-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Brian,
On 6/22/20 02:04, Brian wrote:
> Hello,
>
> I have been using Tomcat for about 18 years. As far as I can
> remember, everything that I leave on the log with
> System.out.println() has been found inside the file "catalina.out"
> which has been nice. However, this seems to have changed. I just
> migrated to Ubuntu 20.04 + Tomcat 9.0.31, and installed Tomcat
> doing a "sudo apt install tomcat9". Now I see that the file
> "catalina.out" never gets created, and that everything that had
> been sent there is now being sent to the Ubuntu/Linux/Debian log
> "syslog". I don't like that, I want to keep having a
> separate/dedicated log for Tomcat (which is something I check very
> often) and not havoing to search for it inside syslog (which is
> something I rarely inspect).
>
> I have done some research, and this is what I have discovered (if I
> understood everything correctly):
>
> - Tomcat now runs as a service inside something called "systemsd" -
> For some reason, the people at Ubuntu/Debian/Linux decided that
> Tomcat's log should be found inside syslog, instead of staying
> independent inside "catalina.out". Why is that? I don't know and I
> don't like it! - The other files inside /var/log/tomcat get
> created, including the "catalina.YYYY-MM-DD.log" files. But I dont'
> find my "System.out.println()" messages there, which has always
> been the case. - I have found, however, that syslog tries to create
> and populate the "catalina.out" file as well, since I have found an
> error inside syslog that says something like "rsyslogd: file
> '/var/log/tomcat9/catalina.out': open error: Permission denied". -
> I have also found a file "/etc/rsyslog.d/tomcat9.conf" which,
> indeed, seams to indicate syslog that the file
> "/var/log/tomcat9/catalina.out" must be populated. Which makes
> sense and should solve my needs. - Considering the "Permission
> denied" error message, I started playing with the permissions
> (something that I really don't have much experience with). If I
> remember correctly, I created the file "catalina.out" manually, and
> the modified its properties so the owners are "tomcat/adm", since
> the "syslog" process/user seems to be inside the "adm" group.
> Restarted everything... and the "catalina.out" file got created and
> populated!!! So it seems that the main obstacle here is a lack of
> correct permissions so syslog can do what has been told and
> populate the "catalina.out" file. Did I get it right? - However,
> when I delete all the log files (which I do every once in a while),
> the permissions that I assigned get lost and the file doesn't get
> created anymore.
>
> What are we supposed to do to deal with this problem? Can/should we
> do something so the Tomcat log doesn't go to syslog? If not, and
> considering that it seems that syslog is trying to populate the
> "catalina.out" file as it has been told, what should we do to
> correct the permissions problem?
What are the permissions of the /var/log/tomcat directory?
Hello Chris,
I did a "ls -l /var/log/". According to that, this is what I see for
"/var/log/tomcat9":
drwxr-s--- 3 tomcat adm 4096 Jun 22 10:51 tomcat9
I'm not really an expert with Linux. It would seem to me that the "adm" group
(to which syslog seems to belong) lacks a write permission, but in my old
instance (Tomcat 8.5.39 + Ubuntu 18.04) the "catalina.out" file works perfectly
(gets created and populated) and this is what I see there, it doesn't seem to
me that the adm group has a write permission there either:
drwxr-x--- 3 tomcat8 adm 4096 Jun 22 10:00 tomcat8
Perhaps you need to chmod g+w /var/log/tomcat ?
- -chris
OK, I did it and the write permission was added to the adm group. I restarted
Tomcat.... and it worked, the catalina.out file got created! However, after I
restarted the whole Ubuntu, I discovered that the permissions went back to how
there were (not write for adm). Why is that?
In fact, now I remember that I tried this before, but since I restarted the
whole Ubuntu instead of just Tomcat, I never saw any progress. I didn't notice
that it would have worked if I just restarted Tomcat.
In any case, why is this permission required in my new VPS, if the old one
lacks it and catalina.out works perfectly?
