Re: Trying to understand How Tomcat uses Keystore for SSL

[Joleen Barker]

Perfect. Thank you for the clarification I was having a problem putting it
all together. I got it now.

-Joleen

On Mon, Nov 27, 2017 at 10:47 AM, Don Flinn <fl...@alum.mit.edu> wrote:

> Hi Joleen,
>
> My previous mail was cryptic.  Below is a fuller explanation of what I did
> to get things running.
>
> First, I'm using Tomcat 9 and the protocol for the Tomcat 8.5 and up has
> been expanded.  Chris suggested that I use PKCS12 rather than JDK keystore,
> which I have done. I'm also using the APR configuration.  So redirected
> connector that I'm using looks like:
>
>  protocol="org.apache.coyote.http11.Http11NioProtocol"
> port="8443" maxThreads="150" SSLEnabled="true">
>
> 
>  keystoreType="PKCS12"
>  certificateFile="C:/users/don/Security/domain-chain.crt"
> certificateChainFile="C:/users/don/Security/ICDTrustRoot.crt"
> type="RSA" />
> 
>
> 
>
> The domain key is the private key I used when getting the certificates from
> letsencrypt.  The certificate I got from letsencrypt I called
> domain-chain.crt. Lastly I downloaded the ICDTrustRoot.crt from the
> letsencrypt at https://letsencrypt.org/certificates.  You will notice that
> I'm using Window's syntax, which is just for the pathname where the
> certificates live.  You would use a Linux path syntax if you are running
> Linux.  You need three certificates for letsencrypt; a cert for your
> domain, one for the intermediate and finally the root certificate.
>
> What I call domain-chain.crt holds two certificates; my domain certificate
> and the intermediate.  In order to see what these were I separated them in
> a text editor and called them domaincert1.crt and the second
> domaincert2.crt
> Then I used openssl to see what was in them.  For example:
>
> openssl x509 -noout -subject -issuer -in domaincert1.crt
> this printed out
> subject= /CN=info.finwoks.com
> issuer= /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
>
> So that one was my domain cert issued by the letsencrypt intermediate
>
> The second one certificate gave
> subject= /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
> issuer= /O=Digital Signature Trust Co./CN=DST Root CA X3
>
> which is the intermediate.
>
> I downloaded the certificates using the java program mentioned in my
> previous e-mail. Depending on your particular setup, you can get the four
> items using different methods.  I would suggest that you check what the
> various certificates contain by using the ssl commands. I've also read that
> the order of the certificates should be
>
> Your domain
> Intermediate
> Known Root
>
> So that's the order I used.  A caution, in my reading I have found some
> directions not to be accurate.
>
> If what I have written is not clear, please let me know and I'll try to
> clear it up.
>
> Don
>
>
>
>
> On Mon, Nov 27, 2017 at 5:52 AM, Joleen Barker <oldenuf2no...@gmail.com>
> wrote:
>
> > Hello Don,
> >
> > I'm trying to understand these as well. I had a question regarding the
> data
> > and commands you used to display the certificate information. You wrote
> > that you used the following command to create a pkcs12 store:
> >
> > openssl pkcs12 -export -in "domain-chain.crt" -inkey "domain.key"
> -certfile
> > "ICDTrustRoot.crt" -out "MM.p12" -name tomcat -passout "pass:changeit"
> >
> > To display the 2 certs you show one example command to see the first one
> > as:
> >
> > openssl x509 -noout -subject -issuer -in domaincert1.crt subject= /CN=
> > info.finwoks.com issuer= /C=US/O=Let's Encrypt/CN=Let's Encrypt
> Authority
> > X3
> >
> > Where did the "domaincert1.crt" come from? I did not see anything in the
> > first command reference this and I was not sure how someone would know
> this
> > name and the second one called domaincert2.crt.
> >
> > Thank you,
> >
> > Joleen
> >
> > On Sun, Nov 26, 2017 at 10:35 PM, Don Flinn <fl...@alum.mit.edu> wrote:
> >
> > > IT WORKS
> > >
> > > My next question is whether the Tomcat team would want this Java
> program
> > > that does the heavy lifting for letsencrypt, which I would be happy to
> > > clean up and make available as open source.  The guts of the program
> > comes
> > > from -  http://acme4j.shredzone.org, which is under the Apache
> license.
> > >
> > > I've made a number of enhancements, e;g. a GUI front end; the ability
> to
> > do
> > > the letsencrypt authorization wit

Re: Trying to understand How Tomcat uses Keystore for SSL

[Joleen Barker]

Hello Don,

I'm trying to understand these as well. I had a question regarding the data
and commands you used to display the certificate information. You wrote
that you used the following command to create a pkcs12 store:

openssl pkcs12 -export -in "domain-chain.crt" -inkey "domain.key" -certfile
"ICDTrustRoot.crt" -out "MM.p12" -name tomcat -passout "pass:changeit"

To display the 2 certs you show one example command to see the first one as:

openssl x509 -noout -subject -issuer -in domaincert1.crt subject= /CN=
info.finwoks.com issuer= /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3

Where did the "domaincert1.crt" come from? I did not see anything in the
first command reference this and I was not sure how someone would know this
name and the second one called domaincert2.crt.

Thank you,

Joleen

On Sun, Nov 26, 2017 at 10:35 PM, Don Flinn  wrote:

> IT WORKS
>
> My next question is whether the Tomcat team would want this Java program
> that does the heavy lifting for letsencrypt, which I would be happy to
> clean up and make available as open source.  The guts of the program comes
> from -  http://acme4j.shredzone.org, which is under the Apache license.
>
> I've made a number of enhancements, e;g. a GUI front end; the ability to do
> the letsencrypt authorization without any user intervention; the ability to
> sit on an admin node retrieve and install the retrieved letsencrypt SSL
> certificates on a remote tomcat node.
>
> If the answer is yes, let me know the procedure to make it available as
> open sourcce.
>
> Don
>
> On Sun, Nov 26, 2017 at 4:54 PM, Don Flinn  wrote:
>
> > Didn't read closely enough.  The protocol that I used is no longer
> > applicable for Tomcat 9.
> >
> > Don
> >
> > On Sun, Nov 26, 2017 at 3:15 PM, Don Flinn  wrote:
> >
> >> Chris
> >>
> >> Thank you for your excellent reply and references.
> >>
> >> I've been doing a lot of reading on SSL, certificates, keys, algorithms,
> >> etc. Woo!  However I still don't have it correct.
> >>
> >> I've retrieved certificates from letsencrypt and following your
> >> suggestions did the following.
> >>
> >> Created a pkcs12 store using the following command line.
> >> openssl pkcs12 -export -in "domain-chain.crt" -inkey "domain.key"
> >> -certfile "ICDTrustRoot.crt" -out "MM.p12" -name tomcat -passout
> >> "pass:changeit"
> >>
> >> where the domain-chain.crt contains two certificates  and ICDTrustRoot
> >> contains one as shown below -
> >> PS C:\users\don\security\letsenc5> openssl x509 -noout -subject -issuer
> >> -in domaincert1.crt   (the first cert in domain-chain.crt)
> >> subject= /CN=info.finwoks.com
> >> issuer= /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
> >>
> >> PS C:\users\don\security\letsenc5> openssl x509 -noout -subject -issuer
> >> -in domaincert2.crt (the second cert in domain-chain.crt)
> >> subject= /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
> >> issuer= /O=Digital Signature Trust Co./CN=DST Root CA X3
> >>
> >> PS C:\users\don\security\letsenc4> openssl x509 -noout -subject -issuer
> >> -in ICDTrustRoot.crt
> >> subject= /O=Digital Signature Trust Co./CN=DST Root CA X3
> >> issuer= /O=Digital Signature Trust Co./CN=DST Root CA X3
> >> so I have the three certificates and the private key which is shared
> with
> >> letsencrypt called domain.key
> >> My server.xml contains:
> >>  >>sslImplementationName="org.apache.tomcat.util.net.openssl.O
> >> penSSLImplementation"
> >>port="8443"  maxThreads="200"
> >>scheme="https" secure="true" SSLEnabled="true" keystoreType="PKCS12"
> >>keystoreFile="/users/don/Security/MM.p12" keystorePass="changeit"
> >>   clientAuth="false" sslProtocol="TLS"
> >>/>
> >>
> >> However when I restart Tomcat is get the following error in the Tomcat
> >> error log and of course it fails in the handshake with the browser
> >>
> >> org.apache.catalina.core.StandardService.initInternal Failed to
> >> initialize connector [Connector[HTTP/1.1-8443]]
> >>  org.apache.catalina.LifecycleException: Failed to initialize component
> >> [Connector[HTTP/1.1-8443]]
> >> at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:112)
> >> at org.apache.catalina.core.StandardService.initInternal(Standa
> >> rdService.java:549)
> >> at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
> >> at org.apache.catalina.core.StandardServer.initInternal(Standar
> >> dServer.java:873)
> >> at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
> >> at org.apache.catalina.startup.Catalina.load(Catalina.java:606)
> >> at org.apache.catalina.startup.Catalina.load(Catalina.java:629)
> >> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> >> at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
> >> at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
> >> at java.lang.reflect.Method.invoke(Unknown Source)
> >> 

Re: Best way to find out how many DB connections that are open at any given time

[Joleen Barker]

As always, thank you Christopher, I'll take a look at the slides.

And Thank you to the other for pointing me in some directions for this.

-Joleen

On Tue, Jan 10, 2017 at 3:19 PM, Christopher Schultz <
ch...@christopherschultz.net> wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Joleen,
>
> On 1/10/17 11:10 AM, Joleen Barker wrote:
> > Hello All,
> >
> > Details: Tomcat Version: 7.0.64.0 Java Version: 1.8.0 OS: AIX 6.1
> > Database: Oracle 11
> >
> > The web application installed on the server above makes data
> > connections to run file transfers from point A to point B. The
> > default Database connection setting that are set when the
> > application server comes up are as follows:
> >
> > DataBasePoolingFlag - APACHE MaxActive - 400 MaxIdle - 20 MinIdle -
> > 10
> >
> > We had an incident where all these connections were actually used
> > up due to a script someone had that looped. I need to determine at
> > any given point in time how many DB connections exist from the web
> > application to the DB. There may be more than one way to do this. I
> > am sure there is a DB command that could be run against the schema
> > but the schema is pointed to by many servers. I am  wondering if
> > there is a java command of some kind that I could run that may tell
> > me how many connections are open at that time or possibly a tomcat
> > or apache command.
>
> This may be helpful:
>
> http://people.apache.org/~schultz/ApacheCon%20NA%202016/Monitoring%20Apa
> che%20Tomcat%20with%20JMX.pdf
>
> Slides 15-16 show you where you can find the DataSource information
> via JMX, and then later on in the presentation there are slides to
> show how you can get that information via HTTP instead of JMX. Scripts
> are provided to fetch a value at intervals, track values over time, etc.
>
> - -chris
> -BEGIN PGP SIGNATURE-
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQIcBAEBCAAGBQJYdUHCAAoJEBzwKT+lPKRY8lAP/0C6wfLboz4K2MxaHR/86moX
> sKIev9jV+wQ17n0nf1Wj1UA7GDGALye485Z2XMgIjlOaXmufVClfa3MWY07z+bv2
> R67AmDQ797jlCwTAAhpaRtB0FJmX4cd0EnJkC9r03NCH+kPRIK8G91bkgn8ehw4L
> x0jrgKO/N0UEpshNI/baPxRJRX7yr83g2ZHiKVoFAXM25rEcJNSPOkvlTkBxZ5Yv
> RCQuobinJa9X64p8beYXSkO/9wbP+b5/wcUxpewfvByK9Hits+n33/Mbq5RpKlR7
> vIHpwDJKlTo2/8ivIDHngIPiRQetlXEgwSWwN+5Fsr+V4bFSh6XnzIBAiB8SNoua
> A9m71pyOoyQhdAAQzNfWwtLPWg9jrDaIRB7bj+HnbrKnCUa4rDyWfUDm4IwanfLW
> QcDUggAgD151UstbSAQafLKJb0TBCWqHpIAvsJwCziOb6LnvtIf5xoLe7s48JZE9
> 44YfDFI4qg0NSdP59vF/Z1Ho5sveScHrcgmB03BGWVunj9caclqKOWWnJOscAVLJ
> UXQG0B6VvboLJRgKUU4/z0s1a2sOcTLRUz+H1Ib9giqLirI6NVYUSg0lEZdVm5BA
> 0Ctwd6qD7G1j8e4ZiuChC3paCA0nYVhEea0dAVHXB+ZYER89yeoBzPkZnc/vWLEe
> LO1AZaxZ2nDebk0ubBn9
> =JgPw
> -END PGP SIGNATURE-
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: Best way to find out how many DB connections that are open at any given time

[Joleen Barker]

Thank you Andre and calder.

On the AIX side this worked. I am limited also I think due to the shell. If
I use the -p tcp option it gives me a long list of counts of TCP
connections and bytes. This command gave me similar on AIX:

netstat -a|grep 1526

tcp0  0  cpmfttapt21.51186  cpmfttdbt01-vip..1526
ESTABLISHED

tcp0  0  cpmfttapt21.51198  cpmfttdbt01-vip..1526
ESTABLISHED

tcp0  0  cpmfttapt21.51211  cpmfttdbt01-vip..1526
ESTABLISHED

tcp0  0  cpmfttapt21.55213  cpmfttdbt01-vip..1526
ESTABLISHED

tcp0  0  cpmfttapt21.55214  cpmfttdbt01-vip..1526
ESTABLISHED

tcp0  0  cpmfttapt21.55215  cpmfttdbt01-vip..1526
ESTABLISHED

tcp0  0  cpmfttapt21.57493  cpmfttdbt01-vip..1526
ESTABLISHED

tcp0  0  cpmfttapt21.57495  cpmfttdbt01-vip..1526
ESTABLISHED

tcp0  0  cpmfttapt21.35153  cpmfttdbt01-vip..1526
ESTABLISHED

tcp0  0  cpmfttapt21.35154  cpmfttdbt01-vip..1526
ESTABLISHED

tcp0  0  cpmfttapt21.35157  cpmfttdbt01-vip..1526
ESTABLISHED

On Tue, Jan 10, 2017 at 12:40 PM, André Warnier (tomcat) <a...@ice-sa.com>
wrote:

> On 10.01.2017 18:06, Joleen Barker wrote:
>
>> Hi Andre - I played around a little more and ran the command netstat -a |
>> grep 1526 which is the port number and received information that looks
>> like
>> 11 connections are open at this time. Do you know what the number is that
>> follows the machine name in the forth column for example the 51186?
>>
>
> I do not know AIX. Maybe try :
> netstat -h
> and/or
> man netstat
>
> (and also try the command without the grep, to see the column headers)
>
>
>
>> netstat -a | grep 1526
>>
>> tcp0  0  cpmfttapt21.51186  cpmfttdbt01-vip..1526
>> ESTABLISHED
>>
>> tcp0  0  cpmfttapt21.51198  cpmfttdbt01-vip..1526
>> ESTABLISHED
>>
>> tcp0  0  cpmfttapt21.51211  cpmfttdbt01-vip..1526
>> ESTABLISHED
>>
>> tcp0  0  cpmfttapt21.55213  cpmfttdbt01-vip..1526
>> ESTABLISHED
>>
>> tcp0  0  cpmfttapt21.55214  cpmfttdbt01-vip..1526
>> ESTABLISHED
>>
>> tcp0  0  cpmfttapt21.55215  cpmfttdbt01-vip..1526
>> ESTABLISHED
>>
>> tcp0  0  cpmfttapt21.57493  cpmfttdbt01-vip..1526
>> ESTABLISHED
>>
>> tcp0  0  cpmfttapt21.57495  cpmfttdbt01-vip..1526
>> ESTABLISHED
>>
>> tcp0  0  cpmfttapt21.35153  cpmfttdbt01-vip..1526
>> ESTABLISHED
>>
>> tcp0  0  cpmfttapt21.35154  cpmfttdbt01-vip..1526
>> ESTABLISHED
>>
>> tcp0  0  cpmfttapt21.35157  cpmfttdbt01-vip..1526
>> ESTABLISHED
>>
>> On Tue, Jan 10, 2017 at 11:59 AM, Joleen Barker <oldenuf2no...@gmail.com>
>> wrote:
>>
>> Hello Filippo - I do not have JConsole available and the proposed idea is
>>> past my knowledge level.
>>>
>>> Hello André - This was an interesting idea but it didn't work for me. I
>>> only have the ksh available and could only use netstat -p tcp but the
>>> output didn't make sense to me.
>>>
>>> On Tue, Jan 10, 2017 at 11:24 AM, André Warnier (tomcat) <a...@ice-sa.com>
>>> wrote:
>>>
>>> On 10.01.2017 17:10, Joleen Barker wrote:
>>>>
>>>> Hello All,
>>>>>
>>>>> Details:
>>>>> Tomcat Version: 7.0.64.0
>>>>> Java Version: 1.8.0
>>>>> OS: AIX 6.1
>>>>> Database: Oracle 11
>>>>>
>>>>> The web application installed on the server above makes data
>>>>> connections
>>>>> to
>>>>> run file transfers from point A to point B. The default Database
>>>>> connection
>>>>> setting that are set when the application server comes up are as
>>>>> follows:
>>>>>
>>>>> DataBasePoolingFlag - APACHE
>>>>> MaxActive - 400
>>>>> MaxIdle - 20
>>>>> MinIdle - 10
>>>>>
>>>>> We had an incident where all these connections were actually used up
>>>>> due
>>>>> to
>>>>> a script someone had that looped. I need to determine at any given
>>>>> point
>>>>> in
>>>>> time how many DB connections exist from the web application to the DB.
>>>>> There may be more than one way to do this. I am sure there is a DB
>>>>> command
>>>>>

