-----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256

    Brian,

    On 6/22/20 02:04, Brian wrote:
    >  Hello,
    >
    > I have been using Tomcat for about 18 years. As far as I can
    > remember, everything that I leave on the log with
    > System.out.println() has been found inside the file "catalina.out"
    > which has been nice. However, this seems to have changed. I just
    > migrated to Ubuntu 20.04 + Tomcat 9.0.31, and installed Tomcat
    > doing a "sudo apt install tomcat9". Now I see that the file
    > "catalina.out" never gets created, and that everything that had
    > been sent there is now being sent to the Ubuntu/Linux/Debian log
    > "syslog". I don't like that, I want to keep having a
    > separate/dedicated log for Tomcat (which is something I check very
    > often) and not havoing to search for it inside syslog (which is
    > something I rarely inspect).
    >
    > I have done some research, and this is what I have discovered (if I
    > understood everything correctly):
    >
    > - Tomcat now runs as a service inside something called "systemsd" -
    > For some reason, the people at Ubuntu/Debian/Linux decided that
    > Tomcat's log should be found inside syslog, instead of staying
    > independent inside "catalina.out". Why is that? I don't know and I
    > don't like it! - The other files inside /var/log/tomcat get
    > created, including the "catalina.YYYY-MM-DD.log" files. But I dont'
    > find my "System.out.println()" messages there, which has always
    > been the case. - I have found, however, that syslog tries to create
    > and populate the "catalina.out" file as well, since I have found an
    > error inside syslog that says something like "rsyslogd: file
    > '/var/log/tomcat9/catalina.out': open error: Permission denied". -
    > I have also found a file "/etc/rsyslog.d/tomcat9.conf" which,
    > indeed, seams to indicate syslog that the file
    > "/var/log/tomcat9/catalina.out" must be populated. Which makes
    > sense and should solve my needs. - Considering the "Permission
    > denied" error message, I started playing with the permissions
    > (something that I really don't have much experience with). If I
    > remember correctly, I created the file "catalina.out" manually, and
    > the modified its properties so the owners are "tomcat/adm", since
    > the "syslog" process/user seems to be inside the "adm" group.
    > Restarted everything... and the "catalina.out" file got created and
    > populated!!! So it seems that the main obstacle here is a lack of
    > correct permissions so syslog can do what has been told and
    > populate the "catalina.out" file. Did I get it right? - However,
    > when I delete all the log files (which I do every once in a while),
    > the permissions that I assigned get lost and the file doesn't get
    > created anymore.
    >
    > What are we supposed to do to deal with this problem? Can/should we
    > do something so the Tomcat log doesn't go to syslog? If not, and
    > considering that it seems that syslog is trying to populate the
    > "catalina.out" file as it has been told, what should we do to
    > correct the permissions problem?

    What are the permissions of the /var/log/tomcat directory?

Hello Chris,

I did a "ls -l /var/log/". According to that, this is what I see for 
"/var/log/tomcat9":
drwxr-s---  3 tomcat    adm                4096 Jun 22 10:51 tomcat9

I'm not really an expert with Linux. It would seem to me that the "adm" group 
(to which syslog seems to belong) lacks a write permission, but in my old 
instance (Tomcat 8.5.39 + Ubuntu 18.04) the "catalina.out" file works perfectly 
(gets created and populated) and this is what I see there, it doesn't seem to 
me that the adm group has a write permission there either:
drwxr-x---  3 tomcat8   adm               4096 Jun 22 10:00 tomcat8

    Perhaps you need to chmod g+w /var/log/tomcat ?
    - -chris

OK, I did it and the write permission was added to the adm group. I restarted 
Tomcat.... and it worked, the catalina.out file got created! However, after I 
restarted the whole Ubuntu, I discovered that the permissions went back to how 
there were (not write for adm). Why is that?
In fact, now I remember that I tried this before, but since I restarted the 
whole Ubuntu instead of just Tomcat, I never saw any progress. I didn't notice 
that it would have worked if I just restarted Tomcat.

In any case, why is this permission required in my new VPS, if the old one 
lacks it and catalina.out works perfectly? 


Reply via email to