You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Su Zhang <we...@gmail.com> on 2012/06/08 21:09:10 UTC
check tomcat (6.0.32) log settings automatically
Hello,
We want to check the log settings (e.g.attributes need to be logged) of
tomcat server and then evaluate the security level for the application.
I am evaluating over a well-built system so what I can obtain is only its
binary code and configuration files. Is there any way we can infer the log
settings automatically?
Thank you,
--
Su Zhang
Ph.D Candidate
Computing and Information Sciences
Kansas State University
Re: check tomcat (6.0.32) log settings automatically
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Su,
On 6/8/12 4:33 PM, Su Zhang wrote:
> I apologize that I didn't state my question clearly. I was asking
> the tomcat log settings rather than application log settings. Any
> solutions?
Can you describe the kinds of things you need to be looking for? It's
probably difficult to look at a log configuration line like this:
my.logger.level=INFO
... and determine if my.logger.level is going to log anything
sensitive at the INFO level. Just ask Apple about that one[1].
- -chris
[1]
http://nakedsecurity.sophos.com/2012/05/06/apple-update-to-os-x-lion-exposes-encryption-passwords/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk/UuGIACgkQ9CaO5/Lv0PAZgwCfQeTpKbBUKXKIIq1cNOuh7+a9
sM4An2Ko9D8Fo16U1vtEdgYRe4o8h2SM
=BfKn
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: check tomcat (6.0.32) log settings automatically
Posted by Su Zhang <we...@gmail.com>.
I apologize that I didn't state my question clearly. I was asking the
tomcat log settings rather than application log settings.
Any solutions?
Thanks in advance,
On Fri, Jun 8, 2012 at 12:45 PM, Pid <pi...@pidster.com> wrote:
> On 08/06/2012 20:09, Su Zhang wrote:
> > Hello,
> >
> > We want to check the log settings (e.g.attributes need to be logged) of
> > tomcat server and then evaluate the security level for the application.
>
> Tomcat log config and application log config are two different things.
>
>
> > I am evaluating over a well-built system so what I can obtain is only its
> > binary code and configuration files. Is there any way we can infer the
> log
> > settings automatically?
>
> Examine the application for log configuration files.
>
> E.g. This is a typical example, for an app that uses Log4J.
>
> myapp/WEB-INF/classes/log4j.properties
>
>
> p
>
>
> --
>
> [key:62590808]
>
>
--
Su Zhang
Ph.D Candidate
Computing and Information Sciences
Kansas State University
Re: check tomcat (6.0.32) log settings automatically
Posted by Pid <pi...@pidster.com>.
On 08/06/2012 20:09, Su Zhang wrote:
> Hello,
>
> We want to check the log settings (e.g.attributes need to be logged) of
> tomcat server and then evaluate the security level for the application.
Tomcat log config and application log config are two different things.
> I am evaluating over a well-built system so what I can obtain is only its
> binary code and configuration files. Is there any way we can infer the log
> settings automatically?
Examine the application for log configuration files.
E.g. This is a typical example, for an app that uses Log4J.
myapp/WEB-INF/classes/log4j.properties
p
--
[key:62590808]