# Tomcat Access 로깅 설정

{% hint style="info" %}
Tomcat Access 로그를 PLURA 로깅에 연동하는 방법
{% endhint %}

### 1. Tomcat `server.xml` 파일 수정 <a href="#id-1" id="id-1"></a>

* Tomcat의 `server.xml` 파일에서 PLURA 로그 형식을 적용하도록 로깅 설정을 수정합니다.

```
 # Change for PLURA log format

 <Valve className=”org.apache.catalina.valves.AccessLogValve” directory=”/var/log/plura”
 rotatable=”false”
 renameOnRotate=”false”
 prefix=”weblog” suffix=”.log”
 pattern=”{“Remote-addr”: “%a”, “X-forwarded-for”: “%{X-Forwarded-For}i”, “Request-date”: “%{dd/MM/yyyy:HH:mm:ss.SSS}t +0900”, “Method”: “%m”, “Request”: “%r”, “Host”: “%A”, “Uri”: “%U”, “Cookie”: “%{Cookie}i”, “Referer”: “%{Referer}i”, “User-Agent”: “%{User-Agent}i”, “Status”: “%s”, “Resp-Content-Length”: “%b”}” />
```

* `pattern` 내의 모든 쌍따옴표(`"`)는 `&quot;`로 변경해야 합니다.

<figure><img src="https://qubitsec.github.io/docs/images/Additianal/apache/1.png" alt=""><figcaption></figcaption></figure>

▶ Git source

> <https://github.com/QubitSecurity/ModPlura/tree/main/tomcat>

### 2. Tomcat `logging.properties` 파일 수정 <a href="#id-2" id="id-2"></a>

* Tomcat의 `logging.properties` 파일에서 다음과 같이 로깅 설정을 추가합니다.

```
 2localhost.org.apache.juli.AsyncFileHandler.directory = /var/log/plura
 2localhost.org.apache.juli.AsyncFileHandler.prefix = weblog.
 2localhost.org.apache.juli.FileHandler.suffix = log
```

### 3. Tomcat 재시작 <a href="#id-3" id="id-3"></a>

```bash
systemctl restart tomcat8
```

### 4. Tomcat을 PLURA 웹 시스템으로 인식시키기 <a href="#id-4" id="id-4"></a>

```bash
echo “ModPlura-tomcat” > /etc/modplura
```

```bash
echo “0.0.1” >> /etc/modplura
```

```bash
touch /etc/.modplura
```

### 5. Tomcat Access 로그 파일에 권한 부여 <a href="#id-5" id="id-5"></a>

```bash
touch /var/log/plura/weblog.log
```

```bash
chmod -R 766 /var/log/plura/weblog.log
```

```bash
chcon -t syslog_log_t /var/log/plura/weblog.log
```

### 내부 블로그 <a href="#id-6" id="id-6"></a>

> <https://docs.plura.io/ko/faq/siem/syslog/catalina.out>

### 참고 사이트 <a href="#id-7" id="id-7"></a>

> <https://tomcat.apache.org/tomcat-9.0-doc/config/valve.html>
>
> <https://m.blog.naver.com/solinsystem/221796167356>
>
> <https://gyrfalcon.tistory.com/entry/Apache-Tomcat-access-log-%EC%84%A4%EC%A0%95>
>
> <https://gyrfalcon.tistory.com/entry/Apache-Tomcat-access-log-%EC%84%A4%EC%A0%95>
>
> <https://stackoverflow.com/questions/39896222/how-to-include-time-format-with-millisecond-precision-in-apache-access-log>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.plura.io/ko/faq/siem/logging/tomcat-access.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.