Re: IP based request filters for admin/manager

2010-07-18 Thread Johan Martinez
Thanks for the suggestions Chuck.

Below is my reply inline.

As you may have guessed out I am a newbie and this is turning out to be
really interesting and educational. :)

--
jM.

On Sun, Jul 18, 2010 at 12:31 AM, Caldarale, Charles R 
chuck.caldar...@unisys.com wrote:


  From: Johan Martinez [mailto:jmart...@gmail.com]
  Subject: Re: IP based request filters for admin/manager
 
  I don't want to replace the default ROOT webapp, in other
  words, I don't want my specific webapp to be ROOT app.

 A little odd, but if that's your choice...



There are multiple webapps and all are being deployed/accessed using some
specific names. Clients are configured with these specific URL patterns. So
ROOT webapp is not needed.



  But I would like to restrict/hide information normally
  exposed by the default ROOT webapp.

 All of what Tomcat's default ROOT has, or just some of it?

 For all of it, just place a Context element in
 webapps/ROOT/META-INF/context.xml, configuring the valve you already know
 about.  (Do not use path or docBase attributes here - they're not allowed.)
  If you only want to restrict some of it, but don't want to use
 authentication, you'll need to write a more sophisticated filter.  There's
 no need to move or rename ROOT, unless you're just trying to obscure things
 (and security through obscurity is a fool's game).


 Thanks for pointing out this approach.


  I removed 'manager' from webapps directory.

 What version of Tomcat are you using?  If you're using 5.5.x (hinted at by
 your previous message's reference to a doc page), the manager webapp is in
 server/webapps, not the regular webapps directory.  If you're using a newer
 Tomcat (and you probably should be), manager is under the regular webapps
 directory.

  Now I am not able to access http://hostname/manager

 You never could - that will always get you a 404 (at least until Tomcat
 7.0.1 comes out).

  but http://hostname/manager/html works.

 That's the valid URL for the manager GUI.  Looks like you didn't really get
 rid of it.



Checked $CATALINA_HOME/conf/Catalina/localhost/manager.xml and found
Context docBase=${catalina.home}/server/webapps/manager entry. I thought
I removed manager app, but not really...



  - Chuck


 THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
 MATERIAL and is thus for use only by the intended recipient. If you received
 this in error, please contact the sender and delete the e-mail and its
 attachments from all computers.


 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org




Re: IP based request filters for admin/manager

2010-07-18 Thread Johan Martinez
* I put following in the $CATALINA_HOME/webapps/ROOT/META-INF/context.xml ,
but it's not working.

Context
Value className=org.apache.catalina.valves.RemoteAddrValue
allow=ip.addr. deny=/
/Context

Also, this file is not being copied as
$CATALINA_HOME/conf/Catalina/localhost/ROOT.xml.

* In addition to above file , I modified
$CATALINA_HOME/conf/Catalina/localhost/manager.xml and
$CATALINA_HOME/conf/Catalina/localhost/host-manager.xml as well, but that's
not working either.

Am I missing anything?

--
jM.



On Sun, Jul 18, 2010 at 1:00 AM, Johan Martinez jmart...@gmail.com wrote:


 Thanks for the suggestions Chuck.

 Below is my reply inline.

 As you may have guessed out I am a newbie and this is turning out to be
 really interesting and educational. :)

 --
 jM.

 On Sun, Jul 18, 2010 at 12:31 AM, Caldarale, Charles R 
 chuck.caldar...@unisys.com wrote:


  From: Johan Martinez [mailto:jmart...@gmail.com]
  Subject: Re: IP based request filters for admin/manager
 
  I don't want to replace the default ROOT webapp, in other
  words, I don't want my specific webapp to be ROOT app.

 A little odd, but if that's your choice...



 There are multiple webapps and all are being deployed/accessed using some
 specific names. Clients are configured with these specific URL patterns. So
 ROOT webapp is not needed.



  But I would like to restrict/hide information normally
  exposed by the default ROOT webapp.

 All of what Tomcat's default ROOT has, or just some of it?

