https://bz.apache.org/bugzilla/show_bug.cgi?id=63493
Bug ID: 63493
Summary: enhancement - add JMX counters to monitor
authentication and authorization
Product: Tomcat 9
Version: 9.0.x
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P2
Component: Catalina
Assignee: dev@tomcat.apache.org
Reporter: eugene.ad...@gmail.com
Target Milestone: -----
As security monitoring becomes more professional (use of SIEM platforms) I
would like to give Tomcat some useful output.
We can easily monitor the authentication (success vs failure), and the
authorization (403 codes for any reason - after several authentication
failures, restricted system permissions, wrong client certificate,..)
This data could be exported as counters through JMX : number of succeeded
authentications, number of failed authentications, number denied
authorizations. It's up to the monitoring tool to compare with the total
traffic if it wants to have percentage values or guess if an attack in ongoing,
and it can achieve this with the help of other counters already implemented
(number of requests).
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
