This page last changed on Aug 18, 2010 by rhartono.

Apart from using user access logging built in Confluence to audit accesses, an admin can use Tomcat's Valve Component to do similar things.

Below are the steps on how to do this in a Confluence Standalone instance:

  1. Edit <confluence install>/conf/server.xml.
  2. Add the following line within the <Context > ... </Context> tags declaration:
    <Context path="" docBase="../confluence" debug="0" reloadable="false">
    <!-- Logger is deprecated in Tomcat 5.5. Logging configuration for Confluence is specified in confluence/WEB-INF/classes/log4j.properties -->
    <Manager pathname="" />
    <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" prefix="localhost_access_log." suffix=".log" pattern="%t %{Authorization}i %{User-Agent}i %h %m %r %b %s" />
    </Context>

    This will log the time, user account and password in base 64 encoding, client used, IP Address, Request method, First line of the request (method and request URI), Bytes sent, excluding HTTP headers, or '-' if zero, and HTTP status code of the response. The log file will be saved in <confluence install>/logs/localhost_access_log.log.

Below is the sample output:

[28/Apr/2010:13:06:23 +1000] null Microsoft Data Access Internet Publishing Provider Protocol Discovery 127.0.0.1 OPTIONS OPTIONS /plugins/servlet/confluence/default HTTP/1.1 - 401
[28/Apr/2010:13:06:25 +1000] Basic YWRtaW46YWRtaW4= Microsoft Data Access Internet Publishing Provider Protocol Discovery 127.0.0.1 OPTIONS OPTIONS /plugins/servlet/confluence/default HTTP/1.1 - 200
[28/Apr/2010:13:06:25 +1000] Basic YWRtaW46YWRtaW4= Microsoft Data Access Internet Publishing Provider DAV 127.0.0.1 PROPFIND PROPFIND /plugins/servlet/confluence/default HTTP/1.1 2252 207
[28/Apr/2010:13:06:27 +1000] null Microsoft Data Access Internet Publishing Provider Protocol Discovery 127.0.0.1 OPTIONS OPTIONS / HTTP/1.1 - 200
RELATED TOPICS

Apache Tomcat Valve Component
How to audit Confluence - enabling user access logging
W3.org's Header Field Definitions

Document generated by Confluence on Mar 16, 2011 18:51