|
Occasionally one wishes to get an overall picture of which users are accessing which pages in JIRA. Application servers are able to log the requested URL, but (it seems) they cannot determine the currently logged in user (probably because they run before the Seraph filter has a chance to set request.getRemoteUser()). Similar to Confluence, JIRA 3.3 and above has a built-in URL logging mechanism, which shows the user and URL invoked: 2005-07-15 18:10:19,276 INFO [JIRACOM:jira.web.filters.AccessLogFilter] AccessLogFilter initialized. Format is: <user> <url> <starting memory free (kb)> +- <difference in free mem (kb)> <query time (ms)> 2005-07-15 18:10:20,523 INFO [JIRACOM:jira.web.filters.AccessLogFilter] joe http://localhost:8090/jira/secure/admin/jira/ViewLogging.jspa 109687-110 35 2005-07-15 18:10:20,523 INFO [JIRACOM:jira.web.filters.AccessLogFilter] joe http://localhost:8090/jira/secure/admin/jira/ViewLogging.jspa 109687-110 35 2005-07-15 18:15:59,709 INFO [JIRACOM:jira.web.filters.AccessLogFilter] joe http://localhost:8090/jira/secure/IssueNavigator.jspa 115762-3000 2385 2005-07-15 18:15:59,709 INFO [JIRACOM:jira.web.filters.AccessLogFilter] joe http://localhost:8090/jira/secure/IssueNavigator.jspa 115762-3000 2385 2005-07-15 18:26:53,916 INFO [JIRACOM:jira.web.filters.AccessLogFilter] joe http://localhost:8090/jira/logout 108756 1 2005-07-15 18:26:53,916 INFO [JIRACOM:jira.web.filters.AccessLogFilter] joe http://localhost:8090/jira/logout 108756 1 2005-07-15 18:26:54,306 INFO [JIRACOM:jira.web.filters.AccessLogFilter] joe http://localhost:8090/jira/secure/Logout!default.jspa 116660-2809 279 2005-07-15 18:26:54,306 INFO [JIRACOM:jira.web.filters.AccessLogFilter] joe http://localhost:8090/jira/secure/Logout!default.jspa 116660-2809 279 2005-07-15 18:27:01,380 INFO [JIRACOM:jira.web.filters.AccessLogFilter] - http://localhost:8090/jira/default.jsp 116393-512 42 2005-07-15 18:27:01,380 INFO [JIRACOM:jira.web.filters.AccessLogFilter] - http://localhost:8090/jira/default.jsp 116393-512 42 2005-07-15 18:27:01,472 INFO [JIRACOM:jira.web.filters.AccessLogFilter] - http://localhost:8090/jira/secure/Dashboard.jspa 115881-809 87 2005-07-15 18:27:01,472 INFO [JIRACOM:jira.web.filters.AccessLogFilter] - http://localhost:8090/jira/secure/Dashboard.jspa 115881-809 87 Here you can see user 'joe' enable access logging, then log out, and view the dashboard anonymously. UsageURL logging is disabled in JIRA by default. To turn it on, go to Admin -> System -> Logging & Profiling, and change the log level for AccessLogFilter from WARN to INFO. To make this change permanent, you would need to edit the corresponding section in WEB-INF/classes/log4j.properties on disk, changing: log4j.category.com.atlassian.jira.web.filters.AccessLogFilter = WARN, console, filelog log4j.additivity.com.atlassian.jira.web.filters = false to: log4j.category.com.atlassian.jira.web.filters.AccessLogFilter = INFO, console, filelog log4j.additivity.com.atlassian.jira.web.filters = false and then restart JIRA. Tomcat access loggingTomcat (used in JIRA Standalone) can also produce access logs. These are enabled by default in JIRA Standalone, and result in logs/access_log.<date>.log files being generated. If you are not using JIRA Standalone, Tomcat access logging may be enabled in conf/server.xml, by adding the following line before </Context>: <Valve className="org.apache.catalina.valves.AccessLogValve" pattern="%h %l %u %t "%r" %s %b %T %S" resolveHosts="false" />
