-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Fidelis,
On 12/17/2009 3:42 PM, Fidelis Mnyanyi wrote: > Thanks Konstantin for your response. I tried to use AccessLogValve, > but noticed I can only capture successful logins. I would like to be > able to capture all unsuccessful attempts as well for security-audit > reasons, is this possible through Tomcat? Really? Tomcat doesn't log requests to j_security_check through AccessLogValve? Note that AccessLogValve will not directly log "failed logins": it only logs HTTP requests and their statuses, etc. You will have to deduce from the status code what happened during the request. If you want to actually log failed logins, you'll need to use something other than the standard realms Tomcat provides (except maybe JAASRealm... I've never used that one but it appears that it is much more flexible than the other realm implementations). - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAksqp8QACgkQ9CaO5/Lv0PATzACghn0Apk8uew1/et9QUK6t2HTW InoAnAzcwEbLLnxwIfDUgLJUfwPdivrJ =btRk -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org