On 11/8/2012 12:29 PM, Christopher Gross wrote:
Using Tomcat 6.0.36.
Realm: <Realm className="org.apache.catalina.realm.LockOutRealm"
failureCount="3" lockOutTime="300000"> <Realm
className="org.apache.catalina.realm.UserDatabaseRealm" digest="SHA"
resourceName="UserDatabase" /> </Realm>
Is there a way that I can set it up to do user login auditing, so
that I can see when a user logs in, or when they have a failed
attempt, etc? Been trying to google an answer, but I haven't been
finding anything useful or specific.
Let me know if there are any other config file snippets I can provide
to figure out what I need to change.
Thanks!
-- Chris
Chris,
Note, I haven't tried this so I may be completely off-base. The
following assumes that you're using the default JULI logging setup.
The realm classes are logged via Tomcat's JULI logging system (unless
you've converted to log4j). You'll need to add some logging for realms.
In $CATALINA_BASE/conf, there is a file called logging.properties.
You'll need to modify that in three places.
1. Add a new handler by appending it to the list of current handlers
Call it something like: 5realm.org.apache.juli.FileHandler
So your handlers line now looks like:
handlers = 1catalina.org.apache.juli.FileHandler,
2localhost.org.apache.juli.FileHandler,
3manager.org.apache.juli.FileHandler,
4host-manager.org.apache.juli.FileHandler,
java.util.logging.ConsoleHandler,5realm.org.apache.juli.FileHandler
(sorry for the line wrapping)
2. Add the logging properties for your new handler
Underneath the host manager entry, add something like the following:
5realm.org.apache.juli.FileHandler.level = FINE
5realm.org.apache.juli.FileHandler.directory = ${catalina.base}/logs
5realm.org.apache.juli.FileHandler.prefix = realm.
This sets up a realm log file in $CATALINA_BASE/logs.
3. Now set up the properties for the specific logger
In the Facilities section, add something like the following after the
host-manager entry.
org.apache.catalina.realm.MESSAGES.level = WARN
org.apache.catalina.realm.MESSAGES.handlers =
5realm.org.apache.juli.FileHandler
(again, sorry for the line wrapping)
The values on the left contain the package you want to log
(org.apache.catalina.realm in this case), the message level
(MESSAGES.level), and the handler (MESSAGES.handlers).
The values on the right contain the actual level (WARN, since from the
source code all login failures look like they are at the WARN level),
and the handler you defined above (5realm.org.apache.juli.FileHandler).
Restart Tomcat and you should see login failures in realm.[date].log,
where [date] is the date (rotated daily).
More information on configuring logging can be found here:
http://tomcat.apache.org/tomcat-6.0-doc/logging.html
Again, I've not done this for Realm logging. I've done this for Cluster
logging and it seems to work well.
. . . . just my two cents.
/mde/
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