 For all of it, just place a Context element in
 webapps/ROOT/META-INF/context.xml, configuring the valve you already know
 about.  (Do not use path or docBase attributes here - they're not allowed.)
  If you only want to restrict some of it, but don't want to use
 authentication, you'll need to write a more sophisticated filter.  There's
 no need to move or rename ROOT, unless you're just trying to obscure things
 (and security through obscurity is a fool's game).


  Thanks for pointing out this approach.


  I removed 'manager' from webapps directory.

 What version of Tomcat are you using?  If you're using 5.5.x (hinted at by
 your previous message's reference to a doc page), the manager webapp is in
 server/webapps, not the regular webapps directory.  If you're using a newer
 Tomcat (and you probably should be), manager is under the regular webapps
 directory.

  Now I am not able to access http://hostname/manager

 You never could - that will always get you a 404 (at least until Tomcat
 7.0.1 comes out).

  but http://hostname/manager/html works.

 That's the valid URL for the manager GUI.  Looks like you didn't really
 get rid of it.



 Checked $CATALINA_HOME/conf/Catalina/localhost/manager.xml and found
 Context docBase=${catalina.home}/server/webapps/manager entry. I thought
 I removed manager app, but not really...



  - Chuck


 THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
 MATERIAL and is thus for use only by the intended recipient. If you received
 this in error, please contact the sender and delete the e-mail and its
 attachments from all computers.


 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org





Re: IP based request filters for admin/manager

2010-07-18 Thread Johan Martinez
Started afresh and got it working finally.

 I tried with and without escape character and both worked.

Thanks,
jM.


On Sun, Jul 18, 2010 at 1:09 PM, Konstantin Kolinko
knst.koli...@gmail.comwrote:

 2010/7/18 Shantanu Pavgi pa...@uab.edu:
 
  I don't have a solution, but just wanted to comment that examples in the
 doc are correct.
  See API doc:
 http://tomcat.apache.org/tomcat-5.5-doc/catalina/docs/api/org/apache/catalina/valves/RequestFilterValve.html#allow
  The 'allow' field uses String expression and 'allows' uses Java Regex
 package.
 

 It is the same value. allows is created from allow, by splitting
 the value at commas and converting each one into a regex.

  There is setAllow(..), but there is no setAllows(...) setter method.


 http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/container/catalina/src/share/org/apache/catalina/valves/RequestFilterValve.java?view=markup


 143  public void setAllow(String allow) {
 145 this.allow = allow;
 146 allows = precalculate(allow);
 148 }

 218  protected Pattern[] precalculate(String list) {
 (...)
 232  String pattern = list.substring(0, comma).trim();
 234  reList.add(Pattern.compile(pattern));


 Best regards,
 Konstantin Kolinko

 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org




tomcat access logs

2010-07-17 Thread Johan Martinez
Hi,

How do we configure access logs for tomcat so that we get details similar to
apache-httpd server? e.g. I would like to view (HTTP) request type , IP
address etc. in my logs. Any suggestions or resources on how to configure
it?

Thanks,
jM.


Re: tomcat access logs

2010-07-17 Thread Johan Martinez
Thanks a lot...

--
jM.



On Sat, Jul 17, 2010 at 4:26 PM, Mark Thomas ma...@apache.org wrote:

 On 17/07/2010 22:24, Johan Martinez wrote:
  Hi,
 
  How do we configure access logs for tomcat so that we get details similar
 to
  apache-httpd server? e.g. I would like to view (HTTP) request type , IP
  address etc. in my logs. Any suggestions or resources on how to configure
  it?

 http://tomcat.apache.org/tomcat-7.0-doc/config/valve.html#Access_Log_Valve

 Mark



 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org




IP based request filters for admin/manager

2010-07-17 Thread Johan Martinez
I was wondering how to configure Request Filters to allow access to admin,
manager, status-report, etc... I followed tomcat doc:
http://tomcat.apache.org/tomcat-5.5-doc/config/context.html#Request_Filters
and I was able to restrict access by specifying webapp names, e.g.:
[[[
Context path=/manager 
Valve
className=org.apache.catalina.valves.RemoteAddrValve
allow=127.0.0.1 deny=/
/Context
]]]

How can I deny access to default welcome/index page, changelog,
release-notes etc.?