Re: Best way to find out how many DB connections that are open at any given time

[Joleen Barker]

Hi Andre - I played around a little more and ran the command netstat -a |
grep 1526 which is the port number and received information that looks like
11 connections are open at this time. Do you know what the number is that
follows the machine name in the forth column for example the 51186?

netstat -a | grep 1526

tcp0  0  cpmfttapt21.51186  cpmfttdbt01-vip..1526
ESTABLISHED

tcp0  0  cpmfttapt21.51198  cpmfttdbt01-vip..1526
ESTABLISHED

tcp0  0  cpmfttapt21.51211  cpmfttdbt01-vip..1526
ESTABLISHED

tcp0  0  cpmfttapt21.55213  cpmfttdbt01-vip..1526
ESTABLISHED

tcp0  0  cpmfttapt21.55214  cpmfttdbt01-vip..1526
ESTABLISHED

tcp0  0  cpmfttapt21.55215  cpmfttdbt01-vip..1526
ESTABLISHED

tcp0  0  cpmfttapt21.57493  cpmfttdbt01-vip..1526
ESTABLISHED

tcp0  0  cpmfttapt21.57495  cpmfttdbt01-vip..1526
ESTABLISHED

tcp0  0  cpmfttapt21.35153  cpmfttdbt01-vip..1526
ESTABLISHED

tcp0  0  cpmfttapt21.35154  cpmfttdbt01-vip..1526
ESTABLISHED

tcp0  0  cpmfttapt21.35157  cpmfttdbt01-vip..1526
ESTABLISHED

On Tue, Jan 10, 2017 at 11:59 AM, Joleen Barker <oldenuf2no...@gmail.com>
wrote:

> Hello Filippo - I do not have JConsole available and the proposed idea is
> past my knowledge level.
>
> Hello André - This was an interesting idea but it didn't work for me. I
> only have the ksh available and could only use netstat -p tcp but the
> output didn't make sense to me.
>
> On Tue, Jan 10, 2017 at 11:24 AM, André Warnier (tomcat) <a...@ice-sa.com>
> wrote:
>
>> On 10.01.2017 17:10, Joleen Barker wrote:
>>
>>> Hello All,
>>>
>>> Details:
>>> Tomcat Version: 7.0.64.0
>>> Java Version: 1.8.0
>>> OS: AIX 6.1
>>> Database: Oracle 11
>>>
>>> The web application installed on the server above makes data connections
>>> to
>>> run file transfers from point A to point B. The default Database
>>> connection
>>> setting that are set when the application server comes up are as follows:
>>>
>>> DataBasePoolingFlag - APACHE
>>> MaxActive - 400
>>> MaxIdle - 20
>>> MinIdle - 10
>>>
>>> We had an incident where all these connections were actually used up due
>>> to
>>> a script someone had that looped. I need to determine at any given point
>>> in
>>> time how many DB connections exist from the web application to the DB.
>>> There may be more than one way to do this. I am sure there is a DB
>>> command
>>> that could be run against the schema but the schema is pointed to by many
>>> servers. I am  wondering if there is a java command of some kind that I
>>> could run that may tell me how many connections are open at that time or
>>> possibly a tomcat or apache command.
>>>
>>> Thank you for the help in advance.
>>>
>>>
>> Hi.
>> Maybe an "out of the box" answer, not using java.
>> I don't know how the following commands fare under AIX, but on a Linux
>> system, the OS-level command :
>> ~# netstat -pan --tcp | grep ESTABLISHED
>> will show you pretty much all TCP connections that are established
>> between any process and any other, local or remote.
>>
>> Sample output :
>>
>> tcp6   0  0 127.0.0.1:45095 127.0.0.1:11002
>>  ESTABLISHED 11096/java
>> tcp6   0  0 127.0.0.1:8009  127.0.0.1:53564
>>  ESTABLISHED 2677/java
>> tcp6   0  0 127.0.0.1:8009  127.0.0.1:53677
>>  ESTABLISHED 2677/java
>> tcp6   0  0 127.0.0.1:8009  127.0.0.1:53659
>>  ESTABLISHED 2677/java
>> tcp6   0  0 127.0.0.1:8009  127.0.0.1:53656
>>  ESTABLISHED 2677/java
>> tcp6   0  0 127.0.0.1:8009  127.0.0.1:53620
>>  ESTABLISHED 2677/java
>> tcp6   0  0 127.0.0.1:8009  127.0.0.1:53608
>>  ESTABLISHED 2677/java
>> tcp6   0  0 127.0.0.1:45142 127.0.0.1:11002
>>  ESTABLISHED 11096/java
>> tcp6   0  0 127.0.0.1:43558 127.0.0.1:11002
>>  ESTABLISHED 11096/java
>> tcp6   0  0 127.0.0.1:45128 127.0.0.1:11002
>>  ESTABLISHED 11096/java
>> tcp6   0  0 127.0.0.1:45069 127.0.0.1:11002
>>  ESTABLISHED 11096/java
>>
>> I presume that you could easily find out the process-id of your Tomcat,
>> and the port number under which the database is accessed.
>> It would be a simple matter to "grep" the above and count the lines, to
>> get the answer you seem to want.
>>
>>
>>
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>
>>
>

Re: Best way to find out how many DB connections that are open at any given time

[Joleen Barker]

Hello Filippo - I do not have JConsole available and the proposed idea is
past my knowledge level.

Hello André - This was an interesting idea but it didn't work for me. I
only have the ksh available and could only use netstat -p tcp but the
output didn't make sense to me.

On Tue, Jan 10, 2017 at 11:24 AM, André Warnier (tomcat) <a...@ice-sa.com>
wrote:

> On 10.01.2017 17:10, Joleen Barker wrote:
>
>> Hello All,
>>
>> Details:
>> Tomcat Version: 7.0.64.0
>> Java Version: 1.8.0
>> OS: AIX 6.1
>> Database: Oracle 11
>>
>> The web application installed on the server above makes data connections
>> to
>> run file transfers from point A to point B. The default Database
>> connection
>> setting that are set when the application server comes up are as follows:
>>
>> DataBasePoolingFlag - APACHE
>> MaxActive - 400
>> MaxIdle - 20
>> MinIdle - 10
>>
>> We had an incident where all these connections were actually used up due
>> to
>> a script someone had that looped. I need to determine at any given point
>> in
>> time how many DB connections exist from the web application to the DB.
>> There may be more than one way to do this. I am sure there is a DB command
>> that could be run against the schema but the schema is pointed to by many
>> servers. I am  wondering if there is a java command of some kind that I
>> could run that may tell me how many connections are open at that time or
>> possibly a tomcat or apache command.
>>
>> Thank you for the help in advance.
>>
>>
> Hi.
> Maybe an "out of the box" answer, not using java.
> I don't know how the following commands fare under AIX, but on a Linux
> system, the OS-level command :
> ~# netstat -pan --tcp | grep ESTABLISHED
> will show you pretty much all TCP connections that are established between
> any process and any other, local or remote.
>
> Sample output :
>
> tcp6   0  0 127.0.0.1:45095 127.0.0.1:11002
>  ESTABLISHED 11096/java
> tcp6   0  0 127.0.0.1:8009  127.0.0.1:53564
>  ESTABLISHED 2677/java
> tcp6   0  0 127.0.0.1:8009  127.0.0.1:53677
>  ESTABLISHED 2677/java
> tcp6   0  0 127.0.0.1:8009  127.0.0.1:53659
>  ESTABLISHED 2677/java
> tcp6   0  0 127.0.0.1:8009  127.0.0.1:53656
>  ESTABLISHED 2677/java
> tcp6   0  0 127.0.0.1:8009  127.0.0.1:53620
>  ESTABLISHED 2677/java
> tcp6   0  0 127.0.0.1:8009  127.0.0.1:53608
>  ESTABLISHED 2677/java
> tcp6   0  0 127.0.0.1:45142 127.0.0.1:11002
>  ESTABLISHED 11096/java
> tcp6   0  0 127.0.0.1:43558 127.0.0.1:11002
>  ESTABLISHED 11096/java
> tcp6   0  0 127.0.0.1:45128 127.0.0.1:11002
>  ESTABLISHED 11096/java
> tcp6   0  0 127.0.0.1:45069 127.0.0.1:11002
>  ESTABLISHED 11096/java
>
> I presume that you could easily find out the process-id of your Tomcat,
> and the port number under which the database is accessed.
> It would be a simple matter to "grep" the above and count the lines, to
> get the answer you seem to want.
>
>
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Best way to find out how many DB connections that are open at any given time

[Joleen Barker]

Hello All,

Details:
Tomcat Version: 7.0.64.0
Java Version: 1.8.0
OS: AIX 6.1
Database: Oracle 11

The web application installed on the server above makes data connections to
run file transfers from point A to point B. The default Database connection
setting that are set when the application server comes up are as follows:

DataBasePoolingFlag - APACHE
MaxActive - 400
MaxIdle - 20
MinIdle - 10

We had an incident where all these connections were actually used up due to
a script someone had that looped. I need to determine at any given point in
time how many DB connections exist from the web application to the DB.
There may be more than one way to do this. I am sure there is a DB command
that could be run against the schema but the schema is pointed to by many
servers. I am  wondering if there is a java command of some kind that I
could run that may tell me how many connections are open at that time or
possibly a tomcat or apache command.

Thank you for the help in advance.

Joleen

Re: TomcatCon @ ApacheCon

[Joleen Barker]

I would like to understand garbage collections better. Such as what
instances or situations experienced someone would make a change to a
setting.

Thank you,

Joleen

On Mon, Jan 9, 2017 at 6:57 AM, Mark Thomas  wrote:

> All,
>
> There is the opportunity (if we can pull it together as a community) to
> run a dedicated Tomcat conference alongside ApacheCon NA 2017. The dates
> are May 16 to 18.
>
> The call for papers closes on Feb 11 so we have around a month to get
> organised. We'll also need to convince the conference organisers that a)
> there is a demand for this and b) we have a plan.
>
> Getting the right content is going to be critical to success. I've been
> thinking about this for a while and I think we can identify the right
> content if as many folks as possible on this list answer the following
> question:
>
> "What topic(s) need to be covered in a Tomcat conference to make it as
> easy as possible to get your employer to pay for you to attend?"
>
> We have up to three days and potentially multiple tracks so even if you
> think you have a niche requirement, please speak up. We typically have a
> number of Tomcat committers speaking at ApacheCon so finding someone to
> cover a particular topic shouldn't be too tricky. Equally, if you have a
> topic you could present on that you think others would find useful,
> speak up.
>
> Do feel free to add your +1 if someone else mentions a topic your are
> interested first. Having an idea of how popular the topics are would
> also be helpful.
>
> Also, we don't have to stick to the standard "Sit and listen to someone
> present for 40 mins" format. Discussions, workshops, hackathons are all
> possible.
>
> Some topic ideas to get the ball rolling.
>
> Hands-on workshop: Configuring TLS with Apache Tomcat
> Reverse Proxying to Apache Tomcat
> Load-balancing with Apache Tomcat
> Clustering  with Apache Tomcat
> Tomcat Clinic (like the users list but with everyone in the same room)
>
> I look forward to hearing your topic ideas.
>
> Mark
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: Configuring Tomcat to support TLSv1.2

[Joleen Barker]

Hello All,

I wanted to get back to you on this issue since working with the vendor.
Updating the SSL_VERSION parm was the correct thing to do in this case for
this product but it did not have an affect on the outgoing communications
when the application was acting at the client. There was no built in way to
set the product to use TLSv1.2 when  reaching out to the remote server. It
always used TLSv1.0 unless I had only TLSv1.2 defined in the SSL_VERSION
which we would not want to do as then we would loss the ability to support
those connecting to use using TLSv1.0 or 1.1. So it is really the way the
application is coded that caused the issue. I am waiting now for a defect
fix from the vendor. The fix will allow us to specifically program a
specific TLS version if a customer has a requirement to only allow a
specific one so it will not automatically use TLSv1.0.

Let me know if you have any questions and I will try my best to answer.

Thanks for the help again.

Joleen

On Fri, Jun 24, 2016 at 5:04 PM, Christopher Schultz <
ch...@christopherschultz.net> wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Daniel,
>
> On 6/24/16 3:42 PM, Daniel Savard wrote:
> > 2016-06-24 11:50 GMT-04:00 Joleen Barker
> > <oldenuf2no...@gmail.com>:
> >
> >> Hi Chris,
> >>
> >> The SSL_VERSION parameter was already defined by the vendor.
> >>
> >>
> > I still would delete the SSL_VERSION from the catalina.sh or
> > comment it at least and adopt the suggested approach to configure
> > everything in the server.xml file instead.
>
> I believe the SSL_VERSION isn't affecting the configuration of the
> server at all, but the application's client configuration (in its role
> as a proxy).
>
> > Without a specific definition of the SSL_VERSION, there will be no
> > constraints on the versions at this point. This SSL_VERSION
> > environment variable will bite you when you will need to upgrade
> > Tomcat to another version.
> >
> >
> >> The web application we use allows users to connect to it via FTP,
> >> FTPS, SSH, AS2, HTTPS, HTTP, etc. to transfer files through it to
> >> different back end servers. The web application is a proxy.
> >>
> >> Without me making the change to the predefined SSL_VERSION
> >> parameter that was originally configured as
> >> "-Dhttps.protocols=TLSv1" to now be configured to
> >> "-Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2" (thank you for
> >> correcting my typo) our remote party that uses and AS2 client
> >> that is locked down to only using TLSv1.2 connection could now
> >> connect to us successfully and upload a file. So with this change
> >> I was able to accomplish the client to connect to the Tomcat
> >> server. But I am unable to accomplish a successful connection
> >> when Tomcat is acting as the client to reach the remote AS2
> >> server for us to send a file to them. It appears we are not
> >> connecting to them using TLSv1.2 and therefore we are dropped. I
> >> have a ticket open with the vendor on this but they don't seem to
> >> be any help. I was trying to open the Java console on the UNIX
> >> server but I am unable to as I do not have any X11 setup. I am
> >> unable to find a command line option to set what is allowed in
> >> the Java application itself. On one of our test servers a
> >> colleague could open the console and we saw that none of the TLS
> >> options were NOT enabled and only SSLv3 was. I am not sure if
> >> this is the case with this server that I am working on that we
> >> have an outside connection open to be able to work with the
> >> outside customer.  I am unsure if this change would allow us to
> >> reach them. I didn't know what the catalina.sh TLSv1.2 change
> >> versus changing the Java application TLSv1.2 change is really
> >> responsible for. (I know enough to brake stuff...lol) The vendor
> >> is not much help. It's very frustrating so I reach out to this
> >> community and get the help I need.
> >>
> >>
> > The connection that isn't working is initiated by the web
> > application on your Tomcat server as far as I understand. If so,
> > then there is no configuration at the Tomcat level that will
> > resolve this issue. You must look at the SSL debugging info to see
> > what is going on in the negotiation with the remote party. To do
> > that, use the -Djavax.net.debug=ssl option to the JVM and look at
> > the log files (probably catalina.out) You should see the
> > handshaking protocol negotiation.
>
> +1
>
&g

Re: Configuring Tomcat to support TLSv1.2

[Joleen Barker]

Hi Chris,

The SSL_VERSION parameter was already defined by the vendor.

The web application we use allows users to connect to it via FTP, FTPS,
SSH, AS2, HTTPS, HTTP, etc. to transfer files through it to different back
end servers. The web application is a proxy.

Without me making the change to the predefined SSL_VERSION parameter that
was originally configured as "-Dhttps.protocols=TLSv1" to now be configured
to
"-Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2" (thank you for correcting my
typo) our remote party that uses and AS2 client that is locked down to only
using TLSv1.2 connection could now connect to us successfully and upload a
file. So with this change I was able to accomplish the client to connect to
the Tomcat server. But I am unable to accomplish a successful connection
when Tomcat is acting as the client to reach the remote AS2 server for us
to send a file to them. It appears we are not connecting to them using
TLSv1.2 and therefore we are dropped. I have a ticket open with the vendor
on this but they don't seem to be any help. I was trying to open the Java
console on the UNIX server but I am unable to as I do not have any X11
setup. I am unable to find a command line option to set what is allowed in
the Java application itself. On one of our test servers a colleague could
open the console and we saw that none of the TLS options were NOT enabled
and only SSLv3 was. I am not sure if this is the case with this server that
I am working on that we have an outside connection open to be able to work
with the outside customer.  I am unsure if this change would allow us to
reach them. I didn't know what the catalina.sh TLSv1.2 change versus
changing the Java application TLSv1.2 change is really responsible for. (I
know enough to brake stuff...lol) The vendor is not much help. It's very
frustrating so I reach out to this community and get the help I need.

