You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Jan Mönnich <mo...@dfn-cert.de> on 2008/02/14 16:56:01 UTC
Logging in separate Thread
Hi folks,
we want to log just the domain name a user comes from. As the required
DNS reverse lookup can take some time, we would like to do the lookup
and the logging in a separate thread. Is it a good idea to just start
a new thread for that from a servlets doPost() method?
Thanks in advance!
Jan
--
Dipl.-Inf. (FH) Jan Mönnich, PKI Team
Phone: +49 40 808077-632, Fax: +49 40 808077-556, moennich@dfn-cert.de
DFN-CERT Services GmbH, https://www.dfn-cert.de, Phone +49 40 808077-555
Sitz / Register: Hamburg, AG Hamburg, HRB 88805, Ust-IdNr.: DE 232129737
Sachsenstraße 5, 20097 Hamburg/Germany, CEO: Dr. Klaus-Peter Kossakowski
15 Jahre DFN-CERT + 15. DFN-Workshop "Sicherheit in vernetzten Systemen"
am 13./14. Februar 2008 im CCH Hamburg - https://www.dfn-cert.de/ws2008/
Re: Logging in separate Thread
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Jan and Matthias,
Reich, Matthias wrote:
| I think it is better to start one background worker thread and pass
| the log requests to that thread with the help of a queue.
Definitely. Otherwise, you could have threads piling up on one another
if every request spawns another thread (and waits a bit to do the lookup).
| You can
| also consider to let the worker cache the DNS lookup results.
| (Usually you will see requests from the same clients lots of times.)
Another good idea.
Another idea would be to do the lookups later, as part of a
post-log-processing process. For instance, our production site uses
Apache to log requests without reverse DNS lookup. When we run webalizer
to generate graphs and stuff for the logs, we have webalizer do the
reverse DNS lookup at that time. That way, the app server (or web server
in our case), never has to do the lookup at all. This might be an option
for you.
Finally, the servlet specification allows containers to constrain
webapps in certain ways, including the creation of threads (so that
webapps are less likely to cause instability):
~From section 1.3 (spec v2.5):
"A servlet container may place security restrictions on the environment
in which a servlet executes. In a Java Platform, Standard Edition (J2SE,
v.1.3 or above) or Java Platform, Enterprise Edition (Java EE, v.1.3 or
above) environment, these restrictions should be placed using the
permission architecture defined by the Java platform. For example,
high-end application servers may limit the creation of a Thread object
to insure that other components of the container are not negatively
impacted."
Also note that you should capture the IP address from the request before
handing anything off to another thread (or to a queue that will be
processed by another thread). You certainly do not want to store the
request object itself anywhere: it breaks the spec (see below) and it
WILL break your application.
~From section 2.3.4:
"References to the request and response objects should not be given to
objects executing in other threads as the resulting behavior may be
nondeterministic."
(And they're not kidding!)
Good luck,
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAke0dxgACgkQ9CaO5/Lv0PCr+QCgp1uxyDZonjPWV3rnzmB0Nypl
hfEAn088ftX6aes/rMh+re33y8/OLgSS
=GJnF
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: Logging in separate Thread
Posted by "Reich, Matthias" <ma...@siemens.com>.
I think it is better to start one background worker thread and pass the log requests to that thread with the help of a queue.
You can also consider to let the worker cache the DNS lookup results.
(Usually you will see requests from the same clients lots of times.)
- Matthias
-----Original Message-----
From: Jan Mönnich [mailto:moennich@dfn-cert.de]
Sent: Thursday, February 14, 2008 4:56 PM
To: Tomcat Users List
Subject: Logging in separate Thread
Hi folks,
we want to log just the domain name a user comes from. As the required
DNS reverse lookup can take some time, we would like to do the lookup
and the logging in a separate thread. Is it a good idea to just start
a new thread for that from a servlets doPost() method?
Thanks in advance!
Jan
--
Dipl.-Inf. (FH) Jan Mönnich, PKI Team
Phone: +49 40 808077-632, Fax: +49 40 808077-556, moennich@dfn-cert.de
DFN-CERT Services GmbH, https://www.dfn-cert.de, Phone +49 40 808077-555
Sitz / Register: Hamburg, AG Hamburg, HRB 88805, Ust-IdNr.: DE 232129737
Sachsenstraße 5, 20097 Hamburg/Germany, CEO: Dr. Klaus-Peter Kossakowski
15 Jahre DFN-CERT + 15. DFN-Workshop "Sicherheit in vernetzten Systemen"
am 13./14. Februar 2008 im CCH Hamburg - https://www.dfn-cert.de/ws2008/
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org