How to enable access log in JWS for OpenShift

Solution Verified - Updated 14 Jun 2024

Environment

Red Hat JBoss Web Server (JWS)
- 3.1
- 5
OpenShift Container Platform
- 3.11
- 4.x

Issue

How do I enable access log in JWS for OpenShift?
How do I customize access log format in JWS for OpenShift?

Resolution

Note:

To enable the JWS tomcat Access Log in OpenShift when JWS installed using Operator? Refer https://access.redhat.com/solutions/6973396

There are two ways to enable the access log in JWS for OpenShift.

Option1. Setting environement variable ENABLE_ACCESS_LOG=true to DeploymentConfig

The access log is enabled by setting the environment variable ENABLE_ACCESS_LOG=true with below command:

oc set env dc/<deployment-config-name> ENABLE_ACCESS_LOG=true

If ENABLE_ACCESS_LOG=true is set (default: false), the access log valve settings will be deployed to /opt/jws-5.3/tomcat/conf/server.xml in the JWS container when the container is started.

<Valve className="org.apache.catalina.valves.AccessLogValve" directory="/proc/self/fd"
           prefix="1" suffix="" rotatable="false" requestAttributesEnabled="true"
           pattern="%h %l %u %t %{X-Forwarded-Host}i &quot;%r&quot; %s %b" />

Option2. Copying customized server.xml from application source repository to container image by S2I build

If you want to customize the pattern attribute from Option1, you can use this option. In JWS for OpenShift image, if there is server.xml in
configuration/server.xml the source repository, server.xml is copied to /opt/jws-5.3/tomcat/conf/server.xml in the container by S2I build process. Using this mechanism, you can include a customized server.xml in your container.

First, extract the server.xml to be customized from the container by following commands:

# podman login registry.redhat.io
Username: {REGISTRY-SERVICE-ACCOUNT-USERNAME}
Password: {REGISTRY-SERVICE-ACCOUNT-PASSWORD}
Login Succeeded!

# podman pull registry.redhat.io/jboss-webserver-5/webserver53-openjdk11-tomcat9-openshift-rhel7
# podman run --name jws53-openjdk11 --rm -it registry.redhat.io/jboss-webserver-5/webserver53-openjdk11-tomcat9-openshift-rhel7 /bin/bash

// Open another console and run below
# podman cp jws53-openjdk11:/opt/jws-5.3/tomcat/conf/server.xml .

Add the access log valve setting to server.xml. The below example shows adding Cookie: %{COOKIE}i Set-Cookie: %{SET-COOKIE}o Thread: %I TimeTaken: %Tpattern to default which intends to log Session ID and request processing threads %I and processing time in second %T. These log patterns are useful for analyzing session and performance problems:

         <Valve className="org.apache.catalina.valves.RemoteIpValve" remoteIpHeader="X-Forwarded-For" protocolHeader="X-Forwarded-Proto"/>
 
-        <!-- ##ACCESS_LOG_VALVE## -->
+        <Valve className="org.apache.catalina.valves.AccessLogValve" directory="/proc/self/fd"
+           prefix="1" suffix="" rotatable="false" requestAttributesEnabled="true"
+           pattern="%h %l %u %t %{X-Forwarded-Host}i &quot;%r&quot; %s %b Cookie: %{COOKIE}i Set-Cookie: %{SET-COOKIE}o Thread: %I TimeTaken: %T" />
 
         <Valve className="org.apache.catalina.valves.ErrorReportValve" showReport="##TOMCAT_SHOW_REPORT##"
                showServerInfo="##TOMCAT_SHOW_SERVER_INFO##" />

Commit customized server.xml in the source code repository configuration/server.xml as below:

$ tree -L 3
.
├── configuration
│   └── server.xml   <<<=== customized server.xml
├── pom.xml
└── src
    ├── main
    │   ├── java
    │   ├── resources
    │   └── webapp
    └── test
        ├── java
        └── resources

Deploy your application with a JWS for OpenShift template to perform an S2I build:

$ oc new-app --template jws53-openjdk11-tomcat9-basic-s2i  -p APPLICATION_NAME=<app-name> -p SOURCE_REPOSITORY_URL=<git-url> -p SOURCE_REPOSITORY_REF=<git-branch-name>

The access log is output to stdout, which can be viewed with the oc logs <pod-name> command:

$ oc logs <pod-name>
...
0:0:0:0:0:0:0:1 - 5Neu2pDv [18/Aug/2020:09:35:41 +0000] - "GET /manager/jmxproxy/?get=Catalina%3Atype%3DServer&att=stateName HTTP/1.1" 200 64 Cookie: - Set-Cookie: - Thread: http-nio-8080-exec-3 TimeTaken: 0.002    <<<=== requested by readinessProbe
10.128.0.1 - - [18/Aug/2020:09:35:45 +0000] - "GET /test/test HTTP/1.1" 200 4 Cookie: - Set-Cookie: - Thread: http-nio-8080-exec-8 TimeTaken: 0.007

SBR

Product(s)

Red Hat JBoss Web Server

Components

Category

Configure

Tags

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.