On 08/06/2012 20:09, Su Zhang wrote:
> Hello,
>
> We want to check the log settings (e.g.attributes need to be logged) of
> tomcat server and then evaluate the security level for the application.
Tomcat log config and application log config are two different things.
> I am evaluating over a well-built system so what I can obtain is only its
> binary code and configuration files. Is there any way we can infer the log
> settings automatically?
Examine the application for log configuration files.
E.g. This is a typical example, for an app that uses Log4J.
myapp/WEB-INF/classes/log4j.properties
p
--
[key:62590808]
|