Mark,
I already had it down to FINE, but I switched it to FINEST but I still
didn't get the realm.<date>.txt file to show up.
Perhaps the control lines (the ones with "MESSAGES" in them) aren't quite
right for realm, but that's how your clustering setup works. Perhaps
someone else who has done this can chime in, but I'll keep looking around.
I think you got me started on the right track.
Thanks for your help, let me know if you get any other ideas.
-- Chris
On Fri, Nov 9, 2012 at 11:33 AM, Mark Eggers <its_toas...@yahoo.com> wrote:
> On 11/9/2012 6:04 AM, Christopher Gross wrote:
>
>> Hi Mark.
>>
>> Thanks for the suggestion -- but I'm not getting the realm log file. That
>> all looks like it should work, maybe there's just a little something that
>> I'm missing.
>>
>> -- Chris
>>
>>
>> On Thu, Nov 8, 2012 at 4:26 PM, Mark Eggers <its_toas...@yahoo.com>
>> wrote:
>>
>> On 11/8/2012 12:29 PM, Christopher Gross wrote:
>>>
>>> Using Tomcat 6.0.36.
>>>>
>>>> Realm: <Realm className="org.apache.****catalina.realm.LockOutRealm"
>>>>
>>>> failureCount="3" lockOutTime="300000"> <Realm
>>>> className="org.apache.****catalina.realm.****UserDatabaseRealm"
>>>> digest="SHA"
>>>>
>>>> resourceName="UserDatabase" /> </Realm>
>>>>
>>>> Is there a way that I can set it up to do user login auditing, so
>>>> that I can see when a user logs in, or when they have a failed
>>>> attempt, etc? Been trying to google an answer, but I haven't been
>>>> finding anything useful or specific.
>>>>
>>>> Let me know if there are any other config file snippets I can provide
>>>> to figure out what I need to change.
>>>>
>>>> Thanks!
>>>>
>>>> -- Chris
>>>>
>>>>
>>>> Chris,
>>>
>>> Note, I haven't tried this so I may be completely off-base. The following
>>> assumes that you're using the default JULI logging setup.
>>>
>>> The realm classes are logged via Tomcat's JULI logging system (unless
>>> you've converted to log4j). You'll need to add some logging for realms.
>>>
>>> In $CATALINA_BASE/conf, there is a file called logging.properties.
>>> You'll need to modify that in three places.
>>>
>>> 1. Add a new handler by appending it to the list of current handlers
>>>
>>> Call it something like: 5realm.org.apache.juli.****FileHandler
>>>
>>>
>>> So your handlers line now looks like:
>>>
>>> handlers = 1catalina.org.apache.juli.****FileHandler,
>>> 2localhost.org.apache.juli.****FileHandler,
>>> 3manager.org.apache.juli.****FileHandler,
>>> 4host-manager.org.apache.juli.****FileHandler,
>>> java.util.logging.****ConsoleHandler,5realm.org.****
>>> apache.juli.FileHandler
>>>
>>>
>>> (sorry for the line wrapping)
>>>
>>> 2. Add the logging properties for your new handler
>>>
>>> Underneath the host manager entry, add something like the following:
>>>
>>> 5realm.org.apache.juli.****FileHandler.level = FINE
>>> 5realm.org.apache.juli.****FileHandler.directory = ${catalina.base}/logs
>>> 5realm.org.apache.juli.****FileHandler.prefix = realm.
>>>
>>>
>>> This sets up a realm log file in $CATALINA_BASE/logs.
>>>
>>> 3. Now set up the properties for the specific logger
>>>
>>> In the Facilities section, add something like the following after the
>>> host-manager entry.
>>>
>>> org.apache.catalina.realm.****MESSAGES.level = WARN
>>> org.apache.catalina.realm.****MESSAGES.handlers =
>>> 5realm.org.apache.juli.****FileHandler
>>>
>>>
>>> (again, sorry for the line wrapping)
>>>
>>> The values on the left contain the package you want to log
>>> (org.apache.catalina.realm in this case), the message level
>>> (MESSAGES.level), and the handler (MESSAGES.handlers).
>>>
>>> The values on the right contain the actual level (WARN, since from the
>>> source code all login failures look like they are at the WARN level),
>>> and the handler you defined above (5realm.org.apache.juli.****
>>> FileHandler).
>>>
>>>
>>> Restart Tomcat and you should see login failures in realm.[date].log,
>>> where [date] is the date (rotated daily).
>>>
>>> More information on configuring logging can be found here:
>>>
>>> http://tomcat.apache.org/****tomcat-6.0-doc/logging.html<http://tomcat.apache.org/**tomcat-6.0-doc/logging.html>
>>> <ht**tp://tomcat.apache.org/tomcat-**6.0-doc/logging.html<http://tomcat.apache.org/tomcat-6.0-doc/logging.html>
>>> >
>>>
>>>
>>> Again, I've not done this for Realm logging. I've done this for Cluster
>>> logging and it seems to work well.
>>>
>>> . . . . just my two cents.
>>> /mde/
>>>
>>>
> Hmm,
>
> I had thought that should work. Like I said in my email (above), I've not
> tried this for realms, but have done this for clusters.
>
> Most info looks like it's at the DEBUG level (at least in LockOutRealm).
>
> A quick search through the mailing list has recommended FINEST as the log
> level.
>
> Give FINEST a try rather than INFO and see what appears in your logs.
>
> . . . . just my two cents (without coffee)
>
> /mde/
>
> ------------------------------**------------------------------**---------
> To unsubscribe, e-mail:
> users-unsubscribe@tomcat.**apache.org<users-unsubscr...@tomcat.apache.org>
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>