Another interesting thing I found in my testing after the change to the
SSL_VERSION was in place was when I connected to the web application using
FTPS client using FileZilla in Debug mode to be able to see the connection
logging, not only was the key presented to the client from the server using
TLSv1.2 but the entire communication used TLSv1.2. Before the change only
the key was presented to the client using TLSv1.2 and the rest of the
communications showed TLSv1.0. So somehow the change to the SSL_VERSION
parameter allowed this. I am of course the kid that turns around and asks
"but why" :-)

-Joleen

On Fri, Jun 24, 2016 at 11:15 AM, Christopher Schultz <
ch...@christopherschultz.net> wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Daniel,
>
> On 6/22/16 12:59 AM, Daniel Savard wrote:
> > 2016-06-21 19:08 GMT-04:00 Joleen Barker
> > <oldenuf2no...@gmail.com>:
> >
> >> Hello Daniel,
> >>
> >> Thank you for your replies.
> >>
> >> Yes, I have the Java build 1.7.0_71 installed and I have the
> >> Unlimited security package installed as the application from the
> >> vendor requires it.
> >>
> >> Ok, you say never to edit the catalina,sh. I can change it back.
> >> The settings originally was SSL_VERSION="-Dhttps.protocol=TLSv1"
> >>
> >>
> > I believe this is not from the original version of the file. I have
> > no longer any Tomcat 7 installed to check this, however if I am
> > checking my Tomcat 8 catalina.sh, there is no SSL_VERSION
> > environment variable anywhere. If you are having an already
> > modified catalina.sh, it will be difficult to provide any
> > meaningful guidance.
>
> +1
>
> No SSL_VERSION environment variable is recognized by a stock Tomcat.
>
> Furthermore, the system property "https.protocols" (not that it's
> plural, and Jolene had used the singular noun) only effects the
> default configuration for HttpsURLConnection and URL.openStream calls.
>
> https://blogs.oracle.com/java-platform-group/entry/diagnosing_tls_ssl_an
> d_https
>
> >> Why is it set for only one version in the catalina.sh what is
> >> having this set to one version limiting us to?
> >>
> >>
> > It seems your catalina.sh has already been modified by someone
> > else. This doesn't look like the vanilla version of the catalina.sh
> > file.
> >
> >
> >> Our connector has this set in it:
> >>
> >> sslEnabledProtocols="TLSv1, TLSv1.1, TLSv1.2" sslProtocol="TLS"
> >>
> >> Is this all we need to allow TLSv1.2 clients to come in and for
> >> Tomcat acting as a client to go out as TLSv1.2?
> >
> > You didn't provide enough details about your connector, so, read
> > this page:
> > https://tomcat.apache.org/tomcat-7.0-

Re: Configuring Tomcat to support TLSv1.2

[Joleen Barker]

Hello Daniel,

Thank you for your replies.

Yes, I have the Java build 1.7.0_71 installed and I have the Unlimited
security package installed as the application from the vendor requires it.

Ok, you say never to edit the catalina,sh. I can change it back. The
settings originally was SSL_VERSION="-Dhttps.protocol=TLSv1"

Why is it set for only one version in the catalina.sh what is having this
set to one version limiting us to?

Our connector has this set in it:

sslEnabledProtocols="TLSv1, TLSv1.1, TLSv1.2" sslProtocol="TLS"

Is this all we need to allow TLSv1.2 clients to come in and for Tomcat
acting as a client to go out as TLSv1.2?

-Joleen



On Tue, Jun 21, 2016 at 5:53 PM, Daniel Savard <daniel.sav...@gmail.com>
wrote:

> 2016-06-21 14:12 GMT-04:00 Joleen Barker <oldenuf2no...@gmail.com>:
>
> > Hello Tomcat friends,
> >
> > I am looking for some understanding on what is happening in my
> environment
> > to make sure I am not missing anything in my settings.
> >
> > Basics:
> > 1) OS is GNU/Linux
> > 2) Java is JDK v1.7
> > 3) Tomcat 7
> >
> > First, this question has come up because we needed to allow TLSv1.2
> > connections to our application. I was looking for how someone would do
> this
> > and found 2 items. The first was to set the java https protocol to allow
> > TLSv1.2 because by default java 7 did not have this enabled. The other
> was
> > to set in Tomcat the SSL_VERSION parameter in catalina.sh. The site I
> read
> > to set the SSL_VERSION in the catalina.sh indicated the user had to do
> this
> > because his Tomcat would not talk to another Tomcat without this set.
> When
> > I went in and looked the SSL_VERSION was set to TLSv1, so I added 1.1 and
> > 1.2 with the following command:
> >
> > SSL_VERSION="-Dhttps.protocol=TLSv1,TLSv1.1,TLSv1.2"
> >
> > This change was easy to make but I learned a restart was needed for the
> > change it take place.
> >
>
> Never ever edit catalina.sh, this is bad practice and strongly discouraged.
> This file lies in the official binary distribution tree and should never
> been tempered with. There is other ways to configure properly Tomcat. If
> you change the connector properties, which is what you need to do to enable
> TLSv1.2, there is not turnaround for a restart.
>
>
> >
> > Prior to me finding the change to make above I was reading to make the
> > change for Java (not through Tomcat) I would run the command on the
> command
> > line:
> >
> > java -Dhttps.protocol=TLSv1,TLSv1.1,TLSv1.2
> >
> > no matter how I ran this the command would not be taken.
> >
> >
> Of course it would not affect another process than itself. This is totally
> useless to execute this command alone.
>
>
> > I did not think only making the change to the SSL_VERSION was enough but
> my
> > colleague decided to try connecting to the Tomcat server with an SSH
> client
> > and we received the notification that the TLSv1.2 connection was good.
> >
> > We finally were able to get a console working on the server and to our
> > surprise Java's console did not have any of the TLS versions enabled and
> > only the SSL versions.
> >
> > So I am confused here. It doesn't seem like Tomcat is relying on Java's
> > settings matching what is in the catalina.sh file and works without
> setting
> > these in the java console.
> >
> > Why is that?
> >
> > Thanks for improving my knowledge.
> >
> > -Joleen
> >
>
> You need to setup properly Tomcat othewise a setting somewhere may be
> override elsewhere. For your connector to support TLSv1.2, you need to edit
> the server.xml file and nothing else.
>
> The other thing you will need to do, is to make the necessary steps for
> your version of Java to support the TLSv1.2 if it doesn't support it yet.
> You didn't mention which version of Java 7 exactly you are using. Did you
> install the Unlimited JDK security package?
>
> Did you read the documentation on TLS/SSL?
>  http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html
>
> -
> Daniel Savard
>

Configuring Tomcat to support TLSv1.2

[Joleen Barker]

Hello Tomcat friends,

I am looking for some understanding on what is happening in my environment
to make sure I am not missing anything in my settings.

Basics:
1) OS is GNU/Linux
2) Java is JDK v1.7
3) Tomcat 7

First, this question has come up because we needed to allow TLSv1.2
connections to our application. I was looking for how someone would do this
and found 2 items. The first was to set the java https protocol to allow
TLSv1.2 because by default java 7 did not have this enabled. The other was
to set in Tomcat the SSL_VERSION parameter in catalina.sh. The site I read
to set the SSL_VERSION in the catalina.sh indicated the user had to do this
because his Tomcat would not talk to another Tomcat without this set. When
I went in and looked the SSL_VERSION was set to TLSv1, so I added 1.1 and
1.2 with the following command:

SSL_VERSION="-Dhttps.protocol=TLSv1,TLSv1.1,TLSv1.2"

This change was easy to make but I learned a restart was needed for the
change it take place.

Prior to me finding the change to make above I was reading to make the
change for Java (not through Tomcat) I would run the command on the command
line:

java -Dhttps.protocol=TLSv1,TLSv1.1,TLSv1.2

no matter how I ran this the command would not be taken.

I did not think only making the change to the SSL_VERSION was enough but my
colleague decided to try connecting to the Tomcat server with an SSH client
and we received the notification that the TLSv1.2 connection was good.

We finally were able to get a console working on the server and to our
surprise Java's console did not have any of the TLS versions enabled and
only the SSL versions.

So I am confused here. It doesn't seem like Tomcat is relying on Java's
settings matching what is in the catalina.sh file and works without setting
these in the java console.

Why is that?

Thanks for improving my knowledge.

-Joleen

RE: Understanding how to controlling what data is written to log4j appenders

[Joleen Barker]

This is great information to know. Our installations are on AIX boxes
however.

Joleen
On Mar 10, 2016 10:31 PM, "George Stanchev" <gstanc...@serena.com> wrote:

> If you run tomcat via the windows server wrapper, you can
>
> "%TOMCAT_EXE%" //US//%TOMCAT_SERVICE_NAME% --StdOutput
> "%TOMCAT_CONSOLE_LOG%" --StdError "%TOMCAT_CONSOLE_LOG%"
>
> Which will redirect the stderr and stdoout to the corresponding log files
>
> George
>
> -Original Message-
> From: Joleen Barker [mailto:oldenuf2no...@gmail.com]
> Sent: Thursday, March 10, 2016 5:48 PM
> To: Tomcat Users List <users@tomcat.apache.org>
> Subject: Re: Understanding how to controlling what data is written to
> log4j appenders
>
> Thanks for the tips. I have to use the perl program for now to accomplish
> the task for the company but l'll continue to work this for the sake of
> learning and getting this changed through to application.
>
> Joleen
> On Mar 10, 2016 7:42 PM, "Konstantin Kolinko" <knst.koli...@gmail.com>
> wrote:
>
> > 2016-03-11 2:49 GMT+03:00 Joleen Barker <oldenuf2no...@gmail.com>:
> > > I wanted to let you know that I really tried at this and feel the
> > changes I
> > > made should be working and it is a matter of the developer hard
> > > coding
> > the
> > > log messages to go to the stdout/stderr and became lazy as one of
> > > the
> > other
> > > that commented had stated. I opened a ticket with the vendor but I
> > > have
> > no
> > > idea how long it will take. So I went the route of writing a small
> > > perl script to copy the catalina.out file to a file with the same
> > > name and the date and time appended on the file name and then next I
> > > open the existing catalina.out file to clear the contents and then
> > > close it again to start the next day with a clean log file. It isn't
> > > the way I wanted to go but I ran out of time. If the vendor decides
> > > to work with me, it would be great but I have a feeling they will not
> go back and change things.
> > >
> >
> > On the logging page of the FAQ:
> > https://wiki.apache.org/tomcat/FAQ/Logging#Q10
> >
> >
> > By the way,
> > 1) It is possible to run with a debugger and put a breakpoint into
> > java.io.PrintStream.println(String).  I doubt that the PrintStream
> > class is used much anywhere except to implement System.out/System.err.
> > https://wiki.apache.org/tomcat/FAQ/Developing#Debugging
> >
> > 2) It is possible to search the class files for the message text. The
> > classes store it in UTF-8, and jar files are just zip archives.
> >
> >
> > > So are you suggesting to remove the ConsoleAppender from the
> > > log4j.properties that the vendor has in the WEB-INF/classes directory?
> >
> > Yes.
> >
> > The same for Tomcat own log configuration,
> >
> > http://tomcat.apache.org/tomcat-8.0-doc/logging.html#Considerations_fo
> > r_production_usage
> >
> > (Just mentioning for completeness. IIRC you have already reconfigured
> > Tomcat own logging.)
> >
> >
> > Best regards,
> > Konstantin Kolinko
> >
> > -
> > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> > For additional commands, e-mail: users-h...@tomcat.apache.org
> >
> >
>

Re: Understanding how to controlling what data is written to log4j appenders

[Joleen Barker]

Thanks for the tips. I have to use the perl program for now to accomplish
the task for the company but l'll continue to work this for the sake of
learning and getting this changed through to application.

Joleen
On Mar 10, 2016 7:42 PM, "Konstantin Kolinko" <knst.koli...@gmail.com>
wrote:

> 2016-03-11 2:49 GMT+03:00 Joleen Barker <oldenuf2no...@gmail.com>:
> > I wanted to let you know that I really tried at this and feel the
> changes I
> > made should be working and it is a matter of the developer hard coding
> the
> > log messages to go to the stdout/stderr and became lazy as one of the
> other
> > that commented had stated. I opened a ticket with the vendor but I have
> no
> > idea how long it will take. So I went the route of writing a small perl
> > script to copy the catalina.out file to a file with the same name and the
> > date and time appended on the file name and then next I open the existing
> > catalina.out file to clear the contents and then close it again to start
> > the next day with a clean log file. It isn't the way I wanted to go but I
> > ran out of time. If the vendor decides to work with me, it would be great
> > but I have a feeling they will not go back and change things.
> >
>
> On the logging page of the FAQ:
> https://wiki.apache.org/tomcat/FAQ/Logging#Q10
>
>
> By the way,
> 1) It is possible to run with a debugger and put a breakpoint into
> java.io.PrintStream.println(String).  I doubt that the PrintStream
> class is used much anywhere except to implement System.out/System.err.
> https://wiki.apache.org/tomcat/FAQ/Developing#Debugging
>
> 2) It is possible to search the class files for the message text. The
> classes store it in UTF-8, and jar files are just zip archives.
>
>
> > So are you suggesting to remove the ConsoleAppender from the
> > log4j.properties that the vendor has in the WEB-INF/classes directory?
>
> Yes.
>
> The same for Tomcat own log configuration,
>
> http://tomcat.apache.org/tomcat-8.0-doc/logging.html#Considerations_for_production_usage
>
> (Just mentioning for completeness. IIRC you have already reconfigured
> Tomcat own logging.)
>
>
> Best regards,
> Konstantin Kolinko
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: Understanding how to controlling what data is written to log4j appenders

[Joleen Barker]

So are you suggesting to remove the ConsoleAppender from the
log4j.properties that the vendor has in the WEB-INF/classes directory?

Joleen
On Mar 10, 2016 7:17 PM, "Konstantin Kolinko" 
wrote:

> 2016-03-08 18:43 GMT+03:00 Christopher Schultz <
> ch...@christopherschultz.net>:
> >
> > Everything that says log4j.logger.[something]=[level], stdout
> >
> > Is going to send those log messages to the "stdout" appender, which is
> > tied to System.out. You'll need to do one of two things to dig
> > yourself out:
> >
> > 1. Use swallowOutput="true" on your , which performs some
> > magic to take System.out from applications' calls and redirect it
> > elsewhere else (to the tomcat-defined loggers that can be configured
> > in Tomcat's log4j.properties file).
> >
> > 2. Change the "stdout" appender to be something other than
> > ConsoleAppender, and point it at a file on the disk.
> >
> > I'm not a fan of the first option, but it's sometimes the quickest way
> > to handle everything all at once, and usually doesn't require any
> > changes to the application's configuration.
>
> The swallowOutput option is a remedy for direct System.out.println()
> calls.  One should not expect it to work with something that gets a
> direct reference to System.out stream before Tomcat replaces it.
>
> For example, it Tomcat is reconfigured to use Log4J for its own
> logging, and one configures a ConsoleAppender for Tomcat, this
> ConsoleAppender is not affected by swallowOutput.
>
> The limitations are documented here:
>
> http://tomcat.apache.org/tomcat-8.0-doc/logging.html#Console
>
> If you do not want to log to stdout/stderr, you really must not
> configure any ConsoleAppender,.
>
> Best regards,
> Konstantin Kolinko
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: Understanding how to controlling what data is written to log4j appenders

[Joleen Barker]

Yes, I agree. I changed the file name in the default tomcat appender to be
called tomcat and the one in the log4j file in the classes is called cfcc
which makes more sense as that is the web applications context name.

I'll  keep plugging at it.

I really thank you for your help.

-Joleen

On Tue, Mar 8, 2016 at 11:52 AM, Christopher Schultz <
ch...@christopherschultz.net> wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Joleen,
>
> On 3/8/16 11:44 AM, Joleen Barker wrote:
> > Hello Christopher,
> >
> > I thank you for your comments. I had changed the swallowOutput=true
> > back when I changed the default tomcat logging to use the log4j
> > properties files. I did rename the cfcc log I had to read tomcat
> > and it comes up and captures the starting/stopping details but
> > that's about it. There were a few other things but not many. I am
> > not sure if you saw the 3rd log4j.properties set of details I
> > placed in the email I sent with my configs. That held the changes I
> > made to the vendors log4j. I left the CFCC appender in the classes
> > log4j and changed the "stdout" to read CFCC and any logging that
> > said "stdout" changed to CFCC.
> >
> > It was my hope that all the messages written would then go to my
> > cfcc log but they didn't. I did see a few regarding SSH connections
> > but that was all. The others are still going to the catalina.out.
>
> Remember that having two appenders to the same file is likely to cause
> a problem. Especially if they are from two separate log4j.properties
> files.
>
> You'll likely get two components opening the same file for writing.
> Last one wins, and you'll get zero errors.
>
> > I will continue to work on this and test.
> >
> > If there is anything you think of and want to send it my way to try
> > I will try it right away.
> >
> > I know that was very boring to read all that I posted. I thank
> > everyone for their time. If I make progress and find the missing
> > link I will send the results.
>
> Good luck. This stuff isn't always easy.
>
> - -chris
> -BEGIN PGP SIGNATURE-
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iEYEARECAAYFAlbfA2AACgkQ9CaO5/Lv0PAATgCfRXXiwJk8AeeVycCZsAHJjTKu
> uxIAmwWGQ180VdoFPxaadS33kik9xoe2
> =h5HR
> -END PGP SIGNATURE-
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: Understanding how to controlling what data is written to log4j appenders

[Joleen Barker]

Hello Christopher,

I thank you for your comments. I had changed the swallowOutput=true back
when I changed the default tomcat logging to use the log4j properties
files. I did rename the cfcc log I had to read tomcat and it comes up and
captures the starting/stopping details but that's about it. There were a
few other things but not many. I am not sure if you saw the 3rd
log4j.properties set of details I placed in the email I sent with my
configs. That held the changes I made to the vendors log4j. I left the CFCC
appender in the classes log4j and changed the "stdout" to read CFCC and any
logging that said "stdout" changed to CFCC.

