I'm trying to make our Tomcat 9 server log its internal log in /var/log
instead of ${catalina.base}/logs
.
I tried to change the destinations in logging.properties, but the logs directory in ${catalina.base}
is actually a symbolic link, so changing the destination to /var/log
should do the trick. None of both ideas worked.
Also, I'm wondering if it could be caused by catalina.policy
, but that would mean Tomcat being launched with the -secure
option. My Tomcat is started as service using systemd. I have no idea how I could check if -secure is used or not.
The Tomcat's logging.properties
is actually used. When I check the process with ps
, I get -Djava.util.logging.config.file=/opt/rh/jws5/root/usr/share/tomcat/conf/logging.properties
, which is the right file, the one I tried to modify.
I'm using Tomcat 9 with Java 8 on RHEL 8.
Edit: I also tried to add ReadWritePaths=/var/log/tomcat
or ReadWritePaths=/var/log
in the service file. Still no change.
Edit2: Some details on the current configuration. My CATALINA_BASE is /opt/rh/jws5/root/usr/share/tomcat. It contains the following:
drwxr-xr-x 2 root root 134 Dec 7 16:18 bin
lrwxrwxrwx 1 root root 28 Nov 15 17:45 conf -> /etc/opt/rh/scls/jws5/tomcat
lrwxrwxrwx 1 root root 39 Nov 15 17:45 lib -> /opt/rh/jws5/root/usr/share/java/tomcat
lrwxrwxrwx 1 root root 15 Jan 31 17:42 logs -> /var/log/tomcat
lrwxrwxrwx 1 root root 39 Nov 15 17:45 temp -> /var/opt/rh/scls/jws5/cache/tomcat/temp
lrwxrwxrwx 1 root root 40 Nov 15 17:45 webapps -> /var/opt/rh/scls/jws5/lib/tomcat/webapps
lrwxrwxrwx 1 root root 39 Nov 15 17:45 work -> /var/opt/rh/scls/jws5/cache/tomcat/work
logs previously pointed to /var/opt/rh/scls/jws5/log/tomcat. With the current configuration, Tomcat is not logging in /var/opt/rh/scls/jws5/log/tomcat anymore. But it doesn't log in /var/log either.
Here the snippet of my logging.properties file with the various paths:
1catalina.org.apache.juli.AsyncFileHandler.level = FINE
1catalina.org.apache.juli.AsyncFileHandler.directory = ${catalina.base}/logs
1catalina.org.apache.juli.AsyncFileHandler.prefix = catalina.
1catalina.org.apache.juli.AsyncFileHandler.maxDays = 90
1catalina.org.apache.juli.AsyncFileHandler.encoding = UTF-8
2localhost.org.apache.juli.AsyncFileHandler.level = FINE
2localhost.org.apache.juli.AsyncFileHandler.directory = ${catalina.base}/logs
2localhost.org.apache.juli.AsyncFileHandler.prefix = localhost.
2localhost.org.apache.juli.AsyncFileHandler.maxDays = 90
2localhost.org.apache.juli.AsyncFileHandler.encoding = UTF-8
3manager.org.apache.juli.AsyncFileHandler.level = FINE
3manager.org.apache.juli.AsyncFileHandler.directory = ${catalina.base}/logs
3manager.org.apache.juli.AsyncFileHandler.prefix = manager.
3manager.org.apache.juli.AsyncFileHandler.maxDays = 90
3manager.org.apache.juli.AsyncFileHandler.encoding = UTF-8
4host-manager.org.apache.juli.AsyncFileHandler.level = FINE
4host-manager.org.apache.juli.AsyncFileHandler.directory = ${catalina.base}/logs
4host-manager.org.apache.juli.AsyncFileHandler.prefix = host-manager.
4host-manager.org.apache.juli.AsyncFileHandler.maxDays = 90
4host-manager.org.apache.juli.AsyncFileHandler.encoding = UTF-8
Edit3: I tried to replace those ${catalina.base}/logs
in the logging.properties
by /var/log/tomcat
, still to no avail.
What finally solved the issue consists in 2 points:
My Tomcat process doesn't belong to root, so the /var/log/tomcat directory need read/write rights for everybody.
The following lines need to be added to the
grant codeBase "file:${catalina.home}/bin/tomcat-juli.jar" {
section of thecatalina.policy
file: