You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Christopher Gross <co...@gmail.com> on 2012/11/08 21:29:51 UTC
Logging of user's login attempts
Using Tomcat 6.0.36.
Realm:
<Realm className="org.apache.catalina.realm.LockOutRealm"
failureCount="3" lockOutTime="300000">
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
digest="SHA" resourceName="UserDatabase" />
</Realm>
Is there a way that I can set it up to do user login auditing, so that I
can see when a user logs in, or when they have a failed attempt, etc? Been
trying to google an answer, but I haven't been finding anything useful or
specific.
Let me know if there are any other config file snippets I can provide to
figure out what I need to change.
Thanks!
-- Chris
Re: Logging of user's login attempts
Posted by Jose MarĂa Zaragoza <de...@gmail.com>.
2012/11/9 Christopher Gross <co...@gmail.com>
>
> Perhaps
> someone else who has done this can chime in, but I'll keep looking around.
> I think you got me started on the right track.
>
Well, I'm used to extending UserDatabaseRealm class and to configure
Tomcat with it, so I can have more control , by example , logging.
Re: Logging of user's login attempts
Posted by Christopher Gross <co...@gmail.com>.
Mark,
I already had it down to FINE, but I switched it to FINEST but I still
didn't get the realm.<date>.txt file to show up.
Perhaps the control lines (the ones with "MESSAGES" in them) aren't quite
right for realm, but that's how your clustering setup works. Perhaps
someone else who has done this can chime in, but I'll keep looking around.
I think you got me started on the right track.
Thanks for your help, let me know if you get any other ideas.
-- Chris
On Fri, Nov 9, 2012 at 11:33 AM, Mark Eggers <it...@yahoo.com> wrote:
> On 11/9/2012 6:04 AM, Christopher Gross wrote:
>
>> Hi Mark.
>>
>> Thanks for the suggestion -- but I'm not getting the realm log file. That
>> all looks like it should work, maybe there's just a little something that
>> I'm missing.
>>
>> -- Chris
>>
>>
>> On Thu, Nov 8, 2012 at 4:26 PM, Mark Eggers <it...@yahoo.com>
>> wrote:
>>
>> On 11/8/2012 12:29 PM, Christopher Gross wrote:
>>>
>>> Using Tomcat 6.0.36.
>>>>
>>>> Realm: <Realm className="org.apache.****catalina.realm.LockOutRealm"
>>>>
>>>> failureCount="3" lockOutTime="300000"> <Realm
>>>> className="org.apache.****catalina.realm.****UserDatabaseRealm"
>>>> digest="SHA"
>>>>
>>>> resourceName="UserDatabase" /> </Realm>
>>>>
>>>> Is there a way that I can set it up to do user login auditing, so
>>>> that I can see when a user logs in, or when they have a failed
>>>> attempt, etc? Been trying to google an answer, but I haven't been
>>>> finding anything useful or specific.
>>>>
>>>> Let me know if there are any other config file snippets I can provide
>>>> to figure out what I need to change.
>>>>
>>>> Thanks!
>>>>
>>>> -- Chris
>>>>
>>>>
>>>> Chris,
>>>
>>> Note, I haven't tried this so I may be completely off-base. The following
>>> assumes that you're using the default JULI logging setup.
>>>
>>> The realm classes are logged via Tomcat's JULI logging system (unless
>>> you've converted to log4j). You'll need to add some logging for realms.
>>>
>>> In $CATALINA_BASE/conf, there is a file called logging.properties.
>>> You'll need to modify that in three places.
>>>
>>> 1. Add a new handler by appending it to the list of current handlers
>>>
>>> Call it something like: 5realm.org.apache.juli.****FileHandler
>>>
>>>
>>> So your handlers line now looks like:
>>>
>>> handlers = 1catalina.org.apache.juli.****FileHandler,
>>> 2localhost.org.apache.juli.****FileHandler,
>>> 3manager.org.apache.juli.****FileHandler,
>>> 4host-manager.org.apache.juli.****FileHandler,
>>> java.util.logging.****ConsoleHandler,5realm.org.****
>>> apache.juli.FileHandler
>>>
>>>
>>> (sorry for the line wrapping)
>>>
>>> 2. Add the logging properties for your new handler
>>>
>>> Underneath the host manager entry, add something like the following:
>>>
>>> 5realm.org.apache.juli.****FileHandler.level = FINE
>>> 5realm.org.apache.juli.****FileHandler.directory = ${catalina.base}/logs
>>> 5realm.org.apache.juli.****FileHandler.prefix = realm.
