Audit Confluence Using the Tomcat Valve Component

お困りですか?

アトラシアン コミュニティをご利用ください。

コミュニティに質問

Apart from the user access logging built in Confluence to audit accesses, an admin can use Tomcat's Valve Component to do similar things.

Below are the steps on how to do this in a Confluence instance:

  1. Edit <confluence install>/conf/server.xml.
  2. Add the following line within the <Context > ... </Context>tags declaration:

    <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" prefix="conf_access_log" suffix=".log" pattern="%t %{X-AUSERNAME}o %{User-Agent}i %h %m %r %b %s %D %I" />
    

    This will log the time, username, client used, IP Address, Request method, First line of the request (method and request URI), Bytes sent, excluding HTTP headers, or '-' if zero, HTTP status code of the response, time taken to process the request (in milliseconds), and the name of the thread. The log file will be saved in <confluence install>/logs/conf_access_log.log.

Below is the sample output:

[20/May/2015:17:47:19 -0500] testuser Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.152 Safari/537.36 0:0:0:0:0:0:0:1 GET GET /display/TEST/testpage HTTP/1.1 16850 200 http-bio-5571-exec-3
[20/May/2015:17:47:19 -0500] testuser Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.152 Safari/537.36 0:0:0:0:0:0:0:1 GET GET /s/188df80e4ed7ee22ffa8bcd9871aca1a-CDN/en_GB/5781/06be774e49836f55365352484cdb0bdbe01e119b.3/6bc73cd272bc5536d6bd52e7bafb139a/_/download/contextbatch/css/page,viewcontent,atl.general,plugin.quick.comment.pre,main,atl.confluence.plugins.pagetree-desktop/batch.css?highlightactions=true&user-logged-in=true&locale=en-GB&isAdmin=true&flavour=VANILLA&quick-reload-inline-comments=true HTTP/1.1 268937 200 http-bio-5571-exec-3
[20/May/2015:17:47:20 -0500] testuser Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.152 Safari/537.36 0:0:0:0:0:0:0:1 GET GET /rest/helptips/1.0/tips HTTP/1.1 44 200 http-bio-5571-exec-3
[20/May/2015:17:47:20 -0500] testuser Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.152 Safari/537.36 0:0:0:0:0:0:0:1 GET GET /rest/likes/1.0/content/1572885/comment-likes?_=1432162040131 HTTP/1.1 44 200 http-bio-5571-exec-2

If all the IP addresses are from your reverse proxy or load balancer, you will need to add this extra Valve to your server.xml configuration. This requires that the IP address is sent through via the x-forwarded headers. Amazon's Elastic Load Balancer does this by default. This

<Valve className="org.apache.catalina.valves.RemoteIpValve" remoteIpHeader="x-forwarded-for" protocolHeader="x-forwarded-proto" />

Additionally, to configure AccessLogValve to accept the substituted IP from RemoteIpValve the requestAttributesEnabled attribute also should be enabled (true) as shown below:

<Valve className="org.apache.catalina.valves.AccessLogValve"
    requestAttributesEnabled="true"
    ... EXISTING_ATTRIBUTES .../>

For further documentation on the requestAttributesEnabled attribute please see Apache Tomcat 9 Configuration Reference (9.0.22) - The Valve.


For more information, please see the "Access Log Valve Attributes" section of the Tomcat Documentation

関連トピック

Apache Tomcat Valve Component
How to Enable User Access Logging
W3.org's Header Field Definitions

最終更新日 2019 年 8 月 1 日

この内容はお役に立ちましたか?

はい
いいえ
この記事についてのフィードバックを送信する
Powered by Confluence and Scroll Viewport.