I know just restricting access to default welcome/index page does not
restrict access to manager or admin links on that page. Still, I would like
to restrict access to welcome/index page in addition to admin/manager
webapps. I have tried / and /ROOT and it didn't work.

Any help or suggestions?

Thanks,
jM.


Re: IP based request filters for admin/manager

2010-07-17 Thread Johan Martinez
The first line should have been:
I was wondering how to configure Request Filters to s/allow/RESTRICT/ access
to admin, manager, status-report, etc.. :)

jM.


On Sat, Jul 17, 2010 at 11:19 PM, Johan Martinez jmart...@gmail.com wrote:

 I was wondering how to configure Request Filters to allow access to admin,
 manager, status-report, etc... I followed tomcat doc:
 http://tomcat.apache.org/tomcat-5.5-doc/config/context.html#Request_Filters
 and I was able to restrict access by specifying webapp names, e.g.:
 [[[
 Context path=/manager 
 Valve
 className=org.apache.catalina.valves.RemoteAddrValve
 allow=127.0.0.1 deny=/
 /Context
 ]]]

 How can I deny access to default welcome/index page, changelog,
 release-notes etc.?

 I know just restricting access to default welcome/index page does not
 restrict access to manager or admin links on that page. Still, I would like
 to restrict access to welcome/index page in addition to admin/manager
 webapps. I have tried / and /ROOT and it didn't work.

 Any help or suggestions?

 Thanks,
 jM.







Re: IP based request filters for admin/manager

2010-07-17 Thread Johan Martinez
Thanks for the reply Chuck.

I don't want to replace the default ROOT webapp, in other words, I don't
want my specific webapp to be ROOT app. But I would like to restrict/hide
information normally exposed by the default ROOT webapp. I am thinking about
renaming ROOT directory to some other-random-name and restrict access to
other-random-name using IP filtering. Any suggestions or comments?

Also, an unrelated question to IP filtering, but related manager webapp.  I
removed 'manager' from webapps directory. Now I am not able to access
http://hostname/manager , but http://hostname/manager/html works. I am not
following how second link is working?  Am I missing anything?

Thanks,
jM.


On Sat, Jul 17, 2010 at 11:30 PM, Caldarale, Charles R 
chuck.caldar...@unisys.com wrote:

  From: Johan Martinez [mailto:jmart...@gmail.com]
  Subject: IP based request filters for admin/manager
 
  How can I deny access to default welcome/index page,
  changelog, release-notes etc.?

 If you're deploying Tomcat in any kind of environment that requires
 securing access to various components, you would normally replace the
 default webapp (ROOT) with one of your own, thereby eliminating the
 changelog, release-notes, etc.

 If you want to restrict access to specific resources within a webapp, use
 the servlet-spec defined mechanisms to configure security for the webapp.
  (Some familiarity with the servlet spec is required before fooling around
 with a servlet container such as Tomcat.)

  - Chuck


 THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
 MATERIAL and is thus for use only by the intended recipient. If you received
 this in error, please contact the sender and delete the e-mail and its
 attachments from all computers.


 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org




log4j syslog appender - webapp and java package specific

2010-07-11 Thread Johan Martinez
Hi,

A message appropriate on log4j mailing list, but wanted to get some feedback
from tomcat users list as well.

I have log4j 1.2 configured for webapps running in tomcat 5.5.28 using
FilenameAppender. The logging is configured such that log4j writes to
different files based on webapp and package name, e.g.: webapp1-axis.log,
webapp1-hibernate.log etc..

I am not sure how to implement above configuration using Syslog appender. I
was wondering if I could use facilities and/or filters for this e.g. write
to different files based on webapp name and package name. I am planning to
have a separate server for syslog/syslog-ng. Where should I configure it -
syslog, log4j, or both?? Any thoughts on how to implement this? Things to
consider etc..?