It was my hope that all the messages written would then go to my cfcc log
but they didn't. I did see a few regarding SSH connections but that was
all. The others are still going to the catalina.out.

I will continue to work on this and test.

If there is anything you think of and want to send it my way to try I will
try it right away.

I know that was very boring to read all that I posted. I thank everyone for
their time. If I make progress and find the missing link I will send the
results.

-Joleen

On Tue, Mar 8, 2016 at 11:16 AM, Cris Berneburg - US 
wrote:

> Chris,
>
> -Original Message-
> From: Christopher Schultz [mailto:ch...@christopherschultz.net]
> Sent: Tuesday, March 08, 2016 10:44 AM
> To: Tomcat Users List
> Subject: Re: Understanding how to controlling what data is written to
> log4j appenders
>
> [SNIP]
>
> >> # stdout is set to be a ConsoleAppender.
> >> log4j.appender.stdout=org.apache.log4j.ConsoleAppender
> >
> > This is what is killing you, plus everything that looks like this:
> >
> > log4j.logger.com.proginet.sift.struts=${cfi.struts.logging.level}, stdou
> t
> >
> > Everything that says log4j.logger.[something]=[level], stdout
> >
> > Is going to send those log messages to the "stdout" appender, which is
> tied
> > to System.out. You'll need to do one of two things to dig yourself out:
> >
> > 1. Use swallowOutput="true" on your , which performs some magic
> to take
> > System.out from applications' calls and redirect it elsewhere else (to
> the tomcat-
> > defined loggers that can be configured in Tomcat's log4j.properties
> file).
> >
> > 2. Change the "stdout" appender to be something other than
> ConsoleAppender, and
> > point it at a file on the disk.
> >
> > I'm not a fan of the first option, but it's sometimes the quickest way
> to handle
> > everything all at once, and usually doesn't require any changes to the
> application's
> > configuration.
>
> [SNIP]
>
> >> # Set root logger level to ERROR and its only appender to stdout.
> >> log4j.rootLogger=ERROR, CFCC
> >>
> >> log4j.appender.CFCC = org.apache.log4j.DailyRollingFileAppender
> >
> > That should probably work.
> >
> > But if you removed log4j.jar from the application, only the global
> log4j.properties
> > file will be read. It's okay to have log4j.jar in the bin/ directory as
> well as your
> > webapp's WEB-INF/lib directory. The former will run/configure Tomcat's
> logging, and
> > the latter will run/configure the application's logging. In fact, if the
> application
> > initializes log4j itself (usually by creating a new PropertyConfigurator
> object), then
> > weird things can happen with the application re-defining the global
> configuration for
> > Tomcat.
> >
> > I'd recommend having two .jar files and two .properties files, just to
> be safe.
>
> Thanks for taking the time to explain these 2 concepts.  It has helped me,
> and hopefully the question's originator, understand the interaction between
> Tomcat and log4j a little better.
>
> --
> Cris Berneburg, Lead Software Engineer, CACI
>
>

Re: Understanding how to controlling what data is written to log4j appenders

[Joleen Barker]

Thank you for the idea. Worst case scenario, that is what I would have to
do but I'm hoping someone that may have more experience than myself with be
able to see that one thing I am missing. Another pair of eyes is always a
good thing.

-Joleen

On Tue, Mar 8, 2016 at 8:39 AM, Cris Berneburg - US <cberneb...@caci.com>
wrote:

> Joleen
>
> >-Original Message-----
> >From: Joleen Barker [mailto:oldenuf2no...@gmail.com]
> >Sent: Monday, March 07, 2016 3:54 PM
> >To: Tomcat Users List
> >Subject: Re: Understanding how to controlling what data is written to
> log4j appenders
> >
> >One more thing I tried was to change the parent for the rootlogger from
> CFCC to be CONSOLE to attempt to make it to where my log was not the parent
> and it still didn't change it. I am getting 0 messages in my cfcc log and
> everything still going to catalina.out.
> >
> >I know I'm so close to figuring out what little setting I am missing.
> >
> >
> >
> >On Mon, Mar 7, 2016 at 2:07 PM, Joleen Barker <oldenuf2no...@gmail.com>
> >wrote:
> >
> >> There is a comment that says:
> >>
> >> #stdout is set to be a ConsoleAppender
> >>
> >> But I changed the "stdout" that was set as the parent to CFCC so I
> >> thought then everything would go to the parent but I don't receive any
> of the logs.
> >> My cfcc log is just about empty except for the startup details. So I
> >> went ahead and changed the CATALINABASE/lib log4j.properties file name
> >> appender CFCC to go to a file named tomcat instead so I could
> >> differentiate between the application logs and the tomcat logs.
> >>
> >> Now I get the startup messages in a log called tomcat (this is fine)
> >> and not one message in my cfcc log. Even with my updated
> >> log4j.properties file sitting in the WEB-INF/classes directory so I
> >> must have something configured wrong that they are all still going to
> >> the standard Stdout/Stderr.
> >>
> >>
> >>
> >> On Mon, Mar 7, 2016 at 12:54 PM, Joleen Barker
> >> <oldenuf2no...@gmail.com>
> >> wrote:
> >>
> >>> I forgot to tell Chuck that the swallowOutput parm is set to true in
> >>> the context. When you see the vendor's log4j.properties you will see
> >>> why there were so many messages still going to the catalina.out due
> >>> to them using stdout.
> >>>
> >>> -Joleen
> >>>
> >>> On Mon, Mar 7, 2016 at 12:31 PM, Joleen Barker
> >>> <oldenuf2no...@gmail.com>
> >>> wrote:
> >>>
> >>>> Hello Christopher, Charles, and Cris,
> >>>>
> >>>> Thank you for all the responses. Thank you for the encouragement. I
> >>>> dusted off my pants and went back at it. I made changes to the
> >>>> Vendors log4j.properties file. When I really looked at it I was able
> >>>> to determine they were things I was familiar with and the layout was
> >>>> just throwing me off so I moved things around so the layout was
> >>>> similar to the default log4j.properties I had. So I think I am
> >>>> getting this a lot more. However, there are still some messages
> >>>> going to the catalina.out. I think this will answer Chucks question
> as to if the product was really using log4j.
> >>>>
> >>>> The only thing I can think of to help you understand where I am at
> >>>> is to post the different log4j.properties config files I have. So I
> >>>> will post the one I have that went in for my default Tomcat messages
> and is working fine.
> >>>>
> >>>> Updated log4j.properties file I now use in my CATALINA/lib directory
> >>>> and is my base of my understanding for the changes I made to the
> >>>> Vendor's log4j.properties file.
> >>>>
> >>>> My appender that rolls daily is CFCC and is getting most of what was
> >>>> in the catalina.out log originally (this one I was happy with):
>
> [SNIP]
>
> >>>> Below this line is my updated vendor log4j.properties file (I really
> >>>> just added my CFCC appender information and changed anything that
> >>>> read to use "stdout"  since the log4j.rootLogger was set to that to
> >>>> "CFCC" and then moved any logger and additivity to the bottom of the
> >>>> file. But I'm thinking I may need to give the Tomcat log4j CFCC
> >>>> a

Re: Understanding how to controlling what data is written to log4j appenders

[Joleen Barker]

One more thing I tried was to change the parent for the rootlogger from
CFCC to be CONSOLE to attempt to make it to where my log was not the parent
and it still didn't change it. I am getting 0 messages in my cfcc log and
everything still going to catalina.out.

I know I'm so close to figuring out what little setting I am missing.



On Mon, Mar 7, 2016 at 2:07 PM, Joleen Barker <oldenuf2no...@gmail.com>
wrote:

> There is a comment that says:
>
> #stdout is set to be a ConsoleAppender
>
> But I changed the "stdout" that was set as the parent to CFCC so I thought
> then everything would go to the parent but I don't receive any of the logs.
> My cfcc log is just about empty except for the startup details. So I went
> ahead and changed the CATALINABASE/lib log4j.properties file name appender
> CFCC to go to a file named tomcat instead so I could differentiate between
> the application logs and the tomcat logs.
>
> Now I get the startup messages in a log called tomcat (this is fine) and
> not one message in my cfcc log. Even with my updated log4j.properties file
> sitting in the WEB-INF/classes directory so I must have something
> configured wrong that they are all still going to the standard
> Stdout/Stderr.
>
>
>
> On Mon, Mar 7, 2016 at 12:54 PM, Joleen Barker <oldenuf2no...@gmail.com>
> wrote:
>
>> I forgot to tell Chuck that the swallowOutput parm is set to true in the
>> context. When you see the vendor's log4j.properties you will see why there
>> were so many messages still going to the catalina.out due to them using
>> stdout.
>>
>> -Joleen
>>
>> On Mon, Mar 7, 2016 at 12:31 PM, Joleen Barker <oldenuf2no...@gmail.com>
>> wrote:
>>
>>> Hello Christopher, Charles, and Cris,
>>>
>>> Thank you for all the responses. Thank you for the encouragement. I
>>> dusted off my pants and went back at it. I made changes to the Vendors
>>> log4j.properties file. When I really looked at it I was able to determine
>>> they were things I was familiar with and the layout was just throwing me
>>> off so I moved things around so the layout was similar to the default
>>> log4j.properties I had. So I think I am getting this a lot more. However,
>>> there are still some messages going to the catalina.out. I think this will
>>> answer Chucks question as to if the product was really using log4j.
>>>
>>> The only thing I can think of to help you understand where I am at is to
>>> post the different log4j.properties config files I have. So I will post the
>>> one I have that went in for my default Tomcat messages and is working fine.
>>>
>>> Updated log4j.properties file I now use in my CATALINA/lib directory and
>>> is my base of my understanding for the changes I made to the Vendor's
>>> log4j.properties file.
>>>
>>> My appender that rolls daily is CFCC and is getting most of what was in
>>> the catalina.out log originally (this one I was happy with):
>>>
>>> log4j.rootLogger = INFO, CATALINA
>>>
>>> # Define all the appenders
>>> log4j.appender.CATALINA = org.apache.log4j.DailyRollingFileAppender
>>> log4j.appender.CATALINA.File = ${catalina.base}/logs/catalina
>>> log4j.appender.CATALINA.Append = true
>>> log4j.appender.CATALINA.Encoding = UTF-8
>>> log4j.appender.CATALINA.DatePattern = '.'-MM-dd'.log'
>>> log4j.appender.CATALINA.layout = org.apache.log4j.PatternLayout
>>> log4j.appender.CATALINA.layout.ConversionPattern = %d [%t] %-5p %c- %m%n
>>>
>>> log4j.appender.CFCC = org.apache.log4j.DailyRollingFileAppender
>>> log4j.appender.CFCC.File = ${catalina.base}/logs/cfcc
>>> log4j.appender.CFCC.Append = true
>>> log4j.appender.CFCC.Encoding = UTF-8
>>> log4j.appender.CFCC.DatePattern = '.'-MM-dd'.log'
>>> log4j.appender.CFCC.layout = org.apache.log4j.PatternLayout
>>> log4j.appender.CFCC.layout.ConversionPattern = %d [%t] %-5p %c- %m%n
>>>
>>> log4j.appender.LOCALHOST = org.apache.log4j.DailyRollingFileAppender
>>> log4j.appender.LOCALHOST.File = ${catalina.base}/logs/localhost
>>> log4j.appender.LOCALHOST.Append = true
>>> log4j.appender.LOCALHOST.Encoding = UTF-8
>>> log4j.appender.LOCALHOST.DatePattern = '.'-MM-dd'.log'
>>> log4j.appender.LOCALHOST.layout = org.apache.log4j.PatternLayout
>>> log4j.appender.LOCALHOST.layout.ConversionPattern = %d [%t] %-5p %c- %m%n
>>>
>>> log4j.appender.MANAGER = org.apache.log4j.DailyRollingFileAppender
>>> log4j.appender.MANAGER.File = ${catalina.base}/lo

Re: Understanding how to controlling what data is written to log4j appenders

[Joleen Barker]

There is a comment that says:

#stdout is set to be a ConsoleAppender

But I changed the "stdout" that was set as the parent to CFCC so I thought
then everything would go to the parent but I don't receive any of the logs.
My cfcc log is just about empty except for the startup details. So I went
ahead and changed the CATALINABASE/lib log4j.properties file name appender
CFCC to go to a file named tomcat instead so I could differentiate between
the application logs and the tomcat logs.

Now I get the startup messages in a log called tomcat (this is fine) and
not one message in my cfcc log. Even with my updated log4j.properties file
sitting in the WEB-INF/classes directory so I must have something
configured wrong that they are all still going to the standard
Stdout/Stderr.



On Mon, Mar 7, 2016 at 12:54 PM, Joleen Barker <oldenuf2no...@gmail.com>
wrote:

> I forgot to tell Chuck that the swallowOutput parm is set to true in the
> context. When you see the vendor's log4j.properties you will see why there
> were so many messages still going to the catalina.out due to them using
> stdout.
>
> -Joleen
>
> On Mon, Mar 7, 2016 at 12:31 PM, Joleen Barker <oldenuf2no...@gmail.com>
> wrote:
>
>> Hello Christopher, Charles, and Cris,
>>
>> Thank you for all the responses. Thank you for the encouragement. I
>> dusted off my pants and went back at it. I made changes to the Vendors
>> log4j.properties file. When I really looked at it I was able to determine
>> they were things I was familiar with and the layout was just throwing me
>> off so I moved things around so the layout was similar to the default
>> log4j.properties I had. So I think I am getting this a lot more. However,
>> there are still some messages going to the catalina.out. I think this will
>> answer Chucks question as to if the product was really using log4j.
>>
>> The only thing I can think of to help you understand where I am at is to
>> post the different log4j.properties config files I have. So I will post the
>> one I have that went in for my default Tomcat messages and is working fine.
>>
>> Updated log4j.properties file I now use in my CATALINA/lib directory and
>> is my base of my understanding for the changes I made to the Vendor's
>> log4j.properties file.
>>
>> My appender that rolls daily is CFCC and is getting most of what was in
>> the catalina.out log originally (this one I was happy with):
>>
>> log4j.rootLogger = INFO, CATALINA
>>
>> # Define all the appenders
>> log4j.appender.CATALINA = org.apache.log4j.DailyRollingFileAppender
>> log4j.appender.CATALINA.File = ${catalina.base}/logs/catalina
>> log4j.appender.CATALINA.Append = true
>> log4j.appender.CATALINA.Encoding = UTF-8
>> log4j.appender.CATALINA.DatePattern = '.'-MM-dd'.log'
>> log4j.appender.CATALINA.layout = org.apache.log4j.PatternLayout
>> log4j.appender.CATALINA.layout.ConversionPattern = %d [%t] %-5p %c- %m%n
>>
>> log4j.appender.CFCC = org.apache.log4j.DailyRollingFileAppender
>> log4j.appender.CFCC.File = ${catalina.base}/logs/cfcc
>> log4j.appender.CFCC.Append = true
>> log4j.appender.CFCC.Encoding = UTF-8
>> log4j.appender.CFCC.DatePattern = '.'-MM-dd'.log'
>> log4j.appender.CFCC.layout = org.apache.log4j.PatternLayout
>> log4j.appender.CFCC.layout.ConversionPattern = %d [%t] %-5p %c- %m%n
>>
>> log4j.appender.LOCALHOST = org.apache.log4j.DailyRollingFileAppender
>> log4j.appender.LOCALHOST.File = ${catalina.base}/logs/localhost
>> log4j.appender.LOCALHOST.Append = true
>> log4j.appender.LOCALHOST.Encoding = UTF-8
>> log4j.appender.LOCALHOST.DatePattern = '.'-MM-dd'.log'
>> log4j.appender.LOCALHOST.layout = org.apache.log4j.PatternLayout
>> log4j.appender.LOCALHOST.layout.ConversionPattern = %d [%t] %-5p %c- %m%n
>>
>> log4j.appender.MANAGER = org.apache.log4j.DailyRollingFileAppender
>> log4j.appender.MANAGER.File = ${catalina.base}/logs/manager
>> log4j.appender.MANAGER.Append = true
>> log4j.appender.MANAGER.Encoding = UTF-8
>> log4j.appender.MANAGER.DatePattern = '.'-MM-dd'.log'
>> log4j.appender.MANAGER.layout = org.apache.log4j.PatternLayout
>> log4j.appender.MANAGER.layout.ConversionPattern = %d [%t] %-5p %c- %m%n
>>
>> log4j.appender.HOST-MANAGER = org.apache.log4j.DailyRollingFileAppender
>> log4j.appender.HOST-MANAGER.File = ${catalina.base}/logs/host-manager
>> log4j.appender.HOST-MANAGER.Append = true
>> log4j.appender.HOST-MANAGER.Encoding = UTF-8
>> log4j.appender.HOST-MANAGER.DatePattern = '.'-MM-dd'.log'
>> log4j.appender.HOST-MANAGER.layout = org.apache.log4j.PatternLayout
>> log4j.appender.HOST-MAN

Re: Understanding how to controlling what data is written to log4j appenders

[Joleen Barker]

I forgot to tell Chuck that the swallowOutput parm is set to true in the
context. When you see the vendor's log4j.properties you will see why there
were so many messages still going to the catalina.out due to them using
stdout.