>>>
>>>
>>> This sets up a realm log file in $CATALINA_BASE/logs.
>>>
>>> 3. Now set up the properties for the specific logger
>>>
>>> In the Facilities section, add something like the following after the
>>> host-manager entry.
>>>
>>> org.apache.catalina.realm.****MESSAGES.level = WARN
>>> org.apache.catalina.realm.****MESSAGES.handlers =
>>> 5realm.org.apache.juli.****FileHandler
>>>
>>>
>>> (again, sorry for the line wrapping)
>>>
>>> The values on the left contain the package you want to log
>>> (org.apache.catalina.realm in this case), the message level
>>> (MESSAGES.level), and the handler (MESSAGES.handlers).
>>>
>>> The values on the right contain the actual level (WARN, since from the
>>> source code all login failures look like they are at the WARN level),
>>> and the handler you defined above (5realm.org.apache.juli.****
>>> FileHandler).
>>>
>>>
>>> Restart Tomcat and you should see login failures in realm.[date].log,
>>> where [date] is the date (rotated daily).
>>>
>>> More information on configuring logging can be found here:
>>>
>>> http://tomcat.apache.org/****tomcat-6.0-doc/logging.html<http://tomcat.apache.org/**tomcat-6.0-doc/logging.html>
>>> <ht**tp://tomcat.apache.org/tomcat-**6.0-doc/logging.html<http://tomcat.apache.org/tomcat-6.0-doc/logging.html>
>>> >
>>>
>>>
>>> Again, I've not done this for Realm logging. I've done this for Cluster
>>> logging and it seems to work well.
>>>
>>> . . . . just my two cents.
>>> /mde/
>>>
>>>
> Hmm,
>
> I had thought that should work. Like I said in my email (above), I've not
> tried this for realms, but have done this for clusters.
>
> Most info looks like it's at the DEBUG level (at least in LockOutRealm).
>
> A quick search through the mailing list has recommended FINEST as the log
> level.
>
> Give FINEST a try rather than INFO and see what appears in your logs.
>
> . . . . just my two cents (without coffee)
>
> /mde/
>
> ------------------------------**------------------------------**---------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.**apache.org<us...@tomcat.apache.org>
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
Re: Logging of user's login attempts
Posted by Mark Eggers <it...@yahoo.com>.
On 11/9/2012 6:04 AM, Christopher Gross wrote:
> Hi Mark.
>
> Thanks for the suggestion -- but I'm not getting the realm log file. That
> all looks like it should work, maybe there's just a little something that
> I'm missing.
>
> -- Chris
>
>
> On Thu, Nov 8, 2012 at 4:26 PM, Mark Eggers <it...@yahoo.com> wrote:
>
>> On 11/8/2012 12:29 PM, Christopher Gross wrote:
>>
>>> Using Tomcat 6.0.36.
>>>
>>> Realm: <Realm className="org.apache.**catalina.realm.LockOutRealm"
>>> failureCount="3" lockOutTime="300000"> <Realm
>>> className="org.apache.**catalina.realm.**UserDatabaseRealm" digest="SHA"
>>> resourceName="UserDatabase" /> </Realm>
>>>
>>> Is there a way that I can set it up to do user login auditing, so
>>> that I can see when a user logs in, or when they have a failed
>>> attempt, etc? Been trying to google an answer, but I haven't been
>>> finding anything useful or specific.
>>>
>>> Let me know if there are any other config file snippets I can provide
>>> to figure out what I need to change.
>>>
>>> Thanks!
>>>
>>> -- Chris
>>>
>>>
>> Chris,
>>
>> Note, I haven't tried this so I may be completely off-base. The following
>> assumes that you're using the default JULI logging setup.
>>
>> The realm classes are logged via Tomcat's JULI logging system (unless
>> you've converted to log4j). You'll need to add some logging for realms.
>>
>> In $CATALINA_BASE/conf, there is a file called logging.properties.
>> You'll need to modify that in three places.
