tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: Logging all traffics to Tomcat servers
Date Thu, 17 Dec 2009 21:51:00 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Fidelis,

On 12/17/2009 3:42 PM, Fidelis Mnyanyi wrote:
> Thanks Konstantin for your response. I tried to use AccessLogValve,
> but noticed I can only capture successful logins. I would like to be
> able to capture all unsuccessful attempts as well for security-audit
> reasons, is this possible through Tomcat?

Really? Tomcat doesn't log requests to j_security_check through
AccessLogValve?

Note that AccessLogValve will not directly log "failed logins": it only
logs HTTP requests and their statuses, etc. You will have to deduce from
the status code what happened during the request.

If you want to actually log failed logins, you'll need to use something
other than the standard realms Tomcat provides (except maybe
JAASRealm... I've never used that one but it appears that it is much
more flexible than the other realm implementations).

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAksqp8QACgkQ9CaO5/Lv0PATzACghn0Apk8uew1/et9QUK6t2HTW
InoAnAzcwEbLLnxwIfDUgLJUfwPdivrJ
=btRk
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message