Hi Christopher, Thanks for your fast answer.
I'm quite new with Tomcat and HTTP. But as you said, Geoserver is taking care of the authentication itself. So this is the problem and we are not able to log the username in the access logs. I think we have to focus then on the Geoserver own logging. With best regards Ville Jussila -----Alkuperäinen viesti----- Lähettäjä: Christopher Schultz [mailto:ch...@christopherschultz.net] Lähetetty: 2. lokakuuta 2017 17:31 Vastaanottaja: users@tomcat.apache.org Aihe: Re: Tomcat accesslogs / Geoserver -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Jussila, On 10/2/17 9:18 AM, Jussila Ville wrote: > We are running Geoserver 2.11.1 with Java 1.8.0_131 on Tomcat 8.0.44. > > I have tried before Geoserver's own mailing list without any help, so > now I try this one. Geoserver is a map engine to publish raster and > vector data in the Internet. More information can be found here > http://geoserver.org/ > > We are not able to record the username in the Tomcat Accesslog. > Geoserver has it's monitor plugin and Auditlogs, which we have > installed and logs are running nicely with recorded username. In the > Tomcat's accesslog they don't show up no matter what I try. We prefer > more using Tomcat's access logs, as we are not satisfied Geoservers > format. > > Here are parameters for the AccessLogValve in Tomcat > 8.0\conf\server.xml file > > <Valve className="org.apache.catalina.valves.AccessLogValve" > directory="D:\Data\GeoServer\Tomcat_logs" > prefix="localhost_access_log" suffix=".txt" pattern="%a > %{X-Forwarded-FOR}i %u %t "%r" %s %b" /> > > I have tried to replace "%u" parameter with different kinds of > syntaxes example "%{username}s", "%{userName}s", "%{remoteUser}s", > "%{remoteuser}s", but none of them had solved the problem. Not even > replacing "s" with "i". With {Authorization}i, I was able to record > that Geoserver is using Basic authentication as it is set in UI. > > Can you help me? Is it possible that Geoserver is using its own built-in HTTP Basic authentication instead of having Tomcat handle authentication? If so, Tomcat knows nothing about the user, etc. and can't log anything about them in the access log. - -chris -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlnSTY4ACgkQHPApP6U8 pFjXDQ/+LWYJutG9VsGs6mBN1kVem2J70hiavDRAN//pkrloH6q/U5wlYEXBrmTf vacFeMtOmjOeu8rOmh94Pg1GTH+kMS1qEu9/IlAebToH6HZzJ7ZPo8Zguo7H7nPv xVPk/urPwfeGlH5WZX+PWj52OI5pHq8NTDhMrNi0CftQIaCDSH43Di+CpfTlBa/Z HBMFXTjCFdYpZ1oN1zvGOYkwiQsK8HUEOZ41Dfc/YR4/oiSotLNE4Td6dsDOMrj1 /VpLOlpTEn8UrdpbddvZKb8axd4kyVdMQ7wGRsHSxiV54p1h9LZPC9T+OwCdmHsF 5TR31xfrYbIwTabRCnnekGeA3cXDsoRTK5xcdIuWw5aJVgvbQJFWslb4Vnmx0CYJ lkwQS5SXWBLlWH3LsJxXxfQ60WJ/kv9UZ3maN4EMvL8CerwaWLXq1tUIo9lIMDFt xPjuz+ZLvgKi+CFQvK+Y8y3K/laVGBIwRawqYl+5NMCFtvwbmC3mW0kDs6srEQvi ZRloXpE9J/SHwcQIeR1kadkmIq5fQsBM1JeEugdH4ZyJdBO307lUZvPnld+/7xPp Q9Fuw7dBRsjXr2okN4t7yFP7Oxw9yXOoTFS+zutX6bc7BQ0tmThacbCz9YdDetTS t9ZHPrlDu8sRDqQR+CAr6Tu+oMDQBS1I7CTx8FIqboahsnruW3g= =+oGU -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
