https://bz.apache.org/bugzilla/show_bug.cgi?id=63493
Bug ID: 63493 Summary: enhancement - add JMX counters to monitor authentication and authorization Product: Tomcat 9 Version: 9.0.x Hardware: All OS: All Status: NEW Severity: enhancement Priority: P2 Component: Catalina Assignee: dev@tomcat.apache.org Reporter: eugene.ad...@gmail.com Target Milestone: ----- As security monitoring becomes more professional (use of SIEM platforms) I would like to give Tomcat some useful output. We can easily monitor the authentication (success vs failure), and the authorization (403 codes for any reason - after several authentication failures, restricted system permissions, wrong client certificate,..) This data could be exported as counters through JMX : number of succeeded authentications, number of failed authentications, number denied authorizations. It's up to the monitoring tool to compare with the total traffic if it wants to have percentage values or guess if an attack in ongoing, and it can achieve this with the help of other counters already implemented (number of requests). -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org