HTTP Access Logging¶
HTTP access logs help you monitor your application's usage with
information such as the persons who access it, how many hits
it received, what the errors are, etc. This information is useful for
troubleshooting errors. WSO2 Identity Server can enable access logs for the
HTTP servlet transport. This servlet transport works on 9443
/9763
ports,
and it recieves admin/operation requests. Therefore, access logs for the
servlet transport is useful for analysing operational/admin-level access
details.
Configuring access logs for the HTTP servlet transport¶
In the Identity Server 5.9.0 only the access log pattern is configurable.
-
Open the
<IS_HOME>/repository/conf/deployment.toml
file. -
Add the following configuration.
[http_access_log] pattern = "%h %l %u %t %r %s %b %{Referer}i %{User-Agent}i %T"
The attributes that are used by default are explained below. See the descriptions of the Tomcat-supported Access Log Valve attributes.
directory The path to the directory that will store the access log file. By default, this is location is set to ${carbon.home}/repository/logs
in all WSO2 products.prefix The prefix added to the log file's name. suffix The suffix added to the log file's name. By default, this is .log for all WSO2 products. pattern The attribute defines the format for the log pattern, which consists of the information fields from the requests and responses that should be logged. The pattern format is created using the following attributes:
A standard value to represent a particular string. For example, "%h" represents the remote host name in the request. See the list of string replacement values supported by the Tomcat valve .
- %{xxx}i is used to represent the header in the incoming request (xxx=header value).
- %{xxx}o is used to represents the header in the outgoing request (xxx=header value).
While you can use the above attributes to define a custom pattern, the standard patterns shown below can be used.
common ( Apache common log pattern ):
combined ( Apache combined log pattern ):
-
Restart the server. According to the configurations, a log file named
http_access.{DATE}.log
is created by default inside the<IS_HOME>/repository/logs
directory. The log is rotated on a daily basis.
Customizing access logs by pattern¶
Given below are a few sample configurations for customizing the
pattern
attribute:
Example 1: Logging request headers
The configuration is as follows:
[http_access_log]
pattern = "%{Content-Type}i %{Accept}i %{Accept-Encoding}i"
This sample configuration logs the Content-type,
Accept and Accept-encoding headers of every request coming to the
server. For example, in the following example, we use the
RequestInfoExample
to send the HTTP request:
GET http://<IP>:<PORT>/example/servlets/servlet/RequestInfoExample?abc=xyz
The following log entry is recorded in the
http_access.{DATE}.log
file.
text/plain; charset=utf-8 */* gzip,deflate,sdch
Example 2: Logging response headers
The configuration is as follows:
[http_access_log]
pattern = "%{Content-Type}o %{Content-Length}o %{Date}o %{Server}o"
The a bove configuration sample logs the Content-type
, Content-Length
, Date,
and
Server
headers of every response coming from the
server as follows:
text/html;charset=ISO-8859-1 662 Tue, 09 Jul 2013 11:21:50 GMT WSO2 Carbon
Example 3: Logging other variable values
The configuration is as follows:
[http_access_log]
pattern = "%r %q %h"
The above sample configuration logs the first line of the request (method and request URI), query string (prepended with a '?' if it exists), and a remote hostname (or IP) of every request coming to the server as follows:
“GET http://<IP>:<PORT>//example/servlets/servlet/RequestInfoExample?abc=xyz HTTP/1.1” ?abc=xyz 10.100.0.67
Example 4: Logging URL encoded parameters
You cannot use the AccessLogValve
to log URL encoded
parameters. However, you can use the
ExtendedAccessLogValve
attribute for this purpose. In
this example only two values (namely, className
, and
pattern
) are modified from the previous
configuration. Hence this will be added as a new valve.
The configuration is as follows:
[catalina.valves.valve.properties]
className = "org.apache.catalina.valves.ExtendedAccessLogValve"
directory="${carbon.home}/repository/logs"
prefix="localhost_access_log_extended."
suffix=".log"
pattern="x-P(param1) x-P(param2)"
Send the POST request together with the URL encoded values such as
param1
= value1
and
param2
= value2
as follows:
POST http://<IP>:<PORT>/example/servlets/servlet/RequestInfoExample
The above sample configuration logs the following:
'value1' 'value2'
Top