You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Fidelis Mnyanyi <fi...@otago.ac.nz> on 2009/12/17 03:08:52 UTC
Logging all traffics to Tomcat servers
Hi Tomcat Gurus,
I'm running Business Objects XI 3.1 (with Tomcat 5.5.20 as a web server) on Windows 2008 server. I have 2 server machines running Tomcat web-servers.
Tomcat servers are behind a Load Balancer.
What I want to achieve is to be able to log all traffics (user connections/attempts) to my tomcat web servers (successful and unsuccessful logins). Can someone please tell me how I can achieve this? If it is through configuring tomcat logging or it is something I should be doing from load-balancer side.
Many regards,
Fide
Re: Logging all traffics to Tomcat servers
Posted by Bill Barker <bi...@verizon.net>.
"Christopher Schultz" <ch...@christopherschultz.net> wrote in message
news:4B2AA7C4.1060709@christopherschultz.net...
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Fidelis,
>
> On 12/17/2009 3:42 PM, Fidelis Mnyanyi wrote:
>> Thanks Konstantin for your response. I tried to use AccessLogValve,
>> but noticed I can only capture successful logins. I would like to be
>> able to capture all unsuccessful attempts as well for security-audit
>> reasons, is this possible through Tomcat?
>
> Really? Tomcat doesn't log requests to j_security_check through
> AccessLogValve?
>
Unless you are configuring the FormAuthenticator your self, it should log
j_security_check (since the default behavior is to add FormAuthenticator
after any Valve in context.xml).
> Note that AccessLogValve will not directly log "failed logins": it only
> logs HTTP requests and their statuses, etc. You will have to deduce from
> the status code what happened during the request.
>
In particular, a 302 status code means success, and a 200 status code means
failure (or, rather, what ever status code the error page returns).
> If you want to actually log failed logins, you'll need to use something
> other than the standard realms Tomcat provides (except maybe
> JAASRealm... I've never used that one but it appears that it is much
> more flexible than the other realm implementations).
>
> - -chris
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.10 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAksqp8QACgkQ9CaO5/Lv0PATzACghn0Apk8uew1/et9QUK6t2HTW
> InoAnAzcwEbLLnxwIfDUgLJUfwPdivrJ
> =btRk
> -----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Logging all traffics to Tomcat servers
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Fidelis,
On 12/17/2009 3:42 PM, Fidelis Mnyanyi wrote:
> Thanks Konstantin for your response. I tried to use AccessLogValve,
> but noticed I can only capture successful logins. I would like to be
> able to capture all unsuccessful attempts as well for security-audit
> reasons, is this possible through Tomcat?
Really? Tomcat doesn't log requests to j_security_check through
AccessLogValve?
Note that AccessLogValve will not directly log "failed logins": it only
logs HTTP requests and their statuses, etc. You will have to deduce from
the status code what happened during the request.
If you want to actually log failed logins, you'll need to use something
other than the standard realms Tomcat provides (except maybe
JAASRealm... I've never used that one but it appears that it is much
more flexible than the other realm implementations).
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAksqp8QACgkQ9CaO5/Lv0PATzACghn0Apk8uew1/et9QUK6t2HTW
InoAnAzcwEbLLnxwIfDUgLJUfwPdivrJ
=btRk
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: Logging all traffics to Tomcat servers
Posted by Fidelis Mnyanyi <fi...@otago.ac.nz>.
Thanks Konstantin for your response. I tried to use AccessLogValve, but noticed I can only capture successful logins. I would like to be able to capture all unsuccessful attempts as well for security-audit reasons, is this possible through Tomcat?
Thanks,
Fidelis
-----Original Message-----
From: Konstantin Kolinko [mailto:knst.kolinko@gmail.com]
Sent: Thursday, 17 December 2009 4:19 p.m.
To: Tomcat Users List
Subject: Re: Logging all traffics to Tomcat servers
2009/12/17 Fidelis Mnyanyi <fi...@otago.ac.nz>:
> Hi Tomcat Gurus,
>
> I'm running Business Objects XI 3.1 (with Tomcat 5.5.20 as a web server) on Windows 2008 server. I have 2 server machines running Tomcat web-servers.
>
> Tomcat servers are behind a Load Balancer.
>
> What I want to achieve is to be able to log all traffics (user connections/attempts) to my tomcat web servers (successful and unsuccessful logins). Can someone please tell me how I can achieve this? If it is through configuring tomcat logging or it is something I should be doing from load-balancer side.
>
See AccessLogValve
http://tomcat.apache.org/tomcat-6.0-doc/config/valve.html
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Logging all traffics to Tomcat servers
Posted by Konstantin Kolinko <kn...@gmail.com>.
2009/12/17 Fidelis Mnyanyi <fi...@otago.ac.nz>:
> Hi Tomcat Gurus,
>
> I'm running Business Objects XI 3.1 (with Tomcat 5.5.20 as a web server) on Windows 2008 server. I have 2 server machines running Tomcat web-servers.
>
> Tomcat servers are behind a Load Balancer.
>
> What I want to achieve is to be able to log all traffics (user connections/attempts) to my tomcat web servers (successful and unsuccessful logins). Can someone please tell me how I can achieve this? If it is through configuring tomcat logging or it is something I should be doing from load-balancer side.
>
See AccessLogValve
http://tomcat.apache.org/tomcat-6.0-doc/config/valve.html
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org