Thanks,
jM.


securing tomcat before public internet access

2010-07-09 Thread Johan Martinez
Hi,

I need to allow public internet access to my tomcat server / web
application. Although it would be restricted to set of trusted IPs
initially, later it may need to be open for public access. Is there any
guide for securing tomcat setup or steps needed before allowing public
access. Right now the only change I have made is changing default
tomcat-users.xml file used for authentication. Any other suggestions or
comments?

System: CentOS 5.4, Sun JDK 1.5, Tomcat 5.5.28 running on 8080 port, also
accessible through port 80 using AJP.

Thanks you,
jM.


tomcat and log4j version - any dependency issues?

2010-06-01 Thread Johan Martinez
Hi,

I am using Tomcat 5.5.28 with JDK 1.5 (and 1.6 on different machine). Right
now I have log4j 1.2 version, but I would like use log4j 1.3+ now. Are there
any dependency/support issues that I should consider?

--
jM.


Re: tomcat and log4j version - any dependency issues?

2010-06-01 Thread Johan Martinez
Thanks for sharing this info.

I was considering 1.3 version for better management - purging log files
before certain date, log4j 1.3 provides max. backup index option with
DailyRollingFileAppender. I am also looking at logrotate and cronolog for
this, but not sure if I could use it in conjunction with
DailyRollingFileAppender. Any thoughts?

--
jM.

On Tue, Jun 1, 2010 at 5:01 PM, Rainer Jung rainer.j...@kippdata.de wrote:

 On 01.06.2010 23:07, Johan Martinez wrote:

 Hi,

 I am using Tomcat 5.5.28 with JDK 1.5 (and 1.6 on different machine).
 Right
 now I have log4j 1.2 version, but I would like use log4j 1.3+ now. Are
 there
 any dependency/support issues that I should consider?


 Citing from the Log4J homepage:

 ===

 Apache log4j has three development branches: a stable branch, 1.2; a
 discontinued branch, 1.3; and an experimental branch, 2.0.

 Apache log4j 1.2 releases are widely deployed. Development on the 1.2
 branch is generally limited to bug fixing and minor enhancements.

 Apache log4j 1.3 alpha releases are in limited use. Apache log4j 1.3 added
 many interesting features, but was compatibility with log4j 1.2 was
 problematic. Many features original developed for log4j 1.3 have been
 back-ported as companions for log4j 1.2. No further development is
 anticipated for log4j 1.3.

 Apache log4j 2.0 is an experimental development branch for logging services
 designed for Java 5 and later.

 ===

 So I think you should reconsider switching to 1.3. It's a dead end street.
 They recently released 1.2.16.

 Regards,

 Rainer



 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org




Re: Heap size for two container sharing single JVM

2010-05-31 Thread Johan Martinez
Thanks Chuck.

These two tomcat containers are running under two different user accounts. I
was exploring few things and found jps and jinfo commands, which showed two
different processes for each container. Now that output makes more sense to
me.

--
jM.


On Mon, May 24, 2010 at 2:03 PM, Caldarale, Charles R 
chuck.caldar...@unisys.com wrote:

  From: Johan Martinez [mailto:jmart...@gmail.com]
  Subject: Heap size for two container sharing single JVM
 
  it will share the same JDK instance.

 All that means is that the same JDK is used as the process templates for
 the each JVM instance.

  Do I need to setup java heap space separately for
  both containers?

 Yes, they are completely independent.  Make sure you have enough RAM to
 support the process space requirements for everything you're running on the
 system.

  For a single container I am adding heap space (Xmx)
  option to JAVA_OPTS in catalina.sh script.

 You should do that in setenv.sh, not catalina.sh; catalina.sh will call
 setenv.sh if it exists.

  Do I need to add this option to second container again
  or set it somewhere else?

 You need to create or modify the script in the second Tomcat instance.

  Since it is a JDK option and not tomcat option

 It's actually a running JVM option, not a JDK option.

  I am thinking it is a system-wide setting and not
  specific to each container.

 You are incorrect.

