On 08/06/2012 20:09, Su Zhang wrote: > Hello, > > We want to check the log settings (e.g.attributes need to be logged) of > tomcat server and then evaluate the security level for the application.
Tomcat log config and application log config are two different things. > I am evaluating over a well-built system so what I can obtain is only its > binary code and configuration files. Is there any way we can infer the log > settings automatically? Examine the application for log configuration files. E.g. This is a typical example, for an app that uses Log4J. myapp/WEB-INF/classes/log4j.properties p -- [key:62590808]
signature.asc
Description: OpenPGP digital signature
