means it runs before
any Filters. If you wrote a Valve to parse the WWW-Authenticate header
and place the user's username in a request parameter, you could log
that using the AccessLogValve.
The Valve will be relatively simple to write, but it does require that
you compile it against the Tomcat API itself, and then deploy the
Valve at the server level instead of in your application.
Hope that helps,
- -chris
> -----Alkuperäinen viesti----- Lähettäjä: Christopher Schultz
> [mailto:chris@christopherschultz.net] Lähetetty: 2. lokakuuta 2017
> 17:31 Vastaanottaja: users@tomcat.apache.org Aihe: Re: Tomcat
> accesslogs / Geoserver
>
> Jussila,
>
> On 10/2/17 9:18 AM, Jussila Ville wrote:
>> We are running Geoserver 2.11.1 with Java 1.8.0_131 on Tomcat
>> 8.0.44.
>
>> I have tried before Geoserver's own mailing list without any
>> help, so now I try this one. Geoserver is a map engine to publish
>> raster and vector data in the Internet. More information can be
>> found here http://geoserver.org/
>
>> We are not able to record the username in the Tomcat Accesslog.
>> Geoserver has it's monitor plugin and Auditlogs, which we have
>> installed and logs are running nicely with recorded username. In
>> the Tomcat's accesslog they don't show up no matter what I try.
>> We prefer more using Tomcat's access logs, as we are not
>> satisfied Geoservers format.
>
>> Here are parameters for the AccessLogValve in Tomcat
>> 8.0\conf\server.xml file
>
>> <Valve className="org.apache.catalina.valves.AccessLogValve"
>> directory="D:\Data\GeoServer\Tomcat_logs"
>> prefix="localhost_access_log" suffix=".txt" pattern="%a
>> %{X-Forwarded-FOR}i %u %t "%r" %s %b" />
>
>> I have tried to replace "%u" parameter with different kinds of
>> syntaxes example "%{username}s", "%{userName}s",
>> "%{remoteUser}s", "%{remoteuser}s", but none of them had solved
>> the problem. Not even replacing "s" with "i". With
>> {Authorization}i, I was able to record that Geoserver is using
>> Basic authentication as it is set in UI.
>
>> Can you help me?
>
> Is it possible that Geoserver is using its own built-in HTTP Basic
> authentication instead of having Tomcat handle authentication? If
> so, Tomcat knows nothing about the user, etc. and can't log
> anything about them in the access log.
>
> -chris
>
> ---------------------------------------------------------------------
>
>
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
> ---------------------------------------------------------------------
>
>
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQJRBAEBCAA7FiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlnUMTEdHGNocmlzQGNo
cmlzdG9waGVyc2NodWx0ei5uZXQACgkQHPApP6U8pFgscw//QvrrDfjsMloHqhhV
d5svOMHqTwwKiD0sTNsJu8PscT19a2rtYVcf2C0Y9WG7uKYeeQkns0Mvg9KFxH+j
iSbwLVpLXgPuAa8pmPd9CxUOo5GvT1gkcrGiuB97J7q2m6n2lxhgjP2Wvc1/tln6
uhDjhuQjm9MsHE7SdEkN2zo6QDeog+AXEezNVUWsQulvXXVaAqwSMApmw9zFFKC0
KzGjEC26zSNM3qI8lTMpzo5oY9s52COtDPdc48yCEvss+ilM1nVO3FBc3PhU0gvg
EIT69r1vLPCwyaF5TGwJ44n1t3q0IU6/GZ5JKr2DbB5jg0ey5H7FhyX/eMIR0vqS
YtXA81Zi9xQ0ghmEuAp154ewxr1yL5XYC87JAbsT6kClTYTJVLvAeuDsXiqtfDw1
8vJy0+Q1KA1bq5UOZmHpzz8aP/B19EPMYXX62bUyeGxfRBs9tRZTrUta26gurzAW
jrYTJZb4KsGiqYgWGmjIOcXjvVhsaQFuoNGFDuHqW2wEYAVC4pVlKxI2fcpVAp6Z
GMm7cl+gmwWjoW1zknm8WMjXXE+pTQirz3sMC2spybm6sRMPc2oObnxrk1DNTli/
JxoKD/8KPm5U0JR28bYBb512YVB+cKFU2Y5ktcOzbdqNl0zERoAjlMuS8vA+zUAY
vaGdKTibeVNBsCtkgNiqXs+R37U=
=zLFb
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
VS: Tomcat accesslogs / Geoserver
Posted by Jussila Ville <vi...@hel.fi>.
