disabling SessionListener Logging
Hello I am currently running Apache Tomcat 7.0.25 in a two server clustered configuration. Everything is working fine in this regard. I have confirmed that sessions and session variables are being updated on each server instance. To get things working, I had marked the provided examples web application as distributable in the applications web.xml on both servers. I am just using the examples web application as a stop gap till my real web applications are coded. However, now that I have the session replication working correctly, is there a way to disable these types of entries in the catalina.err log file? Mar 17, 2012 2:02:57 AM org.apache.catalina.core.ApplicationContext log INFO: SessionListener: sessionCreated('01801736B95337518C93E617280684CF') Mar 17, 2012 2:02:58 AM org.apache.catalina.core.ApplicationContext log INFO: SessionListener: attributeAdded('01801736B95337518C93E617280684CF', 'foo', 'bar') I tried some educated guesses in changing the Logging.properties file under the conf directory to no avail. I have since reverted to my original version. Bottom line, I am at a complete loss as changing the logging.properties file seems to have no effect on the problem. Is there a good way ahead to get these INFO level SessionListener Messages ( and only the SessionListener messages ) to be silent ? If there is needed configuration info required, I will be more than happy to provide it. However, other than changing server.xml ( to run on port 80 and enable SSL on port 443 ) I haven't done much above and beyond that. Thanks in advance Brian - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: disabling SessionListener Logging
Thanks for the quick response. It doesn't appear to be the case. The example servlet doesn't seem to have any logger calls and is just pipeling output to a PrintWriter for the response back to the browser. I suspect these are coming from the server itself and not the application due to this being in the log output. org.apache.catalina.core.ApplicationContext which isn't a part of the example web app. I am open to any other ideas. Thanks Brian On 3/17/2012 2:23 AM, Pid * wrote: On 17 Mar 2012, at 07:21, Brian Handhandbri...@gmail.com wrote: Hello I am currently running Apache Tomcat 7.0.25 in a two server clustered configuration. Everything is working fine in this regard. I have confirmed that sessions and session variables are being updated on each server instance. To get things working, I had marked the provided examples web application as distributable in the applications web.xml on both servers. I am just using the examples web application as a stop gap till my real web applications are coded. However, now that I have the session replication working correctly, is there a way to disable these types of entries in the catalina.err log file? Check the code of the example app to see if it's something the app is doing rather th Mar 17, 2012 2:02:57 AM org.apache.catalina.core.ApplicationContext log INFO: SessionListener: sessionCreated('01801736B95337518C93E617280684CF') Mar 17, 2012 2:02:58 AM org.apache.catalina.core.ApplicationContext log INFO: SessionListener: attributeAdded('01801736B95337518C93E617280684CF', 'foo', 'bar') I tried some educated guesses in changing the Logging.properties file under the conf directory to no avail. I have since reverted to my original version. Bottom line, I am at a complete loss as changing the logging.properties file seems to have no effect on the problem. Is there a good way ahead to get these INFO level SessionListener Messages ( and only the SessionListener messages ) to be silent ? If there is needed configuration info required, I will be more than happy to provide it. However, other than changing server.xml ( to run on port 80 and enable SSL on port 443 ) I haven't done much above and beyond that. Thanks in advance Brian - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: disabling SessionListener Logging
I see what you mean. There are a bunch of overriden methods that do the logging. Specific to the examples application. I was looking at it from the wrong direction, I made the erroneous assumption that org.apache.catalina.core.ApplicationContext was the culprint, when in fact that was not the case. Thanks for the prompt assistance Brian On 3/17/2012 2:39 AM, Pid * wrote: On 17 Mar 2012, at 07:31, Brian Handhandbri...@gmail.com wrote: Thanks for the quick response. It doesn't appear to be the case. The example servlet doesn't seem to have any logger calls and is just pipeling output to a PrintWriter for the response back to the browser. Need to look for SessionListener.java - it's that calling ServletContext.log(). Probably in WEB-INF/listeners. p I suspect these are coming from the server itself and not the application due to this being in the log output. org.apache.catalina.core.ApplicationContext which isn't a part of the example web app. I am open to any other ideas. Thanks Brian On 3/17/2012 2:23 AM, Pid * wrote: On 17 Mar 2012, at 07:21, Brian Handhandbri...