>>
>> 1. Add a new handler by appending it to the list of current handlers
>>
>> Call it something like: 5realm.org.apache.juli.**FileHandler
>>
>> So your handlers line now looks like:
>>
>> handlers = 1catalina.org.apache.juli.**FileHandler,
>> 2localhost.org.apache.juli.**FileHandler,
>> 3manager.org.apache.juli.**FileHandler,
>> 4host-manager.org.apache.juli.**FileHandler,
>> java.util.logging.**ConsoleHandler,5realm.org.**apache.juli.FileHandler
>>
>> (sorry for the line wrapping)
>>
>> 2. Add the logging properties for your new handler
>>
>> Underneath the host manager entry, add something like the following:
>>
>> 5realm.org.apache.juli.**FileHandler.level = FINE
>> 5realm.org.apache.juli.**FileHandler.directory = ${catalina.base}/logs
>> 5realm.org.apache.juli.**FileHandler.prefix = realm.
>>
>> This sets up a realm log file in $CATALINA_BASE/logs.
>>
>> 3. Now set up the properties for the specific logger
>>
>> In the Facilities section, add something like the following after the
>> host-manager entry.
>>
>> org.apache.catalina.realm.**MESSAGES.level = WARN
>> org.apache.catalina.realm.**MESSAGES.handlers =
>> 5realm.org.apache.juli.**FileHandler
>>
>> (again, sorry for the line wrapping)
>>
>> The values on the left contain the package you want to log
>> (org.apache.catalina.realm in this case), the message level
>> (MESSAGES.level), and the handler (MESSAGES.handlers).
>>
>> The values on the right contain the actual level (WARN, since from the
>> source code all login failures look like they are at the WARN level),
>> and the handler you defined above (5realm.org.apache.juli.**FileHandler).
>>
>> Restart Tomcat and you should see login failures in realm.[date].log,
>> where [date] is the date (rotated daily).
>>
>> More information on configuring logging can be found here:
>>
>> http://tomcat.apache.org/**tomcat-6.0-doc/logging.html<http://tomcat.apache.org/tomcat-6.0-doc/logging.html>
>>
>> Again, I've not done this for Realm logging. I've done this for Cluster
>> logging and it seems to work well.
>>
>> . . . . just my two cents.
>> /mde/
>>
Hmm,
I had thought that should work. Like I said in my email (above), I've
not tried this for realms, but have done this for clusters.
Most info looks like it's at the DEBUG level (at least in LockOutRealm).
A quick search through the mailing list has recommended FINEST as the
log level.
Give FINEST a try rather than INFO and see what appears in your logs.
. . . . just my two cents (without coffee)
/mde/
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Logging of user's login attempts
Posted by Christopher Gross <co...@gmail.com>.
Hi Mark.
Thanks for the suggestion -- but I'm not getting the realm log file. That
all looks like it should work, maybe there's just a little something that
I'm missing.
-- Chris
On Thu, Nov 8, 2012 at 4:26 PM, Mark Eggers <it...@yahoo.com> wrote:
> On 11/8/2012 12:29 PM, Christopher Gross wrote:
>
>> Using Tomcat 6.0.36.
>>
>> Realm: <Realm className="org.apache.**catalina.realm.LockOutRealm"
>> failureCount="3" lockOutTime="300000"> <Realm
>> className="org.apache.**catalina.realm.**UserDatabaseRealm" digest="SHA"
>> resourceName="UserDatabase" /> </Realm>
>>
>> Is there a way that I can set it up to do user login auditing, so
>> that I can see when a user logs in, or when they have a failed
>> attempt, etc? Been trying to google an answer, but I haven't been
>> finding anything useful or specific.
>>
>> Let me know if there are any other config file snippets I can provide
>> to figure out what I need to change.
>>
>> Thanks!
>>
>> -- Chris
>>
>>
> Chris,
>
> Note, I haven't tried this so I may be completely off-base. The following
> assumes that you're using the default JULI logging setup.
>
> The realm classes are logged via Tomcat's JULI logging system (unless
> you've converted to log4j). You'll need to add some logging for realms.
>
> In $CATALINA_BASE/conf, there is a file called logging.properties.
> You'll need to modify that in three places.
>
> 1. Add a new handler by appending it to the list of current handlers
>
> Call it something like: 5realm.org.apache.juli.**FileHandler
>
> So your handlers line now looks like:
>
> handlers = 1catalina.org.apache.juli.**FileHandler,
> 2localhost.org.apache.juli.**FileHandler,
> 3manager.org.apache.juli.**FileHandler,
> 4host-manager.org.apache.juli.**FileHandler,
> java.util.logging.**ConsoleHandler,5realm.org.**apache.juli.FileHandler
>
> (sorry for the line wrapping)
>
> 2. Add the logging properties for your new handler
>
> Underneath the host manager entry, add something like the following:
>
> 5realm.org.apache.juli.**FileHandler.level = FINE
> 5realm.org.apache.juli.**FileHandler.directory = ${catalina.base}/logs
> 5realm.org.apache.juli.**FileHandler.prefix = realm.