  - Chuck


 THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
 MATERIAL and is thus for use only by the intended recipient. If you received
 this in error, please contact the sender and delete the e-mail and its
 attachments from all computers.


 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org




Heap size for two container sharing single JVM

2010-05-24 Thread Johan Martinez
Hi,

I am using Tomcat 5.5.27 core package on CentOS 5.3. I need to add tomcat-6
on the same machine and it will share the same JDK instance.  Do I need to
setup java heap space separately for both containers?  For a single
container I am adding heap space (Xmx) option to JAVA_OPTS in catalina.sh
script. Do I need to add this option to second container again or set it
somewhere else? Since it is a JDK option and not tomcat option, I am
thinking it is a system-wide setting and not specific to each container. Am
I correct?

--
jM.


Re: newbie logging question: JULI or log4j or both?

2010-05-21 Thread Johan Martinez
Thanks for the reply Charles.

It's a CentOS 5.4 system with Sun JDK 1.5 and tomcat-5.5.28 version. Tomcat
was not installed using CentOS package manager, but it is a core binary
package downloaded from tomcat project site.

I downloaded a fresh copy of tomcat package and took a diff of it against
tomcat in-use. Attached below is a snippet of it. On further digging around
I found following configuration related to logs:
 * $CATALINA_HOME/common/classes/log4j.properties: contains a line which is
spitting out logs to tomcat.log So I guess I am using log4j for internal
logging and they are going to tomcat.log file.
 * $CATALINA_HOME/conf/logging.properties


I don't see any configuration that specifies catalina.out. But the reason I
see logs in catalina.out are because of following reasons:
 ** Tomcat startup/shutdown information that goes to Stdout and Stderr
 ** My lazy programming practice: Not using log4j or any other logging API.

Am I understanding it correctly? Any thoughts?

Thanks,
jM.


Tomcat diff:
pre
diff -r --exclude=logs --exclude=webextapps --exclude=temp
./apache-tomcat-5.5.28/bin/catalina.sh
/home/testWbs/extapps/apache-tomcat-5.5.28/bin/catalina.sh
166c166
   JAVA_OPTS=$JAVA_OPTS
-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager
---
   JAVA_OPTS=$JAVA_OPTS
-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -server
-Xms128m -Xmx512m -XX:PermSize=64m -XX:MaxPermSize=256m

Only in /home/testWbs/extapps/apache-tomcat-5.5.28/common/classes:
log4j.properties
Only in /home/testWbs/extapps/apache-tomcat-5.5.28/common/lib:
commons-logging-1.1.jar
Only in /home/testWbs/extapps/apache-tomcat-5.5.28/common/lib:
log4j-1.2.14.jar

diff -r --exclude=logs --exclude=webextapps --exclude=temp
./apache-tomcat-5.5.28/conf/logging.properties
/home/testWbs/extapps/apache-tomcat-5.5.28/conf/logging.properties
45c45,46
 java.util.logging.ConsoleHandler.level = FINE
---
 #java.util.logging.ConsoleHandler.level = FINE
 java.util.logging.ConsoleHandler.level = DEBUG

/pre


On Thu, May 20, 2010 at 10:54 PM, Caldarale, Charles R 
chuck.caldar...@unisys.com wrote:

  From: Johan Martinez [mailto:jmart...@gmail.com]
  Subject: newbie logging question: JULI or log4j or both?
 
  I am a developer and new to tomcat administration.

 Tomcat version?  JVM version?  Platform?

 (Always provide the basics when making inquiries.)

  How do I find out if I am using JULI or log4j for logging?

 Tomcat logging and webapp logging are independent; you may well be using
 both, perhaps JULI for Tomcat and log4j for one or more webapps.  Where are
 the configuration files located?

  Also, I see logs in catalina.out and tomcat.log.

 Standard, supported versions of Tomcat do not normally produce any file
 named tomcat.log; if you've got one, someone has fiddled with the default
 logging configuration, or you're running a 3rd-party repackaged version of
 Tomcat.