-Joleen

On Mon, Mar 7, 2016 at 12:31 PM, Joleen Barker <oldenuf2no...@gmail.com>
wrote:

> Hello Christopher, Charles, and Cris,
>
> Thank you for all the responses. Thank you for the encouragement. I dusted
> off my pants and went back at it. I made changes to the Vendors
> log4j.properties file. When I really looked at it I was able to determine
> they were things I was familiar with and the layout was just throwing me
> off so I moved things around so the layout was similar to the default
> log4j.properties I had. So I think I am getting this a lot more. However,
> there are still some messages going to the catalina.out. I think this will
> answer Chucks question as to if the product was really using log4j.
>
> The only thing I can think of to help you understand where I am at is to
> post the different log4j.properties config files I have. So I will post the
> one I have that went in for my default Tomcat messages and is working fine.
>
> Updated log4j.properties file I now use in my CATALINA/lib directory and
> is my base of my understanding for the changes I made to the Vendor's
> log4j.properties file.
>
> My appender that rolls daily is CFCC and is getting most of what was in
> the catalina.out log originally (this one I was happy with):
>
> log4j.rootLogger = INFO, CATALINA
>
> # Define all the appenders
> log4j.appender.CATALINA = org.apache.log4j.DailyRollingFileAppender
> log4j.appender.CATALINA.File = ${catalina.base}/logs/catalina
> log4j.appender.CATALINA.Append = true
> log4j.appender.CATALINA.Encoding = UTF-8
> log4j.appender.CATALINA.DatePattern = '.'-MM-dd'.log'
> log4j.appender.CATALINA.layout = org.apache.log4j.PatternLayout
> log4j.appender.CATALINA.layout.ConversionPattern = %d [%t] %-5p %c- %m%n
>
> log4j.appender.CFCC = org.apache.log4j.DailyRollingFileAppender
> log4j.appender.CFCC.File = ${catalina.base}/logs/cfcc
> log4j.appender.CFCC.Append = true
> log4j.appender.CFCC.Encoding = UTF-8
> log4j.appender.CFCC.DatePattern = '.'-MM-dd'.log'
> log4j.appender.CFCC.layout = org.apache.log4j.PatternLayout
> log4j.appender.CFCC.layout.ConversionPattern = %d [%t] %-5p %c- %m%n
>
> log4j.appender.LOCALHOST = org.apache.log4j.DailyRollingFileAppender
> log4j.appender.LOCALHOST.File = ${catalina.base}/logs/localhost
> log4j.appender.LOCALHOST.Append = true
> log4j.appender.LOCALHOST.Encoding = UTF-8
> log4j.appender.LOCALHOST.DatePattern = '.'-MM-dd'.log'
> log4j.appender.LOCALHOST.layout = org.apache.log4j.PatternLayout
> log4j.appender.LOCALHOST.layout.ConversionPattern = %d [%t] %-5p %c- %m%n
>
> log4j.appender.MANAGER = org.apache.log4j.DailyRollingFileAppender
> log4j.appender.MANAGER.File = ${catalina.base}/logs/manager
> log4j.appender.MANAGER.Append = true
> log4j.appender.MANAGER.Encoding = UTF-8
> log4j.appender.MANAGER.DatePattern = '.'-MM-dd'.log'
> log4j.appender.MANAGER.layout = org.apache.log4j.PatternLayout
> log4j.appender.MANAGER.layout.ConversionPattern = %d [%t] %-5p %c- %m%n
>
> log4j.appender.HOST-MANAGER = org.apache.log4j.DailyRollingFileAppender
> log4j.appender.HOST-MANAGER.File = ${catalina.base}/logs/host-manager
> log4j.appender.HOST-MANAGER.Append = true
> log4j.appender.HOST-MANAGER.Encoding = UTF-8
> log4j.appender.HOST-MANAGER.DatePattern = '.'-MM-dd'.log'
> log4j.appender.HOST-MANAGER.layout = org.apache.log4j.PatternLayout
> log4j.appender.HOST-MANAGER.layout.ConversionPattern = %d [%t] %-5p %c-
> %m%n
>
> log4j.appender.CONSOLE = org.apache.log4j.ConsoleAppender
> log4j.appender.CONSOLE.Encoding = UTF-8
> log4j.appender.CONSOLE.layout = org.apache.log4j.PatternLayout
> log4j.appender.CONSOLE.layout.ConversionPattern = %d [%t] %-5p %c- %m%n
>
> # Configure which loggers log to which appenders
> log4j.logger.org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/cfcc]
> = INFO, CFCC
> log4j.logger.org.apache.catalina.core.ContainerBase.[Catalina].[localhost]
> = INFO, LOCALHOST
> log4j.logger.org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/manager]
> =\
>   INFO, MANAGER
> log4j.logger.org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/host-manager]
> =\
>   INFO, HOST-MANAGER
>
> # In order to prevent messages from being duplicated in the appenders the
> additivity flag is
> # needed to be set. What this does is prevent the child appenders from
> also sending their
> # messages to the parent appender which in our case is the CATALINA log.
> log4j.additivity.org.apache.catalina.core.C

Re: Understanding how to controlling what data is written to log4j appenders

[Joleen Barker]

R

# Optus variables
optus.logging.level=ERROR

# SSO variables
sso.logging.level=ERROR

# CFI variables
cfi.struts.logging.level=ERROR

# Set root logger level to ERROR and its only appender to stdout.
log4j.rootLogger=ERROR, CFCC

log4j.appender.CFCC = org.apache.log4j.DailyRollingFileAppender
log4j.appender.CFCC.File = ${catalina.base}/logs/cfcc
log4j.appender.CFCC.Append = true
log4j.appender.CFCC.Encoding = UTF-8
log4j.appender.CFCC.DatePattern = '.'-MM-dd'.log'
log4j.appender.CFCC.layout = org.apache.log4j.PatternLayout
log4j.appender.CFCC.layout.ConversionPattern = %d [%t] %-5p %c- %m%n

# stdout is set to be a ConsoleAppender.
log4j.appender.CONSOLE=org.apache.log4j.ConsoleAppender
log4j.appender.CONSOLE.layout=org.apache.log4j.PatternLayout
log4j.appender.CONSOLE.layout.ConversionPattern=%d{ISO8601} [%t] %-5p %c %x
- %m%n

# TradeLink is set to be a DailyRollingFileAppender.
log4j.appender.TradeLink=org.apache.log4j.DailyRollingFileAppender
log4j.appender.TradeLink.File=${cfi.trace.dir}/openbpm.html
log4j.appender.TradeLink.Append=true
log4j.appender.TradeLink.ImmediateFlush=true
log4j.appender.TradeLink.DatePattern='.'-MM-dd
log4j.appender.TradeLink.layout.Title=TradeLink
log4j.appender.TradeLink.layout=org.apache.log4j.HTMLLayout
log4j.appender.TradeLink.layout.ConversionPattern=%d{ISO8601} %-5p %c %m%n

# Crystal Reports is set to be a RollingFileAppender.
log4j.appender.jpeAppender=org.apache.log4j.RollingFileAppender
log4j.appender.jpeAppender.file=${crystal.logs.home}/jpe.log
log4j.appender.jpeAppender.ImmediateFlush=false
log4j.appender.jpeAppender.MaxBackupIndex=30
log4j.appender.jpeAppender.MaxFileSize=500KB
log4j.appender.jpeAppender.layout=org.apache.log4j.PatternLayout
log4j.appender.jpeAppender.layout.ConversionPattern=%d{dd MMM 
HH:mm:ss} [%t] %-5p %c - %m%n

# RADIUS
log4j.logger.com.proginet.sift.login.RADIUSAuthMethod=ERROR, RADIUSFile
log4j.appender.RADIUSFile=org.apache.log4j.DailyRollingFileAppender
log4j.appender.RADIUSFile.File=${cfi.trace.dir}/RADIUS-trace.txt
log4j.appender.RADIUSFile.Append=true
log4j.appender.RADIUSFile.ImmediateFlush=true
log4j.appender.RADIUSFile.DatePattern='-'-MM-dd
log4j.appender.RADIUSFile.layout=org.apache.log4j.PatternLayout
log4j.appender.RADIUSFile.layout.ConversionPattern=%d{dd MMM  HH:mm:ss}
[%t] %-5p %c - %m%n

# Configure which loggers log to which appenders
log4j.logger.comp.user=${tradelink.logging.level}, TradeLink
log4j.logger.comp.tp=${tradelink.logging.level}, TradeLink
log4j.logger.comp.doc=${tradelink.logging.level}, TradeLink
log4j.logger.comp.bpm=${tradelink.logging.level}, TradeLink
log4j.logger.comp.agent=${tradelink.logging.level}, TradeLink
log4j.logger.comp.audit=${tradelink.logging.level}, TradeLink
log4j.logger.ArchiveAgent=${tradelink.logging.level}, TradeLink
log4j.logger.util=${tradelink.logging.level}, TradeLink
log4j.logger.lib=${tradelink.logging.level}, TradeLink
log4j.logger.com.crystaldecisions.reports=ERROR, jpeAppender
log4j.logger.com.crystaldecisions.threedg=ERROR, jpeAppender
log4j.logger.com.crystaldecisions.common=ERROR, jpeAppender
log4j.logger.com.proginet.sift.struts=${cfi.struts.logging.level}, CFCC
log4j.logger.com.proginet.siftssh=ERROR, CFCC
log4j.logger.com.proginet.siftftp.cert=ERROR, CFCC
log4j.logger.com.maverick=ERROR, CFCC
log4j.logger.com.sshtools=ERROR, CFCC
log4j.logger.com.proginet.sift.hcf=${hcf.logging.level}, CFCC
log4j.logger.com.proginet.sift.optus=${optus.logging.level}, CFCC
log4j.logger.com.proginet.sift.sso=${sso.logging.level}, CFCC

# In order to prevent messages from being duplicated in the appenders the
additivity flag is
# needed to be set. What this does is prevent the child appenders from also
sending their
# messages to the parent appender which is the CFCC log.
log4j.additivity.comp.user=false
log4j.additivity.comp.tp=false
log4j.additivity.comp.doc=false
log4j.additivity.comp.bpm=false
log4j.additivity.comp.agent=false
log4j.additivity.comp.audit=false
log4j.additivity.ArchiveAgent=false
log4j.additivity.util=false
log4j.additivity.lib=false
log4j.additivity.com.proginet.sift.struts=false
log4j.additivity.com.proginet.siftssh=false
log4j.additivity.com.proginet.siftftp.cert=false
log4j.additivity.com.maverick=false
log4j.additivity.com.sshtools=false
log4j.additivity.com.proginet.sift.hcf=false
log4j.additivity.com.proginet.sift.optus=false
log4j.additivity.com.proginet.sift.sso=false


I know, it's a lot to look at. Thank you for the help.

-Joleen

On Fri, Mar 4, 2016 at 4:33 PM, Cris Berneburg - US <cberneb...@caci.com>
wrote:

> Hi Joleen
>
> -Original Message-
> From: Joleen Barker [mailto:oldenuf2no...@gmail.com]
> Sent: Thursday, March 03, 2016 11:23 PM
> To: Tomcat Users List
> Subject: Re: Understanding how to controlling what data is written to
> log4j appenders
>
> > Hello,
> >
> > I don't know if I should use a new thread or not but this is a
> continuation of this issue. I found that

Re: What would happen if there were 2 log4j.jar files in the same library

[Joleen Barker]

Thank you. I will make sure there is only one in the lib directory.

-Joleen

On Fri, Mar 4, 2016 at 9:54 AM, Chris Gamache <cgama...@gmail.com> wrote:

> Hi Joleen,
>
> You may already know most of this, but just in case:
>
> Inside or outside of tomcat, if you have two classes in the same classpath,
> both with the same class name and package name, it's often hit-or-miss
> which one will get picked. Weird things happen. And different weird things
> happen with different flavours of JVM or the same JVM make on different
> platforms.
>
> Evaluate your dependencies and eliminate the duplicates. This is often
> wickedly difficult to do manually. There are several different dependency
> management tools you can use-- Maven is my choice, but there are others
> like Ivy and Gradle. Sometimes they build and manage dependencies. Other
> times they just manage dependencies.
>
> If you need to have multiple versions of the same class inside your JVM,
> rolling them up using OSGi is a (very complicated but effective, IMO) way
> to handle that.
>
> hope this helps!
>
> CG
>
>
> On Fri, Mar 4, 2016 at 9:05 AM, Joleen Barker <oldenuf2no...@gmail.com>
> wrote:
>
> > I saw there is log4j-1.2.8-1.jar and log4j-1.2.17.jar in the WEB-INF/lib
> > directory for a web application and I wonder what happens if there are
> two
> > in the same library.
> >
> > Thank you,
> >
> > -Joleen
> >
>

What would happen if there were 2 log4j.jar files in the same library

[Joleen Barker]

I saw there is log4j-1.2.8-1.jar and log4j-1.2.17.jar in the WEB-INF/lib
directory for a web application and I wonder what happens if there are two
in the same library.

Thank you,

-Joleen

Re: Understanding how to controlling what data is written to log4j appenders

[Joleen Barker]

Hello,

I don't know if I should use a new thread or not but this is a continuation
of this issue. I found that even after my changes there was very little
being written to my new log and there were still many of the product
messages being written to the catalina.out. It has now come to my attention
that the web application contains a log4j.jar file in the /lib
directory and a log4j.properties file in the /classes directory.
This log4j.properties file has a lot more items in it and I believe is the
reason all the messages from the product are still going to the
catalina.out log.

Here I was so proud of myself for getting the logs to go to an appender and
the log rolling over as expected only to find the catalina.out still
growing with messages from the application.

I am unsure how to get these messages to be added to my log file that is
being used from the log4j.properties file that is in the CATALINA_BASE/lib
directory.

One of the other things I noticed is the vendor has a tomcat-juli.jar in
the CATALINA_BASE/lib as well as in the CATALINA_BASE/bin directory where
it should be. Would the one that is in the CATALINA_BASE/lib directory be
doing anything. Maybe it is there in error and not really effecting
anything but I don't know.

I did read in a note on the tomcat web page that gave the instructions to
use the log4j logging that the steps it had written were not needed if you
just want to use log4j in your own web application - in that case, you
would just put log4j and the log4j.properties in the WEB-INF/lib and the
WEB-INF/classes of your web application which it appears the vendor did. So
I think I would need to edit their log4j.properties file.

Am I on the right track at all here?

Would it be bad to post their log4j.properties along with mine to see how I
can edit it to have the info go to the new log?

-Joleen

On Fri, Dec 4, 2015 at 4:49 PM, Joleen Barker <oldenuf2no...@gmail.com>
wrote:

> Hello Chris,
>
> As of now I am not using JULI any longer. I am using the log4j v1.2.17.jar
>
> Eventually I will jump in to the log4j v2 users and try my hand at that.
>
> Thank you for the clarification on where to go for information. I
> completely missed seeing the log4j mailing list. Could you send me the
> url to signup for it.
>
> Have a wonderful weekend.
>
> -Joleen
>
>
>
> On Fri, Dec 4, 2015 at 1:11 PM, Christopher Schultz <
> ch...@christopherschultz.net> wrote:
>
>> Joleen,
>>
>> On 12/3/15 11:55 PM, Joleen Barker wrote:
>> > The information you gave me for the additivity was PERFECT! It did
>> exactly
>> > what I was looking for. This also really allowed me to understand what
>> > processes were writing to which log. I have the settings in place in my
>> > test environment now and if all goes well the changes will be added in
>> the
>> > production environment soon.
>>
>> Glad you are making progress.
>>
>> There are many folks here who have experience with log4j (myself and,
>> evidently, Konstantin as well), but for more thorough log4j help, you're
>> probably going to wait to go over to the log4j mailing list.
>>
>> If JULI is in the mix (the default logging framework for Tomcat) and you
>> are using logging.properties, then you want to stay /here/ for those
>> questions. Similarly, for configuration involving Tomcat's
>> container-defined loggers ("categories" in older log4j-speak), here is
>> also the best place to post.
>>
>> -chris
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>
>>
>

Re: File size >= 2GB not uploaded in application [Tomcat 7.0.54 Struts: 2.3.24 JAVA: openJDK 1.7.79]

[Joleen Barker]

I am not positive, but I thought the older browsers had a 2GB limit. The
company I worked for ran in to a similar problem and it was the result of
the browser. I think Chrome didn't have the issue and IE did. We ended up
making a note in the Known Issues of the manual about the limitation. This
is going back awhile though.

-Joleen

On Mon, Jan 18, 2016 at 7:40 AM, Christopher Schultz <
ch...@christopherschultz.net> wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Kiran,
>
> On 1/18/16 1:33 AM, Kiran Badi wrote:
> > Did you exclude your upload servlet from struts.xml ? By default
> > struts intercepts all multi part requests and this messes a lot
> > specially when you have hybrid framework when few modules are plain
> > j2ee and few are struts 2 or Spring MVc in the same app.
>
> OP states that the Filter is placed before Struts. Struts's
> interceptors fire from within Struts's Filter, so that shouldn't be a
> problem.
>
> > Are you upload less than 2gb file ?
>
> I think, ultimately, this is going to be a problem with Javascript,
> the browser (as yet unnamed), or the OP's code.
>
> - -chris
> -BEGIN PGP SIGNATURE-
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iEYEARECAAYFAlac3UcACgkQ9CaO5/Lv0PDFZQCfRt5WfvmP48UwxfM23FP0l0Uz
> 1AYAn15i3dRPe7d7nVpEU69VW66eyQnQ
> =d1St
> -END PGP SIGNATURE-
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: Understanding how to controlling what data is written to log4j appenders

[Joleen Barker]

Hello Chris,

As of now I am not using JULI any longer. I am using the log4j v1.2.17.jar

Eventually I will jump in to the log4j v2 users and try my hand at that.