>
> This sets up a realm log file in $CATALINA_BASE/logs.
>
> 3. Now set up the properties for the specific logger
>
> In the Facilities section, add something like the following after the
> host-manager entry.
>
> org.apache.catalina.realm.**MESSAGES.level = WARN
> org.apache.catalina.realm.**MESSAGES.handlers =
> 5realm.org.apache.juli.**FileHandler
>
> (again, sorry for the line wrapping)
>
> The values on the left contain the package you want to log
> (org.apache.catalina.realm in this case), the message level
> (MESSAGES.level), and the handler (MESSAGES.handlers).
>
> The values on the right contain the actual level (WARN, since from the
> source code all login failures look like they are at the WARN level),
> and the handler you defined above (5realm.org.apache.juli.**FileHandler).
>
> Restart Tomcat and you should see login failures in realm.[date].log,
> where [date] is the date (rotated daily).
>
> More information on configuring logging can be found here:
>
> http://tomcat.apache.org/**tomcat-6.0-doc/logging.html<http://tomcat.apache.org/tomcat-6.0-doc/logging.html>
>
> Again, I've not done this for Realm logging. I've done this for Cluster
> logging and it seems to work well.
>
> . . . . just my two cents.
> /mde/
>
> ------------------------------**------------------------------**---------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.**apache.org<us...@tomcat.apache.org>
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
Re: Logging of user's login attempts
Posted by Mark Eggers <it...@yahoo.com>.
On 11/8/2012 12:29 PM, Christopher Gross wrote:
> Using Tomcat 6.0.36.
>
> Realm: <Realm className="org.apache.catalina.realm.LockOutRealm"
> failureCount="3" lockOutTime="300000"> <Realm
> className="org.apache.catalina.realm.UserDatabaseRealm" digest="SHA"
> resourceName="UserDatabase" /> </Realm>
>
> Is there a way that I can set it up to do user login auditing, so
> that I can see when a user logs in, or when they have a failed
> attempt, etc? Been trying to google an answer, but I haven't been
> finding anything useful or specific.
>
> Let me know if there are any other config file snippets I can provide
> to figure out what I need to change.
>
> Thanks!
>
> -- Chris
>
Chris,
Note, I haven't tried this so I may be completely off-base. The
following assumes that you're using the default JULI logging setup.
The realm classes are logged via Tomcat's JULI logging system (unless
you've converted to log4j). You'll need to add some logging for realms.
In $CATALINA_BASE/conf, there is a file called logging.properties.
You'll need to modify that in three places.
1. Add a new handler by appending it to the list of current handlers
Call it something like: 5realm.org.apache.juli.FileHandler
So your handlers line now looks like:
handlers = 1catalina.org.apache.juli.FileHandler,
2localhost.org.apache.juli.FileHandler,
3manager.org.apache.juli.FileHandler,
4host-manager.org.apache.juli.FileHandler,
java.util.logging.ConsoleHandler,5realm.org.apache.juli.FileHandler
(sorry for the line wrapping)
2. Add the logging properties for your new handler
Underneath the host manager entry, add something like the following:
5realm.org.apache.juli.FileHandler.level = FINE
5realm.org.apache.juli.FileHandler.directory = ${catalina.base}/logs
5realm.org.apache.juli.FileHandler.prefix = realm.
This sets up a realm log file in $CATALINA_BASE/logs.
3. Now set up the properties for the specific logger
In the Facilities section, add something like the following after the
host-manager entry.
org.apache.catalina.realm.MESSAGES.level = WARN
org.apache.catalina.realm.MESSAGES.handlers =
5realm.org.apache.juli.FileHandler
(again, sorry for the line wrapping)
The values on the left contain the package you want to log
(org.apache.catalina.realm in this case), the message level
(MESSAGES.level), and the handler (MESSAGES.handlers).
The values on the right contain the actual level (WARN, since from the
source code all login failures look like they are at the WARN level),
and the handler you defined above (5realm.org.apache.juli.FileHandler).
Restart Tomcat and you should see login failures in realm.[date].log,
where [date] is the date (rotated daily).
More information on configuring logging can be found here:
http://tomcat.apache.org/tomcat-6.0-doc/logging.html
Again, I've not done this for Realm logging. I've done this for Cluster
logging and it seems to work well.
. . . . just my two cents.
/mde/
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org