Sorry I didn't mean to ask the questions as though this forum is my private consulting firm. I have done everything I could before I posted on this forum. I have searched google, experts exchange, asked coworkers, and asked my previous Tomcat professor. I will use your suggestions and I hope I can figure this out. Thanks!
Christopher Schultz-2 wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > To whom it may concern, > > On 12/2/11 12:10 PM, jmpaul012 wrote: >>> So I am doing Tomcat STIGS and I am stuck on two of the STIGs. >>> >>> 1. How do I change what tomcat logs? I think it's something I >>> need to do in server.xml but I'm not sure. > > What have you tried so far? This is a community mailing list, not a > consulting agency. We're here to help, not to do things for you. > >>> This is what I need to log: >>> >>> • Date, Time • IP address of the host that initiated the request >>> • User ID supplied for HTTP authentication • HTTP Method • URL in >>> the request • The protocol and protocol version used to make the >>> request • Source and destination port numbers • Status codes for >>> the response • Size of the response in bytes • HTTP Status and >>> Referrer for the following events: > > That sounds a lot like an HTTP access log. Have you looked through the > "logging" documentation for your version of Tomcat for how to do > access logging? > >>> - Successful and unsuccessful attempts to access the web server >>> software. > > Depends upon your definition of "successful", "attempt", and "access". > >>> - Successful and unsuccessful attempts to access the web site. > > Ditto. > >>> - Successful and unsuccessful attempts to access the web >>> application. > > Ditto. > >>> 2. How do I view/change the HTTP header information of an >>> intranet site that is using Tomcat? I have to make sure the HTTP >>> header does not show information about the web server which would >>> include, web server product, version, or host operating system > > Generally speaking, it's nice to post different questions in separate > threads. It's not a huge deal, but it makes following a conversation > easier for others. > > Anyhow, you are looking for changing the "Server" response header, > right? That's in the documentation as well, but it might not be the > easiest thing to find. See below. > > Since you are looking at securing Tomcat, you might want to have a > look at the "Security Considerations" section of the Tomcat User Guide: > http://tomcat.apache.org/tomcat-7.0-doc/security-howto.html > > (Make sure you use the right version -- I chose TC 7 because you never > told us what you were running). > > Hope that helps, > - -chris > -----BEGIN PGP SIGNATURE----- > Version: GnuPG/MacGPG2 v2.0.17 (Darwin) > Comment: GPGTools - http://gpgtools.org > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iEYEARECAAYFAk7ZDaoACgkQ9CaO5/Lv0PB8QACgvfmekninLwMlIuafcwsG2WZ4 > HnAAni9XbJ15C0/wv0RgiJuCaZavt/wQ > =GVw2 > -----END PGP SIGNATURE----- > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > > -- View this message in context: http://old.nabble.com/Tomcat-Logging-and-HTTP-Header-question-tp32892450p32904101.html Sent from the Tomcat - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
