You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Tapio Niemi <ta...@necora.fi> on 2011/11/14 09:24:18 UTC
Re: Adding SSL information into access log
Hi!
> I already tried: pattern="%{SSL_CLIENT_M_SERIAL}r %h %l %u %t
> "%r" %s %b" on access log valce configuration, which
> caused server not to start
> That shouldn't have happened: Tomcat should start with the above log
> pattern.
And it does; was some kind of temporary glitch which you get when you do
stop-start-configure-use browser-stop-start in a rapid sequence.
>> , and pattern="%{CLIENT_AUTH}r %h %l %u %t"%r" %s %b",
>> which just causes "-" to appear on the log.
> That's because "CLIENT_AUTH" doesn't appear to be a request attribute.
Yep, it's a field in a some class I can't anymore remember which I used
to make a guess.
>> Also tried %{SSL_CLIENT_M_SERIAL}x and s with varying results.
> Why did you try that? Just guessing?
Yes, just guessing.
>
> If you can't find a standard request attribute that meets your needs,
> you could always write a Filter (or Valve, if it's necessary to run
> before the AccessLogValve) that puts anything you want into the
> request for logging purposes.
Now this is great advice. That is exactly what I ended up doing. I wrote
a filter that sets a custom request attribute with all the needed data
and then use that in AccessLogValve configuration. Works great, and
doesn't require that much knowledge of Tomcat internals that i thought
it might. Can recommend this solution to anyone with similar needs. Not
contributing my filter publicly however, since the code is not very
generic; it gives internal server error on non-SSL request (quite easy
to fix if required) plus some minor concerns.
-Tapio Niemi
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Adding SSL information into access log
Posted by Konstantin Kolinko <kn...@gmail.com>.
2011/11/14 Tapio Niemi <ta...@necora.fi>:
>>
>> If you can't find a standard request attribute that meets your needs,
>> you could always write a Filter (or Valve, if it's necessary to run
>> before the AccessLogValve) that puts anything you want into the
>> request for logging purposes.
>
> Now this is great advice. That is exactly what I ended up doing. I wrote a
> filter that sets a custom request attribute with all the needed data and
> then use that in AccessLogValve configuration. Works great, and doesn't
> require that much knowledge of Tomcat internals that i thought it might. Can
> recommend this solution to anyone with similar needs. Not contributing my
> filter publicly however, since the code is not very generic; it gives
> internal server error on non-SSL request (quite easy to fix if required)
> plus some minor concerns.
>
If you want, you can contribute it to the FAQ,
http://wiki.apache.org/tomcat/FAQ/Logging
That code does not need to be production quality.
Best regards,
Konstantin Kolinko
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org