 The catalina.out file is usually just a redirection of stdout and stderr,
 and normally only appears on Linux/UNIX systems.  If webapps are writing to
 it, then the authors of the webapp were too lazy to utilize a proper logging
 mechanism.

  I would like to customise it with DailyRollingFile, but I don't
  see it mentioned anywhere.

 Look in the startup script you're using to get Tomcat running.

 You might want to read through the FAQ entries on logging:
 http://wiki.apache.org/tomcat/FAQ/Logging

  - Chuck


 THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
 MATERIAL and is thus for use only by the intended recipient. If you received
 this in error, please contact the sender and delete the e-mail and its
 attachments from all computers.


 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org




Re: newbie logging question: JULI or log4j or both?

2010-05-21 Thread Johan Martinez
Thanks for following up Charles.

I have one more question about catalina.* logs.

I made some changes in my webapps config (snippet below) and I got logs in
catalina.out as well as in a file specified by FileAppender. The problem
seems to be because of my wrong config where I used CONSOLE appender as well
FILE appender; and hence I got logs in catalina.out as well as specified
file. As you explained Stdout goes to catalina.out, so this was expected.
But I see some inconsistency in the $CATALINA_HOME/logs directory. I see
catalina.out as well as catalina.date-stamp.log . But the
catalina.date-stamp.log file is not in sync with catalina.out, e.g. Sum
of( catalina.date-stamp.log ) != catalina.out file . For certain days I
see logs in catalina.out but there is no catalina.date-stamp.log file for
that day. I don't think those files got deleted, so I am wondering what is
wrong with the configuration? Any help on what to look for catalina.* log
configuration?  Am I missing something over here?

--
jM.


Following were config changes to add log4j:

* Edited $CATALINA_HOME/webapps/WReports/web.xml

context-param
  param-namelog4jConfigLocation/param-name
  param-value/WEB-INF/classes/log4j.xml/param-value
/context-param

listener

listener-classorg.springframework.web.util.Log4jConfigListener/listener-class
/listener


* Edited $CATALINA_HOME/webapps/WReports/WEB-INF/classes/log4j.xml which
contains appender and logger config.
Omitted unnecessary(?) part:

root

priority value=debug /
appender-ref ref=CONSOLE /
appender-ref ref=hibernateLog /
/root




-- Forwarded message --
From: Caldarale, Charles R chuck.caldar...@unisys.com
Date: Fri, May 21, 2010 at 5:32 PM
Subject: RE: newbie logging question: JULI or log4j or both?
To: Tomcat Users List users@tomcat.apache.org


 From: Johan Martinez [mailto:jmart...@gmail.com]
 Subject: Re: newbie logging question: JULI or log4j or both?

 Tomcat was not installed using CentOS package manager, but it
 is a core binary package downloaded from tomcat project site.

Good; that means we don't have to guess what any repackager fiddled with.

  * $CATALINA_HOME/common/classes/log4j.properties:
 contains a line which is spitting out logs to tomcat.log
 So I guess I am using log4j for internal logging and they
 are going to tomcat.log file.

Sounds like it.  Looks like someone has modified the Tomcat installation in
accordance with these instructions:
http://tomcat.apache.org/tomcat-5.5-doc/logging.html#log4j

 I don't see any configuration that specifies catalina.out.

There won't be - that's specified only in the startup script as a redirect
from stdout.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you received
this in error, please contact the sender and delete the e-mail and its
attachments from all computers.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org


newbie logging question: JULI or log4j or both?

2010-05-20 Thread Johan Martinez
Hi,

I am a developer and new to tomcat administration. I had to look into admin
side for some urgent need. Following are my basic questions.

I am not sure how is container is configured. How do I find out if I am
using JULI or log4j for logging? I see configuration files for both of them.
Does one configuration override the other one?

Also, I see logs in catalina.out and tomcat.log. I think tomcat.log is for
internal tomcat logs and catalina.out is for webapps/stdout. I am not sure
from where is tomcat picking up catalina.out. I would like to customise it
with DailyRollingFile, but I don't see it mentioned anywhere. Is this
something configured by default?

Any help appreciated.

Thanks,
jM.