Enable access logging int Confluence 7.11 and later

From Confluence 7.11 access logging is enabled by default. 

The log file is saved in <confluence install>/logs/conf_access_log<date>.log.

Enable access logging in Confluence 7.10 and earlier

In addition to the access logging built into Confluence's audit log, you can also configure Tomcat's Valve Component to log access.

Below are the steps on how to do this in a Confluence instance:

1. <confluence install>/conf/server.xml を編集します。

2. Add the following line within the <Context > ... </Context>tags declaration:

   <Valve className="org.apache.catalina.valves.AccessLogValve" 
          directory="logs" 
          maxDays="30" 
          pattern="%t %{X-Forwarded-For}i %{X-AUSERNAME}o %I %h %r %s %Dms %b %{Referer}i %{User-Agent}i" prefix="conf_access_log" 
          requestAttributesEnabled="true" 
          rotatable="true" 
          suffix=".log" 
   />

   This will log the date and time (%t), the username (%{X-AUSERNAME}o), reverse proxy or load balancer IP (%h) with the client IP (%{X-Forwarded-For}i), request, and type (%s %r), the HTTP status code of the response, time taken to process the request (in milliseconds), bytes sent (excluding headers - %b), the referer (%{Referer}i), and user agent (%{User-Agent}i).  
   
   See Access Log valve attributes in the Tomcat 9 documentation for more information on additional attributes. 

You can access the log file at <confluence install>/logs/conf_access_log.<date>.log.

Here is an example of the log output:

[18/Dec/2020:12:57:26 +1100] 192.168.1.15 testuser http-nio-8090-exec-6 0:0:0:0:0:0:0:1 GET /index.action HTTP/1.1 200 1020ms 7881 http://localhost:8090/login.action?os_destination=%2Findex.action&permissionViolation=true Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36

To configure AccessLogValve to accept the substituted IP from RemoteIpValve the requestAttributesEnabled attribute also should be enabled (true) as shown below:

<Valve className="org.apache.catalina.valves.AccessLogValve"
       requestAttributesEnabled="true"
       ... EXISTING_ATTRIBUTES ...
/>

See Access Log valve attributes in the Tomcat 9 documentation for more information on the requestAttributesEnabled attribute.

Earlier access log pattern

If you configured the access log valve prior to Confluence 7.11, your log syntax may be different from the suggested pattern above. 

Here is our previous recommendation. 

<Valve className="org.apache.catalina.valves.AccessLogValve" 
       directory="logs" prefix="conf_access_log" 
       suffix=".log" 
       pattern="%t %{X-AUSERNAME}o %{User-Agent}i %h %m %r %b %s %D %I" 
/>

See Access Log valve attributes in the Tomcat 9 documentation for more information on each of the attributes.