• Get application security done the right way! Detect, Protect, Monitor, Accelerate, and more…
  • Enable Access Logs in JBoss 7

    JBoss 7 is slightly different than earlier version JBoss 5 or 6.

    The procedure to enable access logs in JBoss 7 is also changed, and you must be familiar with how to enable access logs in JBoss 7.

    • Go to JBoss/standalone/configuration folder
    • Add the following in standalone.xml look for domain:web syntax and ensure to add before closing </virtual-server> tag
    <access-log pattern="%a %t %H %p %U %s %S %T" rotate="true">
    <directory path="." relative-to="jboss.server.log.dir"/>
    </access-log>

    Ex:

    <subsystem xmlns="urn:jboss:domain:web:1.1" default-virtual-server="default-host" native="false">             
    <connector name="http" protocol="HTTP/1.1" scheme="http" socket-binding="http"/> 
    <virtual-server name="default-host" enable-welcome-root="true"> 
    <alias name="localhost"/> 
    <alias name="example.com"/> 
    <access-log pattern="%a %t %H %p %U %s %S %T" rotate="true"> 
    <directory path="." relative-to="jboss.server.log.dir"/> 
    </access-log> 
    </virtual-server> 
    </subsystem>
    • Restart JBoss 7 server and verify the access logs under log folder.

    You may refer following for valve patterns to capture in the access log.

    %a– Remote IP address
    %A– Local IP address
    %b– Bytes sent, excluding HTTP headers, or ‘-‘ if zero
    %B– Bytes sent, excluding HTTP headers
    %h– Remote hostname (or IP address if resolveHostsis false)
    %H– Request protocol
    %l– Remote logical username from identd (always returns ‘-‘)
    %m– Request method (GET, POST, etc.)
    %p– Local port on which this request was received
    %q– Query string (prepended with a ‘?’ if it exists)
    %r– First line of the request (method and request URI)
    %s– HTTP status code of the response
    %S– User session ID
    %t– Date and time, in Common Log Format
    %u– Remote user that was authenticated (if any), else ‘-‘
    %U– Requested URL path
    %v– Local server name
    %D– Time is taken to process the request, in Millis
    %T– Time is taken to process the request, in seconds
    %I– current request thread name (can compare later with stack traces)

    I hope now you have an idea how to enable access logs in JBoss for analyzing. Learn more about JBoss here.