Hi Christopher,
Thanks for your fast answer.
I'm quite new with Tomcat and HTTP. But as you said, Geoserver is taking care of the authentication itself. So this is the problem and we are not able to log the username in the access logs. I think we have to focus then on the Geoserver own logging.
With best regards
Ville Jussila
-----Alkuperäinen viesti-----
Lähettäjä: Christopher Schultz [mailto:chris@christopherschultz.net]
Lähetetty: 2. lokakuuta 2017 17:31
Vastaanottaja: users@tomcat.apache.org
Aihe: Re: Tomcat accesslogs / Geoserver
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Jussila,
On 10/2/17 9:18 AM, Jussila Ville wrote:
> We are running Geoserver 2.11.1 with Java 1.8.0_131 on Tomcat 8.0.44.
>
> I have tried before Geoserver's own mailing list without any help, so
> now I try this one. Geoserver is a map engine to publish raster and
> vector data in the Internet. More information can be found here
> http://geoserver.org/
>
> We are not able to record the username in the Tomcat Accesslog.
> Geoserver has it's monitor plugin and Auditlogs, which we have
> installed and logs are running nicely with recorded username. In the
> Tomcat's accesslog they don't show up no matter what I try. We prefer
> more using Tomcat's access logs, as we are not satisfied Geoservers
> format.
>
> Here are parameters for the AccessLogValve in Tomcat
> 8.0\conf\server.xml file
>
> <Valve className="org.apache.catalina.valves.AccessLogValve"
> directory="D:\Data\GeoServer\Tomcat_logs"
> prefix="localhost_access_log" suffix=".txt" pattern="%a
> %{X-Forwarded-FOR}i %u %t "%r" %s %b" />
>
> I have tried to replace "%u" parameter with different kinds of
> syntaxes example "%{username}s", "%{userName}s", "%{remoteUser}s",
> "%{remoteuser}s", but none of them had solved the problem. Not even
> replacing "s" with "i". With {Authorization}i, I was able to record
> that Geoserver is using Basic authentication as it is set in UI.
>
> Can you help me?
Is it possible that Geoserver is using its own built-in HTTP Basic authentication instead of having Tomcat handle authentication? If so, Tomcat knows nothing about the user, etc. and can't log anything about them in the access log.
- -chris
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlnSTY4ACgkQHPApP6U8
pFjXDQ/+LWYJutG9VsGs6mBN1kVem2J70hiavDRAN//pkrloH6q/U5wlYEXBrmTf
vacFeMtOmjOeu8rOmh94Pg1GTH+kMS1qEu9/IlAebToH6HZzJ7ZPo8Zguo7H7nPv
xVPk/urPwfeGlH5WZX+PWj52OI5pHq8NTDhMrNi0CftQIaCDSH43Di+CpfTlBa/Z
HBMFXTjCFdYpZ1oN1zvGOYkwiQsK8HUEOZ41Dfc/YR4/oiSotLNE4Td6dsDOMrj1
/VpLOlpTEn8UrdpbddvZKb8axd4kyVdMQ7wGRsHSxiV54p1h9LZPC9T+OwCdmHsF
5TR31xfrYbIwTabRCnnekGeA3cXDsoRTK5xcdIuWw5aJVgvbQJFWslb4Vnmx0CYJ
lkwQS5SXWBLlWH3LsJxXxfQ60WJ/kv9UZ3maN4EMvL8CerwaWLXq1tUIo9lIMDFt
xPjuz+ZLvgKi+CFQvK+Y8y3K/laVGBIwRawqYl+5NMCFtvwbmC3mW0kDs6srEQvi
ZRloXpE9J/SHwcQIeR1kadkmIq5fQsBM1JeEugdH4ZyJdBO307lUZvPnld+/7xPp
Q9Fuw7dBRsjXr2okN4t7yFP7Oxw9yXOoTFS+zutX6bc7BQ0tmThacbCz9YdDetTS
t9ZHPrlDu8sRDqQR+CAr6Tu+oMDQBS1I7CTx8FIqboahsnruW3g=
=+oGU
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Tomcat accesslogs / Geoserver
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Jussila,
On 10/2/17 9:18 AM, Jussila Ville wrote:
> We are running Geoserver 2.11.1 with Java 1.8.0_131 on Tomcat
> 8.0.44.
