0

I am using WSO2 APIM 3.2.0 and WSO2 IS 5.11.0.

I have logs in directory ${sys:carbon.home}/repository/logs/

I could manage the log growth by removing the older files more than 30 days by adding the below configuration in ${sys:carbon.home}/repository/conf/log4j2.properties

appender.ERROR_LOGFILE.strategy.action.type = Delete
appender.ERROR_LOGFILE.strategy.action.basepath = 
${sys:carbon.home}/repository/logs/
appender.ERROR_LOGFILE.strategy.action.maxdepth = 1
appender.ERROR_LOGFILE.strategy.action.condition.type = IfLastModified
appender.ERROR_LOGFILE.strategy.action.condition.age = 30D
appender.ERROR_LOGFILE.strategy.action.PathConditions.type = IfFileName
appender.ERROR_LOGFILE.strategy.action.PathConditions.glob = wso2-apigw-errors-*

I can do the same for wso2carbon, audit logs but the log4j2.properties has no support for http_access logs.

In ${sys:carbon.home}/repository/conf/tomcat/catalina-server.xml, AccessLogValve has control for http_access logs.

I am not sure how to remove the older logs using this XML file. Can someone let me know how it can be done?

Community
  • 1
  • 1
nivedhav
  • 27
  • 5

2 Answers2

0

As you have correctly identified org.apache.catalina.valves.AccessLogValve is used to log http access logs.

If you want to delete the access log file older than 30 days, this option can be used https://stackoverflow.com/a/57826692/10055162.

Navigate to <IS-HOME>/repository/resources/conf/templates/repository/conf/carbon.xml.j2 and add property maxDays="30" to AccessLogValve as follows. Then restart the server.

<Valve className="org.apache.catalina.valves.AccessLogValve" directory="${carbon.home}/repository/logs"
                       prefix="http_access_" suffix=".log" pattern="{{http_access_log.pattern}}"  maxDays="30" />

Since these configs adding is not templated, you can't do the configuration via deployment.toml

More info about the property: https://tomcat.apache.org/tomcat-7.0-doc/config/valve.html

Anuradha Karunarathna
  • 2,717
  • 2
  • 9
  • 17
0

WSO2 Identity Server 5.11.0 has got the capability to configure the HTTP access logs from log4j.properties file itself. While this is not available in the documentation yet, you have to follow below instructions to configure this.

Add below lines to deployment.toml file

[http_access_log]
useLogger = true

This will enable the capability to control the access logs from log4j2.properties file. Follow below instructions to change the configurations in log4j2.properties file.

  1. Add HTTP_ACCESS to the existing "appenders"

    appenders = CARBON_CONSOLE, CARBON_LOGFILE, AUDIT_LOGFILE, ATOMIKOS_LOGFILE, CARBON_TRACE_LOGFILE, DELETE_EVENT_LOGFILE, TRANSACTION_LOGFILE, osgi, HTTP_ACCESS

  2. Add HTTP_ACCESS to existing "loggers"

    loggers = HTTP_ACCESS, AUDIT_LOG, trace-messages, org-apache-coyote, com-hazelcast, Owasp-CsrfGuard, org-apache-axis2-wsdl-codegen-writer-PrettyPrinter, org-apache-axis2-clustering, org-apache-catalina, org-apache-tomcat, org-wso2-carbon-apacheds, org-apache-directory-server-ldap, org-apache-directory-server-core-event, com-atomikos, org-quartz, org-apache-jackrabbit-webdav, org-apache-juddi, org-apache-commons-digester-Digester, org-apache-jasper-compiler-TldLocationsCache, org-apache-qpid, org-apache-qpid-server-Main, qpid-message, qpid-message-broker-listening, org-apache-tiles, org-apache-commons-httpclient, org-apache-solr, me-prettyprint-cassandra-hector-TimingLogger, org-apache-axis-enterprise, org-apache-directory-shared-ldap, org-apache-directory-server-ldap-handlers, org-apache-directory-shared-ldap-entry-DefaultServerAttribute, org-apache-directory-server-core-DefaultDirectoryService, org-apache-directory-shared-ldap-ldif-LdifReader, org-apache-directory-server-ldap-LdapProtocolHandler, org-apache-directory-server-core, org-apache-directory-server-ldap-LdapSession, DataNucleus, Datastore, Datastore-Schema, JPOX-Datastore, JPOX-Plugin, JPOX-MetaData, JPOX-Query, JPOX-General, JPOX-Enhancer, org-apache-hadoop-hive, hive, ExecMapper, ExecReducer, net-sf-ehcache, axis2Deployment, equinox, tomcat2, StAXDialectDetector, org-apache-directory-api, org-apache-directory-api-ldap-model-entry, TRANSACTION_LOGGER, DELETE_EVENT_LOGGER, org-springframework, org-opensaml-xml-security-credential-criteria, org-wso2-carbon-user-core, org-wso2-carbon-identity, org-wso2-carbon-identity-sso-saml

  3. Add configurations of newly added logger and appender (you can change the values as required).

    logger.HTTP_ACCESS.level = INFO
logger.HTTP_ACCESS.appenderRef.HTTP_ACCESS.ref = HTTP_ACCESS
logger.HTTP_ACCESS.additivity = false

# Appender for HTTP Access Log
appender.HTTP_ACCESS.type = RollingFile
appender.HTTP_ACCESS.name = HTTP_ACCESS
appender.HTTP_ACCESS.fileName =${sys:carbon.home}/repository/logs/http_access.log
appender.HTTP_ACCESS.filePattern =${sys:carbon.home}/repository/logs/http_access-%d{MM-dd-yyyy}.log
appender.HTTP_ACCESS.layout.type = PatternLayout
appender.HTTP_ACCESS.layout.pattern = [%X{Correlation-ID}] %mm%n
appender.HTTP_ACCESS.policies.type = Policies
appender.HTTP_ACCESS.policies.time.type = TimeBasedTriggeringPolicy
appender.HTTP_ACCESS.policies.time.interval = 1
appender.HTTP_ACCESS.policies.time.modulate = true
appender.HTTP_ACCESS.policies.size.type = SizeBasedTriggeringPolicy
appender.HTTP_ACCESS.policies.size.size=10MB
appender.HTTP_ACCESS.strategy.type = DefaultRolloverStrategy
appender.HTTP_ACCESS.strategy.max = 20
appender.HTTP_ACCESS.filter.threshold.type = ThresholdFilter
appender.HTTP_ACCESS.filter.threshold.level = INFO

You can refer to this documentation ticket created to add the feature to the documentation.

Maduranga Siriwardena
  • 1,341
  • 1
  • 13
  • 27