JBoss 7 is slightly different than earlier version JBoss 5 or 6. The procedure to enable access logs in JBoss 7 is also changed and you must be familiar on how to enable access logs in JBoss 7.
- Go to JBoss/standalone/configuration folder
- Add following in standalone.xml, look for domain:web syntax and ensure to add before closing </virtual-server> tag.
<access-log pattern="%a %t %H %p %U %s %S %T" rotate="true"><directory path="." relative-to="jboss.server.log.dir"/></access-log>
Ex:
<subsystem xmlns="urn:jboss:domain:web:1.1" default-virtual-server="default-host" native="false"> <connector name="http" protocol="HTTP/1.1" scheme="http" socket-binding="http"/> <virtual-server name="default-host" enable-welcome-root="true"> <alias name="localhost"/> <alias name="example.com"/> <access-log pattern="%a %t %H %p %U %s %S %T" rotate="true"> <directory path="." relative-to="jboss.server.log.dir"/> </access-log> </virtual-server> </subsystem>
- Restart JBoss 7 server and verify the access logs under log folder.
You may refer following for valve patterns to capture in access log.
%a- Remote IP address
%A- Local IP address
%b- Bytes sent, excluding HTTP headers, or ‘-‘ if zero
%B- Bytes sent, excluding HTTP headers
%h- Remote host name (or IP address if resolveHostsis false)
%H- Request protocol
%l- Remote logical username from identd (always returns ‘-‘)
%m- Request method (GET, POST, etc.)
%p- Local port on which this request was received
%q- Query string (prepended with a ‘?‘ if it exists)
%r- First line of the request (method and request URI)
%s- HTTP status code of the response
%S- User session ID
%t- Date and time, in Common Log Format
%u- Remote user that was authenticated (if any), else ‘-‘
%U- Requested URL path
%v- Local server name
%D- Time taken to process the request, in millis
%T- Time taken to process the request, in seconds
%I- current request thread name (can compare later with stacktraces)
ntroduction
Sometimes we need to log usage activity in tomcat. It could be that tomcat is the main web server for the site and we want to record site activity, (hits, page views, errors). It could be that tomcat is the application server and we want to see if there are any test systems hitting production or it could be a desire to correlate resource requests to exceptions. This HowTo is meant to illustrate the steps necessary to set up access loging in tomcat. At time of this writing, tomcat 6 is still the mainstream version in use, so this document will be using tomcat 6 for examples but I don‘t expect there to be too many differences that could not be applied to tomcat 5.5 or tomcat 7.
Enabling the Tomcat Access Logger
Tomcat access logging is enabled by modifying the server.xml file and uncommenting the Access Log Valve. In a default tomcat implementation, the access log valve section is located within the Host
element. Uncommenting the entry will enable an access log that contains fields equivalent to a "common" log file format from Apache. The defaults for the valve will result in a file named "localhost_access_log" followed by the date, followed by a ".txt" file extension. IP addresses will be logged, not hostnames and log file will be written into the${tomcat.home}/logs
directory. The fields present in the log file using a common format are:
- Client host name (recorded as an IP if the default
resolveHosts
is not changed to "true"). - Remote logical username (which always prints a "-").
- Remote authenticated user ID (if one exists)
- Date and Time of the request
- HTTP Method and URI requested
- HTTP Response Status Code
- Size, in bytes, of the response (excluding http response headers)
Below is a snippet of the relevants parts of a server.xml displaying the newly enabled access logging defaults:
01 | < Host name = "localhost" appBase = "webapps" |
02 | unpackWARs = "true" autoDeploy = "true" |
03 | xmlValidation = "false" xmlNamespaceAware = "false" > |
14 | < Valve className = "org.apache.catalina.valves.AccessLogValve" directory = "logs" |
15 | prefix = "localhost_access_log." suffix = ".txt" pattern = "common" resolveHosts = "false" /> |
Customizing the Access Log
The common log format is ok but changing the pattern to combined
adds the User-Agent (browser or robot type) and the referring web site and URI. Tomcat also provides additional options to log things like the request protocol, the local port that received the request, user session ID‘s, incoming or outgoing request headers, etc. A full list is documented at the Tomcat Configuration Reference Valve Component page.
If you are running a version of tomcat greater than version 6.0.21 or tomcat 7, you can take advantage of the new Remote IP Valve. For access logging, the nice thing about this valve is that it will swap the client IP with an IP address passed with the X-Forwarded-For header—automatically—if an IP address is passed in the X-Forwarded-For header. Loading it is pretty easy. Just add the org.apache.catalina.valves.RemoteIpValve
to your server.xml before your AccessLogValve
declaration. For example:
01 | < Host name = "localhost" appBase = "webapps" |
02 | unpackWARs = "true" autoDeploy = "true" |
03 | xmlValidation = "false" xmlNamespaceAware = "false" > |
12 | < Valve className = "org.apache.catalina.valves.RemoteIpValve" /> |
17 | < Valve className = "org.apache.catalina.valves.AccessLogValve" directory = "logs" |
18 | prefix = "localhost_access_log." suffix = ".txt" |
19 | pattern = "combined" resolveHosts = "false" /> |
This is enough to get you started with the RemoteIP Valve but you‘re going to want to add some additional settings to customize it so that it is specific to your environment. For example, if there are some F5 BigIP‘s load-balancing your servers, you will want to add the IP address(es) of the SNAT IP to RemoteIP Valve‘sinternalProxies
property.
If you are using a version of tomcat 6 older than 6.0.21 and you want to store the X-Forwarded-For IP address instead, then you could modify the pattern
property of your AccessLogValve. You‘ll need to remove the "common" or "combined" pattern and replace it with one of the following patterns:
1 | Common Log Format: %{X-Forwarded-For}i %l %u %t "%r" %s %b |
2 | Combined Log Format: %{X-Forwarded-For}i %l %u %t %r %s %b %{User-Agent}i %{Referer}i |
The main problem here, that RemoteIP Valve does take care of, is that you‘ll only get the X-Forwarded-For address in the logs. If you hit the app server directly, bypassing the device that is inserting the X-Forwarded-For header in the request, you won‘t get an IP address logged. You will still log a request—you just will not know where it came from.
Enable Access Logs in JBoss 7 and tomcat--转