>
> I have tried before Geoserver's own mailing list without any help,
> so now I try this one. Geoserver is a map engine to publish raster
> and vector data in the Internet. More information can be found here
> http://geoserver.org/
>
> We are not able to record the username in the Tomcat Accesslog.
> Geoserver has it's monitor plugin and Auditlogs, which we have
> installed and logs are running nicely with recorded username. In
> the Tomcat's accesslog they don't show up no matter what I try. We
> prefer more using Tomcat's access logs, as we are not satisfied
> Geoservers format.
>
> Here are parameters for the AccessLogValve in Tomcat
> 8.0\conf\server.xml file
>
> <Valve className="org.apache.catalina.valves.AccessLogValve"
> directory="D:\Data\GeoServer\Tomcat_logs"
> prefix="localhost_access_log" suffix=".txt" pattern="%a
> %{X-Forwarded-FOR}i %u %t "%r" %s %b" />
>
> I have tried to replace "%u" parameter with different kinds of
> syntaxes example "%{username}s", "%{userName}s", "%{remoteUser}s",
> "%{remoteuser}s", but none of them had solved the problem. Not even
> replacing "s" with "i". With {Authorization}i, I was able to record
> that Geoserver is using Basic authentication as it is set in UI.
>
> Can you help me?
Is it possible that Geoserver is using its own built-in HTTP Basic
authentication instead of having Tomcat handle authentication? If so,
Tomcat knows nothing about the user, etc. and can't log anything about
them in the access log.
- -chris
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlnSTY4ACgkQHPApP6U8
pFjXDQ/+LWYJutG9VsGs6mBN1kVem2J70hiavDRAN//pkrloH6q/U5wlYEXBrmTf
vacFeMtOmjOeu8rOmh94Pg1GTH+kMS1qEu9/IlAebToH6HZzJ7ZPo8Zguo7H7nPv
xVPk/urPwfeGlH5WZX+PWj52OI5pHq8NTDhMrNi0CftQIaCDSH43Di+CpfTlBa/Z
HBMFXTjCFdYpZ1oN1zvGOYkwiQsK8HUEOZ41Dfc/YR4/oiSotLNE4Td6dsDOMrj1
/VpLOlpTEn8UrdpbddvZKb8axd4kyVdMQ7wGRsHSxiV54p1h9LZPC9T+OwCdmHsF
5TR31xfrYbIwTabRCnnekGeA3cXDsoRTK5xcdIuWw5aJVgvbQJFWslb4Vnmx0CYJ
lkwQS5SXWBLlWH3LsJxXxfQ60WJ/kv9UZ3maN4EMvL8CerwaWLXq1tUIo9lIMDFt
xPjuz+ZLvgKi+CFQvK+Y8y3K/laVGBIwRawqYl+5NMCFtvwbmC3mW0kDs6srEQvi
ZRloXpE9J/SHwcQIeR1kadkmIq5fQsBM1JeEugdH4ZyJdBO307lUZvPnld+/7xPp
Q9Fuw7dBRsjXr2okN4t7yFP7Oxw9yXOoTFS+zutX6bc7BQ0tmThacbCz9YdDetTS
t9ZHPrlDu8sRDqQR+CAr6Tu+oMDQBS1I7CTx8FIqboahsnruW3g=
=+oGU
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org