Sorry I didn't mean to ask the questions as though this forum is my private
consulting firm. I have done everything I could before I posted on this
forum. I have searched google, experts exchange, asked coworkers, and asked
my previous Tomcat professor. I will use your suggestions and I hope I can
figure this out. Thanks!
Christopher Schultz-2 wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> To whom it may concern,
>
> On 12/2/11 12:10 PM, jmpaul012 wrote:
>>> So I am doing Tomcat STIGS and I am stuck on two of the STIGs.
>>>
>>> 1. How do I change what tomcat logs? I think it's something I
>>> need to do in server.xml but I'm not sure.
>
> What have you tried so far? This is a community mailing list, not a
> consulting agency. We're here to help, not to do things for you.
>
>>> This is what I need to log:
>>>
>>> • Date, Time • IP address of the host that initiated the request
>>> • User ID supplied for HTTP authentication • HTTP Method • URL in
>>> the request • The protocol and protocol version used to make the
>>> request • Source and destination port numbers • Status codes for
>>> the response • Size of the response in bytes • HTTP Status and
>>> Referrer for the following events:
>
> That sounds a lot like an HTTP access log. Have you looked through the
> "logging" documentation for your version of Tomcat for how to do
> access logging?
>
>>> - Successful and unsuccessful attempts to access the web server
>>> software.
>
> Depends upon your definition of "successful", "attempt", and "access".
>
>>> - Successful and unsuccessful attempts to access the web site.
>
> Ditto.
>
>>> - Successful and unsuccessful attempts to access the web
>>> application.
>
> Ditto.
>
>>> 2. How do I view/change the HTTP header information of an
>>> intranet site that is using Tomcat? I have to make sure the HTTP
>>> header does not show information about the web server which would
>>> include, web server product, version, or host operating system
>
> Generally speaking, it's nice to post different questions in separate
> threads. It's not a huge deal, but it makes following a conversation
> easier for others.
>
> Anyhow, you are looking for changing the "Server" response header,
> right? That's in the documentation as well, but it might not be the
> easiest thing to find. See below.
>
> Since you are looking at securing Tomcat, you might want to have a
> look at the "Security Considerations" section of the Tomcat User Guide:
> http://tomcat.apache.org/tomcat-7.0-doc/security-howto.html
>
> (Make sure you use the right version -- I chose TC 7 because you never
> told us what you were running).
>
> Hope that helps,
> - -chris
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAk7ZDaoACgkQ9CaO5/Lv0PB8QACgvfmekninLwMlIuafcwsG2WZ4
> HnAAni9XbJ15C0/wv0RgiJuCaZavt/wQ
> =GVw2
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
>
--
View this message in context: http://old.nabble.com/Tomcat-Logging-and-HTTP-Header-question-tp32892450p32904101.html
Sent from the Tomcat - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
|