Information
The directory attribute tells Tomcat where to store logs. It is recommended that the location referenced by the directory attribute be secured.
Rationale:
Securing the log location will help ensure the integrity and confidentiality of web application activity.
Solution
Perform the following:
Add the following statement into the $CATALINA_HOME/webapps/<app name>/META-INF/context.xml file if it does not already exist.
<Valve className='org.apache.catalina.valves.AccessLogValve'
directory='$CATALINA_HOME/logs/'
prefix='access_log' fileDateFormat='yyyy-MM-dd.HH' suffix='.log' pattern='%t %H cookie:%{SESSIONID}c
request:%{SESSIONID}r %m %U %s %q %r'/>
Set the location pointed to by the directory attribute to be owned by tomcat_admin:tomcat with permissions of o-rwx.
# chown tomcat_admin:tomcat $CATALINA_HOME/logs
# chmod o-rwx $CATALINA_HOME/logs
Default Value:
Does not exist by default