Thank you for the clarification on where to go for information. I
completely missed seeing the log4j mailing list. Could you send me the url
to signup for it.

Have a wonderful weekend.

-Joleen



On Fri, Dec 4, 2015 at 1:11 PM, Christopher Schultz <
ch...@christopherschultz.net> wrote:

> Joleen,
>
> On 12/3/15 11:55 PM, Joleen Barker wrote:
> > The information you gave me for the additivity was PERFECT! It did
> exactly
> > what I was looking for. This also really allowed me to understand what
> > processes were writing to which log. I have the settings in place in my
> > test environment now and if all goes well the changes will be added in
> the
> > production environment soon.
>
> Glad you are making progress.
>
> There are many folks here who have experience with log4j (myself and,
> evidently, Konstantin as well), but for more thorough log4j help, you're
> probably going to wait to go over to the log4j mailing list.
>
> If JULI is in the mix (the default logging framework for Tomcat) and you
> are using logging.properties, then you want to stay /here/ for those
> questions. Similarly, for configuration involving Tomcat's
> container-defined loggers ("categories" in older log4j-speak), here is
> also the best place to post.
>
> -chris
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: Understanding how to controlling what data is written to log4j appenders

[Joleen Barker]

Konstantin,

The information you gave me for the additivity was PERFECT! It did exactly
what I was looking for. This also really allowed me to understand what
processes were writing to which log. I have the settings in place in my
test environment now and if all goes well the changes will be added in the
production environment soon.

Thank you.

On Thu, Dec 3, 2015 at 9:42 PM, Joleen Barker <oldenuf2no...@gmail.com>
wrote:

> Hello Konstantin,
>
> Thank you for pointing out the typo. The line is actually correct in my
> log4j.properties file and the typo happened when I typed the line in for my
> settings.
>
> I don't know what additivity flag is so I will take a look.
>
> I'll let you know how it goes.
>
> -Joleen
>
> On Thu, Dec 3, 2015 at 7:53 PM, Konstantin Kolinko <knst.koli...@gmail.com
> > wrote:
>
>> 2015-12-04 2:05 GMT+03:00 Joleen Barker <oldenuf2no...@gmail.com>:
>> > I want to have more control over what data is written to the various
>> > appenders in the log4j.properties files. I have played around with the
>> > various configurations in the log4j.properties file but I am not
>> > understanding how they are working in order to grasp how to have more
>> > control. I don't know if it would be a matter of turning off the INFO
>> > setting for the log4j.rootLogger and somehow setting individual logging
>> for
>> > each appender.
>> >
>> > Below is my environment details:
>> > 1) The tomcat version that is running is v8.0.26.0
>> > 2) The OS is a Centos v7 UNIX VM
>> > 3) Java JDK I have installed that Tomcat is using is 1.8.0_60
>> > 4) Due to the catalina.out file growing too large with the default
>> > juli.AsyncFileHandler using the logging.properties file that was found
>> in
>> > the $CATALINA_HOME/conf directory. I changed the settings on a vendors
>> > software to use the log4j logging instead. (So this is NOT my web
>> > application or product written by me.)
>>
>> None of AsyncFileHandler is responsible for catalina.out.
>>
>> The catalina.out file consumes output of ConsoleHandler.
>>
>> >
>> >
>> log4j;logger.org.apache.catalina.core,ContainerBase.[Catalina].[localhost].[/cfcc]=INFO,
>> CFCC
>> >
>>
>> The above line has a typo. s/;/./ after "log4j"
>>
>> > <...>
>>
>>
>> You need to set "additivity" flag for non-root loggers to false.
>> I have not tested, but I think it will be like this:
>>
>>
>>
>> log4j.additivity.org.apache.catalina.core,ContainerBase.[Catalina].[localhost].[/cfcc]=false
>>
>> log4j.additivity.org.apache.catalina.core.ContainerBase.[Catalina].[localhost]=false
>>
>> log4j.additivity.org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/manager]=false
>>
>> log4j.additivity.org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/host-manager]=false
>>
>>
>>
>> Documentation for Log4j 1.x:
>> [1] http://logging.apache.org/log4j/1.2/
>>
>> Guide:
>> [2] http://logging.apache.org/log4j/1.2/manual.html
>>
>> Syntax of log4j.properties file:
>> [3]
>> http://logging.apache.org/log4j/1.2/apidocs/org/apache/log4j/PropertyConfigurator.html#doConfigure%28java.lang.String,%20org.apache.log4j.spi.LoggerRepository%29
>>
>> Best regards,
>> Konstantin Kolinko
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>
>>
>

Understanding how to controlling what data is written to log4j appenders

[Joleen Barker]

I want to have more control over what data is written to the various
appenders in the log4j.properties files. I have played around with the
various configurations in the log4j.properties file but I am not
understanding how they are working in order to grasp how to have more
control. I don't know if it would be a matter of turning off the INFO
setting for the log4j.rootLogger and somehow setting individual logging for
each appender.

Below is my environment details:
1) The tomcat version that is running is v8.0.26.0
2) The OS is a Centos v7 UNIX VM
3) Java JDK I have installed that Tomcat is using is 1.8.0_60
4) Due to the catalina.out file growing too large with the default
juli.AsyncFileHandler using the logging.properties file that was found in
the $CATALINA_HOME/conf directory. I changed the settings on a vendors
software to use the log4j logging instead. (So this is NOT my web
application or product written by me.)
5) I set the swallowOutput="true" in the vendors .xml file to stop
messages for stdout and stderr from going to the catalina.out files.
6) Most messages are now going to the catalina (no extention) and/or the
localhost files which are rolled over daily when there is activity.
7) The vendors web application uses the context of cfcc. The Connector
details are found in the
\server\conf\Catalina\localhost\cfcc.xml
8) I have A LOT of duplication in the log files. I would like to change
that if I can.
9) Below are my log4j.properties settings:

log4j.rootLogger=INFO, CATALINA

# Define all the appenders
log4j.appender.CATALINA=org.apache.log4j.DailyRollingFileAppender
log4j.appender.CATALINA.File=${catalina.base}/logs/catalina
log4j.appender.CATALINA.Append=true
log4j.appender.CATALINA.Encoding=UTF-8
# Roll-over the log once per day
log4j.appender.CATALINA.DatePattern='.'-MM-dd'.log'
log4j.appender.CATALINA.layout = org.apache.log4j.PatternLayout
log4j.appender.CATALINA.layout.ConversionPattern = %d [%t] %-5p %c- %m%n

log4j.appender.CFCC=org.apache.log4j.DailyRollingFileAppender
log4j.appender.CFCC.File=${catalina.base}/logs/cfcc
log4j.appender.CFCC.Append=true
log4j.appender.CFCC.Encoding=UTF-8
log4j.appender.CFCC.DatePattern='.'-MM-dd'.log'
log4j.appender.CFCC.layout = org.apache.log4j.PatternLayout
log4j.appender.CFCC.layout.ConversionPattern = %d [%t] %-5p %c- %m%n

log4j.appender.LOCALHOST=org.apache.log4j.DailyRollingFileAppender
log4j.appender.LOCALHOST.File=${catalina.base}/logs/localhost
log4j.appender.LOCALHOST.Append=true
log4j.appender.LOCALHOST.Encoding=UTF-8
log4j.appender.LOCALHOST.DatePattern='.'-MM-dd'.log'
log4j.appender.LOCALHOST.layout = org.apache.log4j.PatternLayout
log4j.appender.LOCALHOST.layout.ConversionPattern = %d [%t] %-5p %c- %m%n

log4j.appender.MANAGER=org.apache.log4j.DailyRollingFileAppender
log4j.appender.MANAGER.File=${catalina.base}/logs/manager.
log4j.appender.MANAGER.Append=true
log4j.appender.MANAGER.Encoding=UTF-8
log4j.appender.MANAGER.DatePattern='.'-MM-dd'.log'
log4j.appender.MANAGER.layout = org.apache.log4j.PatternLayout
log4j.appender.MANAGER.layout.ConversionPattern = %d [%t] %-5p %c- %m%n

log4j.appender.HOST-MANAGER=org.apache.log4j.DailyRollingFileAppender
log4j.appender.HOST-MANAGER.File=${catalina.base}/logs/host-manager.
log4j.appender.HOST-MANAGER.Append=true
log4j.appender.HOST-MANAGER.Encoding=UTF-8
log4j.appender.HOST-MANAGER.DatePattern='.'-MM-dd'.log'
log4j.appender.HOST-MANAGER.layout = org.apache.log4j.PatternLayout
log4j.appender.HOST-MANAGER.layout.ConversionPattern = %d [%t] %-5p %c- %m%n

log4j.appender.CONSOLE=org.apache.log4j.ConsoleAppender
log4j.appender.CONSOLE.Encoding=UTF-8
log4j.appender.CONSOLE.layout = org.apache.log4j.PatternLayout
log4j.appender.CONSOLE.layout.ConversionPattern = %d [%t] %-5p %c- %m%n

# Configure which loggers log to which appenders

log4j;logger.org.apache.catalina.core,ContainerBase.[Catalina].[localhost].[/cfcc]=INFO,
CFCC

log4j.logger.org.apache.catalina.core.ContainerBase.[Catalina].[localhost]=OFF,
LOCALHOST
log4j.logger.org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/manager]=\
  INFO, MANAGER
log4j.logger.org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/host-manager]=\
  INFO, HOST-MANAGER

At this time ALL the same messages are written to the cfcc and the
localhost log files. Absolutely no difference. All the messagse that
are written to these two logs are also in the catalina log alongs with
the tomcat startup messages. I would like to separate the tomcat
startup messages from the web application messages that are written to
both the localhost and cfcc logs.

Thank you for your help in advance.

-Joleen

Re: Understanding how to controlling what data is written to log4j appenders

[Joleen Barker]

Hello Konstantin,

Thank you for pointing out the typo. The line is actually correct in my
log4j.properties file and the typo happened when I typed the line in for my
settings.

I don't know what additivity flag is so I will take a look.

I'll let you know how it goes.

-Joleen

On Thu, Dec 3, 2015 at 7:53 PM, Konstantin Kolinko <knst.koli...@gmail.com>
wrote:

> 2015-12-04 2:05 GMT+03:00 Joleen Barker <oldenuf2no...@gmail.com>:
> > I want to have more control over what data is written to the various
> > appenders in the log4j.properties files. I have played around with the
> > various configurations in the log4j.properties file but I am not
> > understanding how they are working in order to grasp how to have more
> > control. I don't know if it would be a matter of turning off the INFO
> > setting for the log4j.rootLogger and somehow setting individual logging
> for
> > each appender.
> >
> > Below is my environment details:
> > 1) The tomcat version that is running is v8.0.26.0
> > 2) The OS is a Centos v7 UNIX VM
> > 3) Java JDK I have installed that Tomcat is using is 1.8.0_60
> > 4) Due to the catalina.out file growing too large with the default
> > juli.AsyncFileHandler using the logging.properties file that was found in
> > the $CATALINA_HOME/conf directory. I changed the settings on a vendors
> > software to use the log4j logging instead. (So this is NOT my web
> > application or product written by me.)
>
> None of AsyncFileHandler is responsible for catalina.out.
>
> The catalina.out file consumes output of ConsoleHandler.
>
> >
> >
> log4j;logger.org.apache.catalina.core,ContainerBase.[Catalina].[localhost].[/cfcc]=INFO,
> CFCC
> >
>
> The above line has a typo. s/;/./ after "log4j"
>
> > <...>
>
>
> You need to set "additivity" flag for non-root loggers to false.
> I have not tested, but I think it will be like this:
>
>
>
> log4j.additivity.org.apache.catalina.core,ContainerBase.[Catalina].[localhost].[/cfcc]=false
>
> log4j.additivity.org.apache.catalina.core.ContainerBase.[Catalina].[localhost]=false
>
> log4j.additivity.org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/manager]=false
>
> log4j.additivity.org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/host-manager]=false
>
>
>
> Documentation for Log4j 1.x:
> [1] http://logging.apache.org/log4j/1.2/
>
> Guide:
> [2] http://logging.apache.org/log4j/1.2/manual.html
>
> Syntax of log4j.properties file:
> [3]
> http://logging.apache.org/log4j/1.2/apidocs/org/apache/log4j/PropertyConfigurator.html#doConfigure%28java.lang.String,%20org.apache.log4j.spi.LoggerRepository%29
>
> Best regards,
> Konstantin Kolinko
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: Tomcat catalina.out log is not rolling using log4j DailyRollingFileAppender

[Joleen Barker]

OMG!!! Finally. I feel like I can go back to the bosses with some progress.
This is all good news. Also, thanks for the correction on the "lo and
behold", I never knew that. I have to laugh at myself.

I can change the catalina file name to the name catalina.log, I think you
are right and it be less confusing.

Yes, nothing is going to catalina.out anymore.

In the production environment there is almost always activity so then the
new catalina.log file will be rollover pretty close to midnight every day.

Now I'm really excited about implementing these changes in our big test
environment that has a lot of activity. My little system at home is not
used as much so I didn't get to experience the rollover. But I learned a
lot from this experience.

I will want to build from this setup to attempting to control what data is
written where as right now there is a lot of duplicate information going to
both the catalina and localhost file but I think it would be a separate
email stream.

Thank you so much for the help Christpher.

-Joleen

On Mon, Nov 30, 2015 at 10:26 AM, Christopher Schultz <
ch...@christopherschultz.net> wrote:

> Joleen,
>
> On 11/30/15 7:32 AM, Joleen Barker wrote:
> > I will send the log4 details but I wanted to send this information first.
> > The above details for the files remained the same all this time until I
> > decided to login to the software and try to do some work. I had expected
> > the files to roll at midnight each night which I did not see. But, long
> > behold
>
> N.B. This is usually said "lo and behold". [1]
>
> > I run an ls -la command and the logs after I logged in and tried a
> > couple things on the software and it appears the logs roll over and a new
> > catalina log and localhost log started. Does some activity need to take
> > place for the logs to roll over?
>
> Yes. The documentation suggests otherwise, but the appender won't
> actually re-name the file and open a new one until it gets a write
> operation after midnight had occurred. So it's possible to entirely skip
> a day if there are no logging events that are sent to the appender. I'm
> not sure if it will re-name and re-open when an event comes /and is
> filtered/ (e.g. by a LEVEL that is too high for the logging-event) or
> only when a log message will actually be written to the file.
>
> > I thought it was supposed to be each night at midnight. Also the
> > dates of the files are a little misleading because they rolled today
> > and not on 11-25 when they started up.
>
> Right, the creation-timestamp of the new file will be the time that the
> file was created, not 00:00 at the beginning of the day when you thought
> it should be created.
>
> > Here is what I see now:
> >
> > -rw-r--r--.  root  root  24372 Nov 30 06:33 catalina
> > -rw-r--r--.  root  root  30694 Nov 25 22:49 catalina.2015-11-25.log
> > -rw-r--r--.  root  root 0 Nov 25 22:49 catalina.out
>
> So it looks like catalina.out has nothing in it anymore. That's good,
> right? Nothing is going to stderr/stdout.
>
> > -rw-r--r--.  root  root 0 Nov 25 22:49  host-manager
> > -rw-r--r--.  root  root  24372 Nov 30 06:33  localhost
> > -rw-r--r--.  root  root  31909 Nov 25 22:49  localhost.2015-11-25.log
> > -rw-r--r--.  root  root 0 Nov 25 22:49
> >  localhost_access_log.2015-11-25.txt
> > -rw-r--r--.  root  root  25988 Nov 30 06:34
> localhost_access_log.2015-11-30
> > .txt
> > -rw-r--r--.  root  root 0 Nov 25 22:49  manager
> > [root@centos7sys1 logs]# date
> > Thu Nov 30 07:27:39 EST 2015
>
> The file "catalina" (which you might want to name catalina.log or
> something, so it's less confusing) will always have the date of the
> most-recent log message written to it.
>
> Hope that helps,
> -chris
>
> [1] http://idioms.thefreedictionary.com/lo+and+behold
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: Tomcat catalina.out log is not rolling using log4j DailyRollingFileAppender

[Joleen Barker]

Hi Chris,

I will send the log4 details but I wanted to send this information first.
The above details for the files remained the same all this time until I
decided to login to the software and try to do some work. I had expected
the files to roll at midnight each night which I did not see. But, long
behold I run an ls -la command and the logs after I logged in and tried a
couple things on the software and it appears the logs roll over and a new
catalina log and localhost log started. Does some activity need to take
place for the logs to roll over? I thought it was supposed to be each night
at midnight. Also the dates of the files are a little misleading because
they rolled today and not on 11-25 when they started up.