@gmail.com wrote: Hello I am currently running Apache Tomcat 7.0.25 in a two server clustered configuration. Everything is working fine in this regard. I have confirmed that sessions and session variables are being updated on each server instance. To get things working, I had marked the provided examples web application as distributable in the applications web.xml on both servers. I am just using the examples web application as a stop gap till my real web applications are coded. However, now that I have the session replication working correctly, is there a way to disable these types of entries in the catalina.err log file? Check the code of the example app to see if it's something the app is doing rather th Mar 17, 2012 2:02:57 AM org.apache.catalina.core.ApplicationContext log INFO: SessionListener: sessionCreated('01801736B95337518C93E617280684CF') Mar 17, 2012 2:02:58 AM org.apache.catalina.core.ApplicationContext log INFO: SessionListener: attributeAdded('01801736B95337518C93E617280684CF', 'foo', 'bar') I tried some educated guesses in changing the Logging.properties file under the conf directory to no avail. I have since reverted to my original version. Bottom line, I am at a complete loss as changing the logging.properties file seems to have no effect on the problem. Is there a good way ahead to get these INFO level SessionListener Messages ( and only the SessionListener messages ) to be silent ? If there is needed configuration info required, I will be more than happy to provide it. However, other than changing server.xml ( to run on port 80 and enable SSL on port 443 ) I haven't done much above and beyond that. Thanks in advance Brian - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Trying to suppress keystore and truststore password in Cent OS process listings.
Hello all I been working with getting JMX working with SSL with client side authentication working on tomcat. All is working well in this regard. However, I noticed that if I do a ps -ef | grep jsvc on the Cent OS linux server. I get the below output ( yes the password has been changed ). My question is simply, is there a way to pass in the keystore password and truststore password through jsvc in such a manner where it isn't in clear text on a process list output? Or more to the point, am I being overly paranoid that the keystore and truststore passwords are in the clear if you do a process listing on the server? I have taken steps to ensure that only the tomcat user is able to read from both the keystore and truststore files and the tomcat user is not allowed direct logins on to the machine. The only way you can become a tomcat user is via su - tomcat from another user. I tried setting the parameters via the CATALINA_OPTS environment variable, however it seems that the jsvc process doesn't evaluate it unless I include it as part of my startup command line. However if I do this, I get the process table output below. Is there any way to not show these passwords in the clear and support the SSL configuration capabilities that are setup? Thanks in advance Brian ps -ef | grep jsvc root 14973 1 0 23:51 ?00:00:00 jsvc.exec -pidfile /var/run/jsvc.pid -cp /usr/local/apache/bin/bootstrap.jar:/usr/local/apache/bin/tomcat-juli.jar -user tomcat -Xmx512m -Xms512m -outfile /usr/local/apache/logs/catalina.out -errfile /usr/local/apache/logs/catalina.err -Dcom.sun.management.jmxremote.password.file=/usr/local/apache/conf/jmxremote.password -Dcom.sun.management.jmxremote.access.file=/usr/local/apache/conf/jmxremote.access -Dcom.sun.management.jmxremote.authenticate=true -Dcom.sun.management.jmxremote.ssl=true -Dcom.sun.management.jmxremote.registry.ssl=true -Djavax.net.ssl.keyStore=/usr/local/apache/conf/jmxkeystore -Djavax.net.ssl.keyStorePassword=secret -Dcom.sun.management.jmxremote.ssl.need.client.auth=true -Djavax.net.ssl.trustStore=/usr/local/apache/conf/jmxtruststore -Djavax.net.ssl.trustStorePassword=secret org.apache.catalina.startup.Bootstrap tomcat 14974 14973 42 23:51 ?00:00:02 jsvc.exec -pidfile /var/run/jsvc.pid -cp /usr/local/apache/bin/bootstrap.jar:/usr/local/apache/bin/tomcat-juli.jar -user tomcat -Xmx512m -Xms512m -outfile /usr/local/apache/logs/catalina.out -errfile /usr/local/apache/logs/catalina.err -Dcom.sun.management.jmxremote.password.file=/usr/local/apache/conf/jmxremote.password -Dcom.sun.management.jmxremote.access.file=/usr/local/apache/conf/jmxremote.access -Dcom.sun.management.jmxremote.authenticate=true -Dcom.sun.management.jmxremote.ssl=true -Dcom.sun.management.jmxremote.registry.ssl=true -Djavax.net.ssl.keyStore=/usr/local/apache/conf/jmxkeystore -Djavax.net.ssl.keyStorePassword=secret -Dcom.sun.management.jmxremote.ssl.need.client.auth=true -Djavax.net.ssl.trustStore=/usr/local/apache/conf/jmxtruststore -Djavax.net.ssl.trustStorePassword=secret org.apache.catalina.startup.Bootstrap - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Trying to suppress keystore and truststore password in Cent OS process listings.