You will need to restart JIRA for the changes to take effect. The Apache Tomcat Access Log Valve documentation describes each of the above parameters. This will generate logs that include the IP address, like: 127.0.0.1 - - [19/Oct/2006:12:38:09 +0800] "GET / HTTP/1.1" 302 - 0.240 - 127.0.0.1 - - [19/Oct/2006:12:38:09 +0800] "GET / HTTP/1.1" 302 - 0.243 - 127.0.0.1 - - [19/Oct/2006:12:38:11 +0800] "GET /secure/Setup!default.jspa HTTP/1.1" 302 - 1.732 39F9C7F048F7F060A4B9883A7348082D 127.0.0.1 - - [19/Oct/2006:12:38:16 +0800] "GET /secure/Setup!input.jspa?title=Your+Company+JIRA&mode=public HTTP/1.1" 200 24678 4.885 39F9C7F048F7F060A4B9883A7348082D 127.0.0.1 - - [19/Oct/2006:12:38:24 +0800] "GET /styles/global.css HTTP/1.1" 200 548 0.213 39F9C7F048F7F060A4B9883A7348082D 127.0.0.1 - - [19/Oct/2006:12:38:26 +0800] "GET /secure/Setup!input.jspa?title=Your+Company+JIRA&mode=public HTTP/1.1" 200 24678 0.443 39F9C7F048F7F060A4B9883A7348082D 127.0.0.1 - - [19/Oct/2006:12:38:26 +0800] "GET /styles/global.css HTTP/1.1" 200 548 0.001 39F9C7F048F7F060A4B9883A7348082D 127.0.0.1 - - [19/Oct/2006:12:38:28 +0800] "GET /includes/js/combined-javascript.js HTTP/1.1" 200 65508 1.712 39F9C7F048F7F060A4B9883A7348082D 127.0.0.1 - - [19/Oct/2006:12:38:28 +0800] "GET /includes/js/combined-javascript.js HTTP/1.1" 200 65508 4.386 39F9C7F048F7F060A4B9883A7348082D Related pages
|
Comments (8)
Jun 23, 2005
Anonymous says:
I tried to implement this as the instructions indicate, but all I get printed in...I tried to implement this as the instructions indicate, but all I get printed in the logs is null for the URL. The username part is getting populated correctly. (Jira 3.2.1)
2005-06-24 14:52:39,362 INFO [jira.web.filters.AccessLogFilter] testUser null
Jul 14, 2005
Raimonds Simanovskis says:
I tried to use this access logging for Confluence 1.4 and have the same issue - ...I tried to use this access logging for Confluence 1.4 and have the same issue - username is populated but URL is null:
As I see from the source code
request.getAttribute(SecurityFilter.ORIGINAL_URL)
is returning null value.
Maybe Jeff could help us with this issue?
Jul 15, 2005
Jeff Turner says:
I have updated the filter to use a more sensible method of retrieving the URL. T...I have updated the filter to use a more sensible method of retrieving the URL. This filter will be included in JIRA 3.3 (disabled by default).
Jul 15, 2005
Raimonds Simanovskis says:
I tried the new version of AccessLogFilter. Now URL logging works OK but intstea...I tried the new version of AccessLogFilter.
Now URL logging works OK but intstead of usernames I always get "-".
Can you use old method for username and the new method for URL?
Jul 15, 2005
Raimonds Simanovskis says:
I made the following change in AccessLogFilter.java: // String user = request.g...I made the following change in AccessLogFilter.java:
// String user = request.getRemoteUser(); Principal user = ((SecurityConfig) config.getServletContext().getAttribute(SecurityConfig.STORAGE_KEY)).getAuthenticator().getUser((HttpServletRequest)request, (HttpServletResponse)response);and now access log contains both username and URL. (I am using it for Confluence 1.4)
Aug 10, 2005
Shannon Krebs says:
Jeff, can you give us an update as to whether this made it into Jira 3.3 or not,...Jeff, can you give us an update as to whether this made it into Jira 3.3 or not, and if so how its turned on.
Aug 11, 2005
Nick Menere says:
Shannon, Jeff is sick so I will try and answer it. This is now part of 3.3. You...Shannon,
Jeff is sick so I will try and answer it.
This is now part of 3.3. You can enable it by editing the file:
log4j.properties and changing the line:
log4j.category.com.atlassian.jira.web.filters.AccessLogFilter = WARN, console
to:
log4j.category.com.atlassian.jira.web.filters.AccessLogFilter = INFO, console
Aug 11, 2005
Shannon Krebs says:
Thanks Nick, looks like it works fine in jira 3.3. (I completely missed the usa...Thanks Nick, looks like it works fine in jira 3.3.
(I completely missed the usage instructions for the admin interface above >_< )