Here is what I see now:

-rw-r--r--.  root  root  24372 Nov 30 06:33 catalina
-rw-r--r--.  root  root  30694 Nov 25 22:49 catalina.2015-11-25.log
-rw-r--r--.  root  root 0 Nov 25 22:49 catalina.out
-rw-r--r--.  root  root 0 Nov 25 22:49  host-manager
-rw-r--r--.  root  root  24372 Nov 30 06:33  localhost
-rw-r--r--.  root  root  31909 Nov 25 22:49  localhost.2015-11-25.log
-rw-r--r--.  root  root 0 Nov 25 22:49
 localhost_access_log.2015-11-25.txt
-rw-r--r--.  root  root  25988 Nov 30 06:34  localhost_access_log.2015-11-30
.txt
-rw-r--r--.  root  root 0 Nov 25 22:49  manager
[root@centos7sys1 logs]# date
Thu Nov 30 07:27:39 EST 2015

-Joleen

On Thu, Nov 26, 2015 at 1:29 PM, Christopher Schultz <
ch...@christopherschultz.net> wrote:

> Joleen,
>
> On 11/26/15 12:12 AM, Joleen Barker wrote:
> > Alas, no luck. This is what I found in my directory:
> >
> > -rw-r--r--.  root  root  30694 Nov 25 22:49 catalina
> > -rw-r--r--.  root  root 0 Nov 25 22:49 catalina.out
> > -rw-r--r--.  root  root 0 Nov 25 22:49  host-manager
> > -rw-r--r--.  root  root  31909 Nov 25 22:49  localhost
> > -rw-r--r--.  root  root 0 Nov 25 22:49
> >  localhost_access_log.2015-11-25.txt
> > -rw-r--r--.  root  root 0 Nov 25 22:49  manager
> > [root@centos7sys1 logs]# date
> > Thu Nov 26 00:07:25 EST 2015
>
> So, those two files are growing without bound? Is the date on the
> server/JVM the same as what you expect? I have some servers in UTC and
> others in America/New_York and sometimes I get confused when the dates
> roll-over at times I'm not expecting.
>
> What does your log4j configuration look like?
>
> -chris
>
> > On Wed, Nov 25, 2015 at 7:22 PM, Joleen Barker <oldenuf2no...@gmail.com>
> > wrote:
> >
> >> I changed it back to use the log4j setting as I liked it better and the
> >> boss wants the files to rollover at midnight each night. Now when I
> startup
> >> the catalina.out file is empty and the logs appear to be split between
> the
> >> catalina file (not catalina.out) and the localhost file. Some of the
> >> messages are doubled between the two files.
> >>
> >>
> >> We will see what happens now with the swallowOutput=true. I'm so excited
> >> to see what is there tomorrow morning. lol
> >>
> >> -Joleen
> >>
> >> On Wed, Nov 25, 2015 at 6:59 PM, Joleen Barker <oldenuf2no...@gmail.com
> >
> >> wrote:
> >>
> >>> Sorry. I all of a sudden noticed the swallowOutput="false" in the
> >>> cfcc.xml I had. I changed this to be true and now it appears most of
> the
> >>> messages are being written to the locahost file. I don't see any
> messages
> >>> missing. I will leave it run over night and see what happens and report
> >>> tomorrow.
> >>>
> >>> -Joleen
> >>>
> >>> On Wed, Nov 25, 2015 at 3:50 PM, Joleen Barker <
> oldenuf2no...@gmail.com>
> >>> wrote:
> >>>
> >>>> I didn't get too far. For the option b and setting the
> >>>> swallowOutput=true in right place I need to get some clarification.
> >>>>
> >>>> I was looking up more information about the swallowOutput parm so I
> >>>> understood more. In Christopher's comments he spoke about updating the
> >>>> context xml. This is where I am confused. When I think of the word
> >>>> "context" it has always referring to the vendors web page to log in
> with
> >>>> and the context set is "cfcc". There is a file named cfcc.xml in the
> >>>> /server/conf/Catalina/localhost directory. Then
> there is
> >>>> the actual context.xml file located in the
> /server/conf
> >>>> directory. I am not sure which one I would put the swallowOutput parm
> in.
> >>>> Maybe it would 

Re: Tomcat catalina.out log is not rolling using log4j DailyRollingFileAppender

[Joleen Barker]

Chris,

Here are my log4j settings. These are the same settings that have been
posted on the Tomcat web site for v6, 7, and I think 8 for users, I didn't
change anything here as it seemed like it was just supposed to roll at
midnight based on the DatePattern configurations.

log4j.rootLogger=INFO, CATALINA

# Define all the appenders
log4j.appender.CATALINA=org.apache.log4j.DailyRollingFileAppender
log4j.appender.CATALINA.File=${catalina.base}/logs/catalina.
log4j.appender.CATALINA.Append=true
log4j.appender.CATALINA.Encoding=UTF-8
# Roll-over the log once per day
log4j.appender.CATALINA.DatePattern='.'-MM-dd'.log'
log4j.appender.CATALINA.layout = org.apache.log4j.PatternLayout
log4j.appender.CATALINA.layout.ConversionPattern = %d [%t] %-5p %c- %m%n

log4j.appender.LOCALHOST=org.apache.log4j.DailyRollingFileAppender
log4j.appender.LOCALHOST.File=${catalina.base}/logs/localhost.
log4j.appender.LOCALHOST.Append=true
log4j.appender.LOCALHOST.Encoding=UTF-8
log4j.appender.LOCALHOST.DatePattern='.'-MM-dd'.log'
log4j.appender.LOCALHOST.layout = org.apache.log4j.PatternLayout
log4j.appender.LOCALHOST.layout.ConversionPattern = %d [%t] %-5p %c- %m%n

log4j.appender.MANAGER=org.apache.log4j.DailyRollingFileAppender
log4j.appender.MANAGER.File=${catalina.base}/logs/manager.
log4j.appender.MANAGER.Append=true
log4j.appender.MANAGER.Encoding=UTF-8
log4j.appender.MANAGER.DatePattern='.'-MM-dd'.log'
log4j.appender.MANAGER.layout = org.apache.log4j.PatternLayout
log4j.appender.MANAGER.layout.ConversionPattern = %d [%t] %-5p %c- %m%n

log4j.appender.HOST-MANAGER=org.apache.log4j.DailyRollingFileAppender
log4j.appender.HOST-MANAGER.File=${catalina.base}/logs/host-manager.
log4j.appender.HOST-MANAGER.Append=true
log4j.appender.HOST-MANAGER.Encoding=UTF-8
log4j.appender.HOST-MANAGER.DatePattern='.'-MM-dd'.log'
log4j.appender.HOST-MANAGER.layout = org.apache.log4j.PatternLayout
log4j.appender.HOST-MANAGER.layout.ConversionPattern = %d [%t] %-5p %c- %m%n

log4j.appender.CONSOLE=org.apache.log4j.ConsoleAppender
log4j.appender.CONSOLE.Encoding=UTF-8
log4j.appender.CONSOLE.layout = org.apache.log4j.PatternLayout
log4j.appender.CONSOLE.layout.ConversionPattern = %d [%t] %-5p %c- %m%n

# Configure which loggers log to which appenders
log4j.logger.org.apache.catalina.core.ContainerBase.[Catalina].[localhost]=INFO,
LOCALHOST
log4j.logger.org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/manager]=\
  INFO, MANAGER
log4j.logger.org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/host-manager]=\
  INFO, HOST-MANAGER


On Mon, Nov 30, 2015 at 7:32 AM, Joleen Barker <oldenuf2no...@gmail.com>
wrote:

> Hi Chris,
>
> I will send the log4 details but I wanted to send this information first.
> The above details for the files remained the same all this time until I
> decided to login to the software and try to do some work. I had expected
> the files to roll at midnight each night which I did not see. But, long
> behold I run an ls -la command and the logs after I logged in and tried a
> couple things on the software and it appears the logs roll over and a new
> catalina log and localhost log started. Does some activity need to take
> place for the logs to roll over? I thought it was supposed to be each night
> at midnight. Also the dates of the files are a little misleading because
> they rolled today and not on 11-25 when they started up.
>
> Here is what I see now:
>
> -rw-r--r--.  root  root  24372 Nov 30 06:33 catalina
> -rw-r--r--.  root  root  30694 Nov 25 22:49 catalina.2015-11-25.log
> -rw-r--r--.  root  root 0 Nov 25 22:49 catalina.out
> -rw-r--r--.  root  root 0 Nov 25 22:49  host-manager
> -rw-r--r--.  root  root  24372 Nov 30 06:33  localhost
> -rw-r--r--.  root  root  31909 Nov 25 22:49  localhost.2015-11-25.log
> -rw-r--r--.  root  root 0 Nov 25 22:49
>  localhost_access_log.2015-11-25.txt
> -rw-r--r--.  root  root  25988 Nov 30 06:34
>  localhost_access_log.2015-11-30.txt
> -rw-r--r--.  root  root 0 Nov 25 22:49  manager
> [root@centos7sys1 logs]# date
> Thu Nov 30 07:27:39 EST 2015
>
> -Joleen
>
> On Thu, Nov 26, 2015 at 1:29 PM, Christopher Schultz <
> ch...@christopherschultz.net> wrote:
>
>> Joleen,
>>
>> On 11/26/15 12:12 AM, Joleen Barker wrote:
>> > Alas, no luck. This is what I found in my directory:
>> >
>> > -rw-r--r--.  root  root  30694 Nov 25 22:49 catalina
>> > -rw-r--r--.  root  root 0 Nov 25 22:49 catalina.out
>> > -rw-r--r--.  root  root 0 Nov 25 22:49  host-manager
>> > -rw-r--r--.  root  root  31909 Nov 25 22:49  localhost
>> > -rw-r--r--.  root  root 0 Nov 25 22:49
>> >  localhost_access_log.2015-11-25.txt
>> > -rw-r--r--.  root  root 0 Nov 25 22:49  manager
>> > [root@centos7sys1

Re: Tomcat catalina.out log is not rolling using log4j DailyRollingFileAppender

[Joleen Barker]

Sorry. I all of a sudden noticed the swallowOutput="false" in the cfcc.xml
I had. I changed this to be true and now it appears most of the messages
are being written to the locahost file. I don't see any messages missing. I
will leave it run over night and see what happens and report tomorrow.

-Joleen

On Wed, Nov 25, 2015 at 3:50 PM, Joleen Barker <oldenuf2no...@gmail.com>
wrote:

> I didn't get too far. For the option b and setting the swallowOutput=true
> in right place I need to get some clarification.
>
> I was looking up more information about the swallowOutput parm so I
> understood more. In Christopher's comments he spoke about updating the
> context xml. This is where I am confused. When I think of the word
> "context" it has always referring to the vendors web page to log in with
> and the context set is "cfcc". There is a file named cfcc.xml in the
> /server/conf/Catalina/localhost directory. Then there is
> the actual context.xml file located in the /server/conf
> directory. I am not sure which one I would put the swallowOutput parm in.
> Maybe it would be both.
>
> The only items in the context.xml file that are not commented out are the
> following settings and it's a pretty small file:
>
> 
> WEB-INF/web.xml
> ${catalina.base}/conf/web.xml
> ...
> ...
> 
> ...
> ...
>  />
> 
>
> The cfcc.xml file that I have has the following:
>
> 
>  charsetMapperClass="org.apache.catalina.util.CharsetMapper"
> className="org.apache.catalina.core.StandardContext" cookies="true"
> crossContext="false" debug="0" displayName="Secure Internet File Transfer
> Web Services" docBase="/opt/mftcc730/server/webapps/cfcc"
> mapperClass="org.apache.catalina.core.StandardContextMapper" path="/cfcc"
> privileged="false" reloadable="false" swallowOutput="false"
> useHttpOnly="false" useNaming="true"
> wrapperClass="org.apache.catalina.core.StandardWrapper">
> 
> 
>  directory="/opt/mftcc730/server/logs" prefix="localhost_cfcc_"
> suffix=".txt" timestamp="true" verbosity="2"/>
>  connectionName="cfcc" connectionPassword="TgPGKAy//0gDOq2Co5UnM2AE8pM="
> connectionURL="jdbc:mysql://192.168.1.7:3306/mft730?characterEncoding=UTF8"
> debug="0" digest="SHA" driverName="com.mysql.jdbc.Driver"
> roleNameCol="RoleID" userCredCol="Passwd" userNameCol="UserID"
> userRoleTable="UsersMap" userTable="Users" validate="true"/>
>  type="javax.sql.DataSource"/>
> 
>
> Thank you.
>
> -Joleen
>
>
> On Wed, Nov 25, 2015 at 10:16 AM, Joleen Barker <oldenuf2no...@gmail.com>
> wrote:
>
>> Thank you for some direction.
>>
>> I'll go ahead and put back the logging as it was from the vendor using
>> the logging.properties file, etc. etc. so as to minimize their lack of
>> support due to me changing a lot in their product.
>>
>> Then I'll go on to try option b.
>>
>> I'll report back with how it goes.
>>
>> -Joleeb
>> Joleen,
>>
>> On 11/24/15 4:31 PM, Joleen Barker wrote:
>> > I have setup the logrotate using cron in the past and it was very
>> > successful on the Linux boxes but I could not find an equivalent setup
>> for
>> > AIX. Things seem so much easier on Linux. The company wants a universal
>> > approach so that left that option out.
>>
>> Only some things are easier on Linux.
>>
>> This may help:
>> http://www-01.ibm.com/support/docview.wss?uid=isg3T1012796
>>
>> > I did see the section you copied in from the catalina.sh file but
>> couldnt
>> > make much out from it so I left it alone.
>> >
>> > I like the sound of option b. I know where the context xml file is.
>> (Under
>> > the Catalina/localhost/.xml) Im not sure if this is what you
>> mean
>> > by descriptor.
>>
>> Yup, that's the one. Just add the swallowOutput setting and restart the
>> web application. (Or restart Tomcat if that's easier for you.)
>>
>> > If I did this would I leave the log4j config changes that I
>> > have in place that already?
>>
>> No, you wouldn't have to use log4j at all. JULI can do log-rotation as
>> well, though the options aren't as nice as log4j. Log4j is a really
>> great logging system, actually.
>>
>> -chris
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>
>>
>

Re: Tomcat catalina.out log is not rolling using log4j DailyRollingFileAppender

[Joleen Barker]

I changed it back to use the log4j setting as I liked it better and the
boss wants the files to rollover at midnight each night. Now when I startup
the catalina.out file is empty and the logs appear to be split between the
catalina file (not catalina.out) and the localhost file. Some of the
messages are doubled between the two files.


We will see what happens now with the swallowOutput=true. I'm so excited to
see what is there tomorrow morning. lol

-Joleen

On Wed, Nov 25, 2015 at 6:59 PM, Joleen Barker <oldenuf2no...@gmail.com>
wrote:

> Sorry. I all of a sudden noticed the swallowOutput="false" in the cfcc.xml
> I had. I changed this to be true and now it appears most of the messages
> are being written to the locahost file. I don't see any messages missing. I
> will leave it run over night and see what happens and report tomorrow.
>
> -Joleen
>
> On Wed, Nov 25, 2015 at 3:50 PM, Joleen Barker <oldenuf2no...@gmail.com>
> wrote:
>
>> I didn't get too far. For the option b and setting the swallowOutput=true
>> in right place I need to get some clarification.
>>
>> I was looking up more information about the swallowOutput parm so I
>> understood more. In Christopher's comments he spoke about updating the
>> context xml. This is where I am confused. When I think of the word
>> "context" it has always referring to the vendors web page to log in with
>> and the context set is "cfcc". There is a file named cfcc.xml in the
>> /server/conf/Catalina/localhost directory. Then there is
>> the actual context.xml file located in the /server/conf
>> directory. I am not sure which one I would put the swallowOutput parm in.
>> Maybe it would be both.
>>
>> The only items in the context.xml file that are not commented out are the
>> following settings and it's a pretty small file:
>>
>> 
>> WEB-INF/web.xml
>> ${catalina.base}/conf/web.xml
>> ...
>> ...
>> 
>> ...
>> ...
>> > />
>> 
>>
>> The cfcc.xml file that I have has the following:
>>
>> 
>> > charsetMapperClass="org.apache.catalina.util.CharsetMapper"
>> className="org.apache.catalina.core.StandardContext" cookies="true"
>> crossContext="false" debug="0" displayName="Secure Internet File Transfer
>> Web Services" docBase="/opt/mftcc730/server/webapps/cfcc"
>> mapperClass="org.apache.catalina.core.StandardContextMapper" path="/cfcc"
>> privileged="false" reloadable="false" swallowOutput="false"
>> useHttpOnly="false" useNaming="true"
>> wrapperClass="org.apache.catalina.core.StandardWrapper">
>> 
>> 
>> > directory="/opt/mftcc730/server/logs" prefix="localhost_cfcc_"
>> suffix=".txt" timestamp="true" verbosity="2"/>
>> > connectionName="cfcc" connectionPassword="TgPGKAy//0gDOq2Co5UnM2AE8pM="
>> connectionURL="jdbc:mysql://
>> 192.168.1.7:3306/mft730?characterEncoding=UTF8" debug="0" digest="SHA"
>> driverName="com.mysql.jdbc.Driver" roleNameCol="RoleID"
>> userCredCol="Passwd" userNameCol="UserID" userRoleTable="UsersMap"
>> userTable="Users" validate="true"/>
>> > type="javax.sql.DataSource"/>
>> 
>>
>> Thank you.
>>
>> -Joleen
>>
>>
>> On Wed, Nov 25, 2015 at 10:16 AM, Joleen Barker <oldenuf2no...@gmail.com>
>> wrote:
>>
>>> Thank you for some direction.
>>>
>>> I'll go ahead and put back the logging as it was from the vendor using
>>> the logging.properties file, etc. etc. so as to minimize their lack of
>>> support due to me changing a lot in their product.
>>>
>>> Then I'll go on to try option b.
>>>
>>> I'll report back with how it goes.
>>>
>>> -Joleeb
>>> Joleen,
>>>
>>> On 11/24/15 4:31 PM, Joleen Barker wrote:
>>> > I have setup the logrotate using cron in the past and it was very
>>> > successful on the Linux boxes but I could not find an equivalent setup
>>> for
>>> > AIX. Things seem so much easier on Linux. The company wants a universal
>>> > approach so that left that option out.
>>>
>>> Only some things are easier on Linux.
>>>
>>> This may help:
>>> http://www-01.ibm.com/support/docview.wss?uid=isg3T1012796
>>>
>>> > I did see the section you copied in from the catalina.sh file but
>>> couldnt
>>> > make much out from it so I left it alone.
>>> >
>>> > I like the sound of option b. I know where the context xml file is.
>>> (Under
>>> > the Catalina/localhost/.xml) Im not sure if this is what you
>>> mean
>>> > by descriptor.
>>>
>>> Yup, that's the one. Just add the swallowOutput setting and restart the
>>> web application. (Or restart Tomcat if that's easier for you.)
>>>
>>> > If I did this would I leave the log4j config changes that I
>>> > have in place that already?
>>>
>>> No, you wouldn't have to use log4j at all. JULI can do log-rotation as
>>> well, though the options aren't as nice as log4j. Log4j is a really
>>> great logging system, actually.
>>>
>>> -chris
>>>
>>> -
>>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>>
>>>
>>
>

Re: Tomcat catalina.out log is not rolling using log4j DailyRollingFileAppender

[Joleen Barker]

I didn't get too far. For the option b and setting the swallowOutput=true
in right place I need to get some clarification.