Pid Worked like a champ. Thank you once again. Brian On 3/25/2012 2:40 AM, Pid * wrote: On 25 Mar 2012, at 06:25, Brian Handhandbri...@gmail.com wrote: Hello all I been working with getting JMX working with SSL with client side authentication working on tomcat. All is working well in this regard. However, I noticed that if I do a ps -ef | grep jsvc on the Cent OS linux server. I get the below output ( yes the password has been changed ). My question is simply, is there a way to pass in the keystore password and truststore password through jsvc in such a manner where it isn't in clear text on a process list output? Or more to the point, am I being overly paranoid that the keystore and truststore passwords are in the clear if you do a process listing on the server? I have taken steps to ensure that only the tomcat user is able to read from both the keystore and truststore files and the tomcat user is not allowed direct logins on to the machine. The only way you can become a tomcat user is via su - tomcat from another user. I tried setting the parameters via the CATALINA_OPTS environment variable, however it seems that the jsvc process doesn't evaluate it unless I include it as part of my startup command line. However if I do this, I get the process table output below. The jsvc wrapper launches Tomcat itself, ignoring the tomcat/bin scripts. Is there any way to not show these passwords in the clear and support the SSL configuration capabilities that are setup? Yes. 1. Add all of those properties to the end of catalina.properties. 2. Download the catalina-jmx-remote.jar and configure the listener it contains in server.xml. p Thanks in advance Brian ps -ef | grep jsvc root 14973 1 0 23:51 ?00:00:00 jsvc.exec -pidfile /var/run/jsvc.pid -cp /usr/local/apache/bin/bootstrap.jar:/usr/local/apache/bin/tomcat-juli.jar -user tomcat -Xmx512m -Xms512m -outfile /usr/local/apache/logs/catalina.out -errfile /usr/local/apache/logs/catalina.err -Dcom.sun.management.jmxremote.password.file=/usr/local/apache/conf/jmxremote.password -Dcom.sun.management.jmxremote.access.file=/usr/local/apache/conf/jmxremote.access -Dcom.sun.management.jmxremote.authenticate=true -Dcom.sun.management.jmxremote.ssl=true -Dcom.sun.management.jmxremote.registry.ssl=true -Djavax.net.ssl.keyStore=/usr/local/apache/conf/jmxkeystore -Djavax.net.ssl.keyStorePassword=secret -Dcom.sun.management.jmxremote.ssl.need.client.auth=true -Djavax.net.ssl.trustStore=/usr/local/apache/conf/jmxtruststore -Djavax.net.ssl.trustStorePassword=secret org.apache.catalina.startup.Bootstrap tomcat 14974 14973 42 23:51 ?00:00:02 jsvc.exec -pidfile /var/run/jsvc.pid -cp /usr/local/apache/bin/bootstrap.jar:/usr/local/apache/bin/tomcat-juli.jar -user tomcat -Xmx512m -Xms512m -outfile /usr/local/apache/logs/catalina.out -errfile /usr/local/apache/logs/catalina.err -Dcom.sun.management.jmxremote.password.file=/usr/local/apache/conf/jmxremote.password -Dcom.sun.management.jmxremote.access.file=/usr/local/apache/conf/jmxremote.access -Dcom.sun.management.jmxremote.authenticate=true -Dcom.sun.management.jmxremote.ssl=true -Dcom.sun.management.jmxremote.registry.ssl=true -Djavax.net.ssl.keyStore=/usr/local/apache/conf/jmxkeystore -Djavax.net.ssl.keyStorePassword=secret -Dcom.sun.management.jmxremote.ssl.need.client.auth=true -Djavax.net.ssl.trustStore=/usr/local/apache/conf/jmxtruststore -Djavax.net.ssl.trustStorePassword=secret org.apache.catalina.startup.Bootstrap - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org