tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jmpaul012 <>
Subject Re: Tomcat Logging and HTTP Header question
Date Fri, 02 Dec 2011 18:12:20 GMT

Sorry I didn't mean to ask the questions as though this forum is my private
consulting firm.  I have done everything I could before I posted on this
forum.  I have searched google, experts exchange, asked coworkers, and asked
my previous Tomcat professor.  I will use your suggestions and I hope I can
figure this out.  Thanks!

Christopher Schultz-2 wrote:
> Hash: SHA1
> To whom it may concern,
> On 12/2/11 12:10 PM, jmpaul012 wrote:
>>> So I am doing Tomcat STIGS and I am stuck on two of the STIGs.
>>> 1.  How do I change what tomcat logs?  I think it's something I
>>> need to do in server.xml but I'm not sure.
> What have you tried so far? This is a community mailing list, not a
> consulting agency. We're here to help, not to do things for you.
>>> This is what I need to log:
>>> • Date, Time • IP address of the host that initiated the request 
>>> • User ID supplied for HTTP authentication • HTTP Method • URL in
>>> the request • The protocol and protocol version used to make the
>>> request • Source and destination port numbers • Status codes for
>>> the response • Size of the response in bytes • HTTP Status and
>>> Referrer for the following events:
> That sounds a lot like an HTTP access log. Have you looked through the
> "logging" documentation for your version of Tomcat for how to do
> access logging?
>>> - Successful and unsuccessful attempts to access the web server
>>> software.
> Depends upon your definition of "successful", "attempt", and "access".
>>> - Successful and unsuccessful attempts to access the web site.
> Ditto.
>>> - Successful and unsuccessful attempts to access the web
>>> application.
> Ditto.
>>> 2. How do I view/change the HTTP header information of an
>>> intranet site that is using Tomcat?  I have to make sure the HTTP
>>> header does not show information about the web server which would
>>> include, web server product, version, or host operating system
> Generally speaking, it's nice to post different questions in separate
> threads. It's not a huge deal, but it makes following a conversation
> easier for others.
> Anyhow, you are looking for changing the "Server" response header,
> right? That's in the documentation as well, but it might not be the
> easiest thing to find. See below.
> Since you are looking at securing Tomcat, you might want to have a
> look at the "Security Considerations" section of the Tomcat User Guide:
> (Make sure you use the right version -- I chose TC 7 because you never
> told us what you were running).
> Hope that helps,
> - -chris
> Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
> Comment: GPGTools -
> Comment: Using GnuPG with Mozilla -
> iEYEARECAAYFAk7ZDaoACgkQ9CaO5/Lv0PB8QACgvfmekninLwMlIuafcwsG2WZ4
> HnAAni9XbJ15C0/wv0RgiJuCaZavt/wQ
> =GVw2
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

View this message in context:
Sent from the Tomcat - User mailing list archive at

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message