I was looking up more information about the swallowOutput parm so I
understood more. In Christopher's comments he spoke about updating the
context xml. This is where I am confused. When I think of the word
"context" it has always referring to the vendors web page to log in with
and the context set is "cfcc". There is a file named cfcc.xml in the
/server/conf/Catalina/localhost directory. Then there is
the actual context.xml file located in the /server/conf
directory. I am not sure which one I would put the swallowOutput parm in.
Maybe it would be both.

The only items in the context.xml file that are not commented out are the
following settings and it's a pretty small file:


WEB-INF/web.xml
${catalina.base}/conf/web.xml
...
...

...
...



The cfcc.xml file that I have has the following:










Thank you.

-Joleen


On Wed, Nov 25, 2015 at 10:16 AM, Joleen Barker <oldenuf2no...@gmail.com>
wrote:

> Thank you for some direction.
>
> I'll go ahead and put back the logging as it was from the vendor using the
> logging.properties file, etc. etc. so as to minimize their lack of support
> due to me changing a lot in their product.
>
> Then I'll go on to try option b.
>
> I'll report back with how it goes.
>
> -Joleeb
> Joleen,
>
> On 11/24/15 4:31 PM, Joleen Barker wrote:
> > I have setup the logrotate using cron in the past and it was very
> > successful on the Linux boxes but I could not find an equivalent setup
> for
> > AIX. Things seem so much easier on Linux. The company wants a universal
> > approach so that left that option out.
>
> Only some things are easier on Linux.
>
> This may help:
> http://www-01.ibm.com/support/docview.wss?uid=isg3T1012796
>
> > I did see the section you copied in from the catalina.sh file but couldnt
> > make much out from it so I left it alone.
> >
> > I like the sound of option b. I know where the context xml file is.
> (Under
> > the Catalina/localhost/.xml) Im not sure if this is what you
> mean
> > by descriptor.
>
> Yup, that's the one. Just add the swallowOutput setting and restart the
> web application. (Or restart Tomcat if that's easier for you.)
>
> > If I did this would I leave the log4j config changes that I
> > have in place that already?
>
> No, you wouldn't have to use log4j at all. JULI can do log-rotation as
> well, though the options aren't as nice as log4j. Log4j is a really
> great logging system, actually.
>
> -chris
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: Tomcat catalina.out log is not rolling using log4j DailyRollingFileAppender

[Joleen Barker]

Thank you for some direction.

I'll go ahead and put back the logging as it was from the vendor using the
logging.properties file, etc. etc. so as to minimize their lack of support
due to me changing a lot in their product.

Then I'll go on to try option b.

I'll report back with how it goes.

-Joleeb
Joleen,

On 11/24/15 4:31 PM, Joleen Barker wrote:
> I have setup the logrotate using cron in the past and it was very
> successful on the Linux boxes but I could not find an equivalent setup for
> AIX. Things seem so much easier on Linux. The company wants a universal
> approach so that left that option out.

Only some things are easier on Linux.

This may help:
http://www-01.ibm.com/support/docview.wss?uid=isg3T1012796

> I did see the section you copied in from the catalina.sh file but couldnt
> make much out from it so I left it alone.
>
> I like the sound of option b. I know where the context xml file is. (Under
> the Catalina/localhost/.xml) Im not sure if this is what you mean
> by descriptor.

Yup, that's the one. Just add the swallowOutput setting and restart the
web application. (Or restart Tomcat if that's easier for you.)

> If I did this would I leave the log4j config changes that I
> have in place that already?

No, you wouldn't have to use log4j at all. JULI can do log-rotation as
well, though the options aren't as nice as log4j. Log4j is a really
great logging system, actually.

-chris

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat catalina.out log is not rolling using log4j DailyRollingFileAppender

[Joleen Barker]

Alas, no luck. This is what I found in my directory:

-rw-r--r--.  root  root  30694 Nov 25 22:49 catalina
-rw-r--r--.  root  root 0 Nov 25 22:49 catalina.out
-rw-r--r--.  root  root 0 Nov 25 22:49  host-manager
-rw-r--r--.  root  root  31909 Nov 25 22:49  localhost
-rw-r--r--.  root  root 0 Nov 25 22:49
 localhost_access_log.2015-11-25.txt
-rw-r--r--.  root  root 0 Nov 25 22:49  manager
[root@centos7sys1 logs]# date
Thu Nov 26 00:07:25 EST 2015



On Wed, Nov 25, 2015 at 7:22 PM, Joleen Barker <oldenuf2no...@gmail.com>
wrote:

> I changed it back to use the log4j setting as I liked it better and the
> boss wants the files to rollover at midnight each night. Now when I startup
> the catalina.out file is empty and the logs appear to be split between the
> catalina file (not catalina.out) and the localhost file. Some of the
> messages are doubled between the two files.
>
>
> We will see what happens now with the swallowOutput=true. I'm so excited
> to see what is there tomorrow morning. lol
>
> -Joleen
>
> On Wed, Nov 25, 2015 at 6:59 PM, Joleen Barker <oldenuf2no...@gmail.com>
> wrote:
>
>> Sorry. I all of a sudden noticed the swallowOutput="false" in the
>> cfcc.xml I had. I changed this to be true and now it appears most of the
>> messages are being written to the locahost file. I don't see any messages
>> missing. I will leave it run over night and see what happens and report
>> tomorrow.
>>
>> -Joleen
>>
>> On Wed, Nov 25, 2015 at 3:50 PM, Joleen Barker <oldenuf2no...@gmail.com>
>> wrote:
>>
>>> I didn't get too far. For the option b and setting the
>>> swallowOutput=true in right place I need to get some clarification.
>>>
>>> I was looking up more information about the swallowOutput parm so I
>>> understood more. In Christopher's comments he spoke about updating the
>>> context xml. This is where I am confused. When I think of the word
>>> "context" it has always referring to the vendors web page to log in with
>>> and the context set is "cfcc". There is a file named cfcc.xml in the
>>> /server/conf/Catalina/localhost directory. Then there is
>>> the actual context.xml file located in the /server/conf
>>> directory. I am not sure which one I would put the swallowOutput parm in.
>>> Maybe it would be both.
>>>
>>> The only items in the context.xml file that are not commented out are
>>> the following settings and it's a pretty small file:
>>>
>>> 
>>> WEB-INF/web.xml
>>> ${catalina.base}/conf/web.xml
>>> ...
>>> ...
>>> 
>>> ...
>>> ...
>>> >> classname="org.apache.catalina.valves.CometConnectionManagerValve" />
>>> 
>>>
>>> The cfcc.xml file that I have has the following:
>>>
>>> 
>>> >> charsetMapperClass="org.apache.catalina.util.CharsetMapper"
>>> className="org.apache.catalina.core.StandardContext" cookies="true"
>>> crossContext="false" debug="0" displayName="Secure Internet File Transfer
>>> Web Services" docBase="/opt/mftcc730/server/webapps/cfcc"
>>> mapperClass="org.apache.catalina.core.StandardContextMapper" path="/cfcc"
>>> privileged="false" reloadable="false" swallowOutput="false"
>>> useHttpOnly="false" useNaming="true"
>>> wrapperClass="org.apache.catalina.core.StandardWrapper">
>>> 
>>> 
>>> >> directory="/opt/mftcc730/server/logs" prefix="localhost_cfcc_"
>>> suffix=".txt" timestamp="true" verbosity="2"/>
>>> >> connectionName="cfcc" connectionPassword="TgPGKAy//0gDOq2Co5UnM2AE8pM="
>>> connectionURL="jdbc:mysql://
>>> 192.168.1.7:3306/mft730?characterEncoding=UTF8" debug="0" digest="SHA"
>>> driverName="com.mysql.jdbc.Driver" roleNameCol="RoleID"
>>> userCredCol="Passwd" userNameCol="UserID" userRoleTable="UsersMap"
>>> userTable="Users" validate="true"/>
>>> >> type="javax.sql.DataSource"/>
>>> 
>>>
>>> Thank you.
>>>
>>> -Joleen
>>>
>>>
>>> On Wed, Nov 25, 2015 at 10:16 AM, Joleen Barker <oldenuf2no...@gmail.com
>>> > wrote:
>>>
>>>> Thank you for some direction.

Re: Tomcat catalina.out log is not rolling using log4j DailyRollingFileAppender

[Joleen Barker]

Thank you so much Christopher for all that information. I will look in to
the various options you've presented.

I have setup the logrotate using cron in the past and it was very
successful on the Linux boxes but I could not find an equivalent setup for
AIX. Things seem so much easier on Linux. The company wants a universal
approach so that left that option out.

I did see the section you copied in from the catalina.sh file but couldnt
make much out from it so I left it alone.

I like the sound of option b. I know where the context xml file is. (Under
the Catalina/localhost/.xml) Im not sure if this is what you mean
by descriptor. If I did this would I leave the log4j config changes that I
have in place that already?

-Joleen
On Nov 20, 2015 9:37 AM, "Christopher Schultz" <ch...@christopherschultz.net>
wrote:

> Joleen,
>
> On 11/19/15 3:19 PM, Joleen Barker wrote:
> > I want to say up front that I am not a developer and know enough to brake
> > some stuff. lol
>
> Lots of "only admins" on this list. Welcome.
>
> > I have a software package from a vendor that ships the tomcat web server
> > with it. Below are my environment details:
> >
> > 1) The tomcat version that is running is v8.0.26.0
> > 2) The OS is a Centos v7 UNIX VM
> > 3) Java JDK I have installed that Tomcat is using is 1.8.0_60
> > 4) The vendor has the $CATALINA_HOME and CATALINA_BASE as the same
> location
> > which is /server
> > 5) The /server directory is the place where the /lib,
> > /bin, /conf, and etc.directory's are found.
>
> Thanks for providing all that information up front.
>
> > 6) Due to the catalina.out file growing too large with the default
> > juli.AsyncFileHandler using the logging.properties file that was found in
> > the $CATALINA_HOME/conf directory. I changed it to use the log4j logging.
> > Here are the steps I did to make this happen which I found on Tomcat 8
> web
> > site:
> >
> >   a. Downloaded log4j-1.2.17.jar and placed it in
> $CATALINA_HOME/lib
> >   b. Downloaded from the Tomcat extras web page for Tomcat 8 the
> > tomcat-juli-adapters.jar and the tomcat-juli.jar.
> >   c. Deleted the old tomcat-juli.jar out of the
> $CATALINA_HOME/bin
> > directory.
> >   d. Placed the new tomcat-juli.jar file and the
> > tomcat-juli-adapters.jar file in to the $CATALINA_HOME/bin directory.
> >   e. Deleted the old logging.properties file from the
> > $CATALINA_HOME/conf directory.
> >f. Created the log4j.properties file in the $CATALINA_HOME/lib
> > directory and copied the settings that are shown on the Tomcat 8 logging
> > web page that has been there for Tomcat 7 logging web page too that
> > everyone is familiar with. Here is the url just incase:
> > https://tomcat.apache.org/tomcat-8.0-doc/logging.html
> >
> > I know the log4j.properties files is being used as I made 2 changes to
> the
> > config file that were taken. One changes was to actually verify the
> > log4j.properties file was being used, which was changed the word INFO to
> > OFF for localhost file messages being written by editing the following
> line
> > at the bottom of the log4j.properties file:
> >
> >
> log4j.logger.org.apache.catalina,core.ConainerBase.[Catalina].[localhost] =
> > OFF, LOCALHOST
> >
> > The other change I made was I changed the file name in the following line
> > to read catalina.out instead of catalina:
> > log4j.appender,CATALINA.File = ${catalina.base}/logs/catalina.out
> >
> > The reason I did this was I thought the daily roll that was supposed to
> > take place at midnight would occur on the file that was named catalina
> and
> > not on the file that was named catalina.out. All the INFO messages being
> > written to the file named catalina were also being written to the
> > catalina.out file which was the one I wanted to roll daily anyway so I
> > thought this change would be fine.
> >
> > I stopped tomcat and cleared all the logs out and left the server to run
> > over night. (It is still running now) and it appears the roll did not
> take
> > place. What I woke up to was everything you see below found in the
> > $CATALINA_HOME/logs directory except for the one file written today which
> > was due to me logging in to the web application that the vendor supports
> so
> > I could verify I could still login and use the software:
> >
> > -rw-r--r--.  root  root  33003 Nov 18 21:03 catalina.out
> > -rw-r--r--.  root  root 0 Nov 18 21:03 host-manager
> > -rw-r--r--.  root  root 0 Nov 18 21:03 localhost
> >

Tomcat catalina.out log is not rolling using log4j DailyRollingFileAppender

[Joleen Barker]

I want to say up front that I am not a developer and know enough to brake
some stuff. lol

I have a software package from a vendor that ships the tomcat web server
with it. Below are my environment details:

1) The tomcat version that is running is v8.0.26.0
2) The OS is a Centos v7 UNIX VM
3) Java JDK I have installed that Tomcat is using is 1.8.0_60
4) The vendor has the $CATALINA_HOME and CATALINA_BASE as the same location
which is /server
5) The /server directory is the place where the /lib,
/bin, /conf, and etc.directory's are found.
6) Due to the catalina.out file growing too large with the default
juli.AsyncFileHandler using the logging.properties file that was found in
the $CATALINA_HOME/conf directory. I changed it to use the log4j logging.
Here are the steps I did to make this happen which I found on Tomcat 8 web
site:

  a. Downloaded log4j-1.2.17.jar and placed it in $CATALINA_HOME/lib
  b. Downloaded from the Tomcat extras web page for Tomcat 8 the
tomcat-juli-adapters.jar and the tomcat-juli.jar.
  c. Deleted the old tomcat-juli.jar out of the $CATALINA_HOME/bin
directory.
  d. Placed the new tomcat-juli.jar file and the
tomcat-juli-adapters.jar file in to the $CATALINA_HOME/bin directory.
  e. Deleted the old logging.properties file from the
$CATALINA_HOME/conf directory.
   f. Created the log4j.properties file in the $CATALINA_HOME/lib
directory and copied the settings that are shown on the Tomcat 8 logging
web page that has been there for Tomcat 7 logging web page too that
everyone is familiar with. Here is the url just incase:
https://tomcat.apache.org/tomcat-8.0-doc/logging.html

I know the log4j.properties files is being used as I made 2 changes to the
config file that were taken. One changes was to actually verify the
log4j.properties file was being used, which was changed the word INFO to
OFF for localhost file messages being written by editing the following line
at the bottom of the log4j.properties file:

log4j.logger.org.apache.catalina,core.ConainerBase.[Catalina].[localhost] =
OFF, LOCALHOST

The other change I made was I changed the file name in the following line
to read catalina.out instead of catalina:
log4j.appender,CATALINA.File = ${catalina.base}/logs/catalina.out

The reason I did this was I thought the daily roll that was supposed to
take place at midnight would occur on the file that was named catalina and
not on the file that was named catalina.out. All the INFO messages being
written to the file named catalina were also being written to the
catalina.out file which was the one I wanted to roll daily anyway so I
thought this change would be fine.

I stopped tomcat and cleared all the logs out and left the server to run
over night. (It is still running now) and it appears the roll did not take
place. What I woke up to was everything you see below found in the
$CATALINA_HOME/logs directory except for the one file written today which
was due to me logging in to the web application that the vendor supports so
I could verify I could still login and use the software:

-rw-r--r--.  root  root  33003 Nov 18 21:03 catalina.out
-rw-r--r--.  root  root 0 Nov 18 21:03 host-manager
-rw-r--r--.  root  root 0 Nov 18 21:03 localhost
-rw-r--r--.  root  root 0 Nov 18 21:03
localhost_access_log.2015-11-18.txt
-rw-r--r--.  root  root2498 Nov 19 13:23
localhost_access_log.2015-11-19.txt
-rw-r--r--.  root  root 0 Nov 18 21:03 manager

I don't know what I am missing from the configs to make the catalina.out
file roll each day at midnight. Some help would be greatly appreciated.

Also, no I cannot contact the vendor as they just tell me to hire a
professional. So I am the professional.

And, no I don't want to use the RollingFileAppender as I need the roll over
to be based on day and not the size of catalina.out.

I do see when the application starts and in the catalina.out it records the
following which I don't know if it should read something else for the log4j
logging to be used:

-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager

I'm digging and don't know where else to look and am probably not looking
in the right places.

Any Help is greatly appreciated. I think I am close.