On 11/9/2012 6:04 AM, Christopher Gross wrote:
Hi Mark.
Thanks for the suggestion -- but I'm not getting the realm log file. That
all looks like it should work, maybe there's just a little something that
I'm missing.
-- Chris
On Thu, Nov 8, 2012 at 4:26 PM, Mark Eggers <its_toas...@yahoo.com> wrote:
On 11/8/2012 12:29 PM, Christopher Gross wrote:
Using Tomcat 6.0.36.
Realm: <Realm className="org.apache.**catalina.realm.LockOutRealm"
failureCount="3" lockOutTime="300000"> <Realm
className="org.apache.**catalina.realm.**UserDatabaseRealm" digest="SHA"
resourceName="UserDatabase" /> </Realm>
Is there a way that I can set it up to do user login auditing, so
that I can see when a user logs in, or when they have a failed
attempt, etc? Been trying to google an answer, but I haven't been
finding anything useful or specific.
Let me know if there are any other config file snippets I can provide
to figure out what I need to change.
Thanks!
-- Chris
Chris,
Note, I haven't tried this so I may be completely off-base. The following
assumes that you're using the default JULI logging setup.
The realm classes are logged via Tomcat's JULI logging system (unless
you've converted to log4j). You'll need to add some logging for realms.
In $CATALINA_BASE/conf, there is a file called logging.properties.
You'll need to modify that in three places.
1. Add a new handler by appending it to the list of current handlers
Call it something like: 5realm.org.apache.juli.**FileHandler
So your handlers line now looks like:
handlers = 1catalina.org.apache.juli.**FileHandler,
2localhost.org.apache.juli.**FileHandler,
3manager.org.apache.juli.**FileHandler,
4host-manager.org.apache.juli.**FileHandler,
java.util.logging.**ConsoleHandler,5realm.org.**apache.juli.FileHandler
(sorry for the line wrapping)
2. Add the logging properties for your new handler
Underneath the host manager entry, add something like the following:
5realm.org.apache.juli.**FileHandler.level = FINE
5realm.org.apache.juli.**FileHandler.directory = ${catalina.base}/logs
5realm.org.apache.juli.**FileHandler.prefix = realm.
This sets up a realm log file in $CATALINA_BASE/logs.
3. Now set up the properties for the specific logger
In the Facilities section, add something like the following after the
host-manager entry.
org.apache.catalina.realm.**MESSAGES.level = WARN
org.apache.catalina.realm.**MESSAGES.handlers =
5realm.org.apache.juli.**FileHandler
(again, sorry for the line wrapping)
The values on the left contain the package you want to log
(org.apache.catalina.realm in this case), the message level
(MESSAGES.level), and the handler (MESSAGES.handlers).
The values on the right contain the actual level (WARN, since from the
source code all login failures look like they are at the WARN level),
and the handler you defined above (5realm.org.apache.juli.**FileHandler).
Restart Tomcat and you should see login failures in realm.[date].log,
where [date] is the date (rotated daily).
More information on configuring logging can be found here:
http://tomcat.apache.org/**tomcat-6.0-doc/logging.html<http://tomcat.apache.org/tomcat-6.0-doc/logging.html>
Again, I've not done this for Realm logging. I've done this for Cluster
logging and it seems to work well.
. . . . just my two cents.
/mde/
Hmm,
I had thought that should work. Like I said in my email (above), I've
not tried this for realms, but have done this for clusters.
Most info looks like it's at the DEBUG level (at least in LockOutRealm).
A quick search through the mailing list has recommended FINEST as the
log level.
Give FINEST a try rather than INFO and see what appears in your logs.
. . . . just my two cents (without coffee)
/mde/
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
