-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Brian,
On 6/22/20 02:04, Brian wrote: > Hello, > > I have been using Tomcat for about 18 years. As far as I can > remember, everything that I leave on the log with > System.out.println() has been found inside the file "catalina.out" > which has been nice. However, this seems to have changed. I just > migrated to Ubuntu 20.04 + Tomcat 9.0.31, and installed Tomcat > doing a "sudo apt install tomcat9". Now I see that the file > "catalina.out" never gets created, and that everything that had > been sent there is now being sent to the Ubuntu/Linux/Debian log > "syslog". I don't like that, I want to keep having a > separate/dedicated log for Tomcat (which is something I check very > often) and not havoing to search for it inside syslog (which is > something I rarely inspect). > > I have done some research, and this is what I have discovered (if I > understood everything correctly): > > - Tomcat now runs as a service inside something called "systemsd" - > For some reason, the people at Ubuntu/Debian/Linux decided that > Tomcat's log should be found inside syslog, instead of staying > independent inside "catalina.out". Why is that? I don't know and I > don't like it! - The other files inside /var/log/tomcat get > created, including the "catalina.YYYY-MM-DD.log" files. But I dont' > find my "System.out.println()" messages there, which has always > been the case. - I have found, however, that syslog tries to create > and populate the "catalina.out" file as well, since I have found an > error inside syslog that says something like "rsyslogd: file > '/var/log/tomcat9/catalina.out': open error: Permission denied". - > I have also found a file "/etc/rsyslog.d/tomcat9.conf" which, > indeed, seams to indicate syslog that the file > "/var/log/tomcat9/catalina.out" must be populated. Which makes > sense and should solve my needs. - Considering the "Permission > denied" error message, I started playing with the permissions > (something that I really don't have much experience with). If I > remember correctly, I created the file "catalina.out" manually, and > the modified its properties so the owners are "tomcat/adm", since > the "syslog" process/user seems to be inside the "adm" group. > Restarted everything... and the "catalina.out" file got created and > populated!!! So it seems that the main obstacle here is a lack of > correct permissions so syslog can do what has been told and > populate the "catalina.out" file. Did I get it right? - However, > when I delete all the log files (which I do every once in a while), > the permissions that I assigned get lost and the file doesn't get > created anymore. > > What are we supposed to do to deal with this problem? Can/should we > do something so the Tomcat log doesn't go to syslog? If not, and > considering that it seems that syslog is trying to populate the > "catalina.out" file as it has been told, what should we do to > correct the permissions problem? What are the permissions of the /var/log/tomcat directory? Hello Chris, I did a "ls -l /var/log/". According to that, this is what I see for "/var/log/tomcat9": drwxr-s--- 3 tomcat adm 4096 Jun 22 10:51 tomcat9 I'm not really an expert with Linux. It would seem to me that the "adm" group (to which syslog seems to belong) lacks a write permission, but in my old instance (Tomcat 8.5.39 + Ubuntu 18.04) the "catalina.out" file works perfectly (gets created and populated) and this is what I see there, it doesn't seem to me that the adm group has a write permission there either: drwxr-x--- 3 tomcat8 adm 4096 Jun 22 10:00 tomcat8 Perhaps you need to chmod g+w /var/log/tomcat ? - -chris OK, I did it and the write permission was added to the adm group. I restarted Tomcat.... and it worked, the catalina.out file got created! However, after I restarted the whole Ubuntu, I discovered that the permissions went back to how there were (not write for adm). Why is that? In fact, now I remember that I tried this before, but since I restarted the whole Ubuntu instead of just Tomcat, I never saw any progress. I didn't notice that it would have worked if I just restarted Tomcat. In any case, why is this permission required in my new VPS, if the old one lacks it and catalina.out works perfectly?