Question: How do I do Request Logging in Tomcat?

How do I do Request Logging in Tomcat version 3.x?

The answer is that you can't with the installation of Tomcat that you downloaded from the Jakarta web site. I've written a RequestLogger that allows you to log your web-based requests in any text based format that you want to a file.

This is currently the first version and was done in a little less than a day, so it might be a little rough, but it works on our servers here. To install it:

Download the JAR file and save it in your %TOMCAT_HOME%/lib directory

Modify your server.xml file. You will need to add a section like:

   <RequestInterceptor 
        className="com.thwt.tomcat.RequestLogger" 
        logMask  = "Logging Mask" 
        fileName = "File Name" 
        logTime  = "Log Time"
    />

Logging Mask The Logging Mask is the formatting of each request that is to be placed in the log file. This is a piece of text that includes variables that are replaced with their values at run time (the variable list is below). Variables are indicates at ${VariableName}. Everything outside of ${...} is put into the log file exactly as it is in the sever.xml file. Some variables take arguments to help you refine the data that is displayed. The format for using an argument is ${VariableName:ArgumentName}. Variable names are case insensitive, however the arguments might not be, depending upon how they are used. If the value of a variable is undefined, then no characters are inserted into the log file for that variable.

The variables are basically all the fields that Tomcat makes available to the RequestInterceptors and are listed in the table below. The value column is what I believe the meaning to be and might not be 100% correct.

Variable Name	Takes Arguments?	Description
request.timeformatted	Yes	The date and time the request was made. The argument is the format string to pass to java.text.SimpleDateFormat
request.authtype	No	Authorization type (i.e. Basic, Form)
request.characterencoding	No	The character encoding of the request.
request.contentlength	No	The length of the content in the request. (I believe that this is only valid for POST requests)
request.contenttype	No	The MIME type for the content.
request.cookie	Yes	The value of the cookie specified by the argument.
request.cookiecount	No	Number of cookies the user sent as part of the request.
request.header	Yes	The value of the header field specified by the argument.
request.localhost	No	Name of the server (the default machine name, might not be the name the user used to get here)
request.method	No	The requested processing method (i.e. GET, POST, HEAD)
request.parameter	Yes	The value of a particular parameter
request.pathinfo	No	The PathInfo after the servlet's name.
request.pathtranslated	No	Unsure
request.protocol	No	The protocol used to make the request (i.e. HTTP, HTTPS)
request.querystring	No	The text after the ? in the request
request.remoteaddr	No	The remote IP addres
request.remotehost	No	The remote host name. This will cause a DNS lookup, which could take a second or two, so use with caution.
request.remoteuser	No	The user at the remote machine. Only defined if they have previously logged in using either Basic or Form login
request.requestedsessionid	No	The session ID that the user thinks they are part of. Could be blank if they aren't part of a session yet or could be invalid if their session has expired.
request.uri	No	The request the user made
request.servername	No	The name the user used to get here (i.e. www.whereever.com)
request.serverport	No	Port used to make the request
request.servletpath	No	I believe that this is the full path to the servlet.
response.characterencoding	No	The response's character encoding
response.contentlength	No	Number of bytes in the response
response.contenttype	No	The MIME type of the response.
response.cookie	Yes	The value of the indicated cookie being set on the user's machine
response.sessionid	No	The session ID that is being set - this will only be valid when the session is created, not for any other responses.
response.status	No	The status code of the response (i.e. 200, 404, 500)

File Name The file name is the name of the log file. You can use either an absolute or a relative path. Relative pathes are relative to the %TOMCAT_HOME% path.
Log Time The indicates when Tomcat should log the request - before or after processing. The possible values are "before" or "after" (case insensitive). If you use before, then your request will be logged to the log file before the JSP, Servlet, or other resource has been processed. This means that all of the response variables will evaluate to either null, or their default values (i.e. Status will always be 200). If you use after, then your request will be logged after the request has been processed. In this case you will have all of the response variables available to you. The downside to the after method of logging is that when the web browser prematurly closes the connection prevents RequestLogger from seeing the request after its been processed. Its a fairly well-konwn problem with IE that it closes the connection prematurly when it has a cached copy of the resouce locally. This means that if you use the after method of logging you won't see every request in the log, just those that were completely processed.

Restart Tomcat. You must restart Tomcat for any changes to the sever.xml file to be reloaded, and adding or reconfiguring RequestInterceptors is no different.

Example Formats

IIS: This is pretty close to the IIS format. The only difference is that IIS puts a "-" character into the field when a value isn't set.

${Request.TimeFormatted:hh:mm:ss} ${Request.RemoteAddr} ${Request.RemoteUser} ${Request.URI} ${Request.QueryString} ${Response.Status} ${Response.ContentLength} ${Request.Header:User-Agent} ${Request.Header:Cookie} ${Request.Header:Referer}

Here are a list of things that I have left to do:

Move the file I/O into its own thread to speed up execution
Implement log rotation

The RequestLogger is distributed under the Apache Software License, version 1.1. This basically means that you can do whatever you want with the code, but I'm not responsible for whatever it might do to your server, data, sanity, or anything else. The source code is also available

Dec 27, 2001 - I have updated RequestLogger based upon input from a few people. I have cleared up two threading issues that could have produced jibberish in the log file if the requests were timed just right. Also a problem with using Request Cookies was fixed. No other improvements were made.