Configure access logs
Access logs record every request made to your site which can be useful for auditing purposes and when troubleshooting a problem with an integration, app, or feature
View access logs
The log file is located in <install-directory>/logs/conf_access_log<date>.log
.
Here's an example of the log output:
[18/Dec/2020:12:57:26 +1100] testuser http-nio-8090-exec-6 0:0:0:0:0:0:0:1 GET /index.action HTTP/1.1 200 1020ms 7881 http://localhost:8090/login.action?os_destination=%2Findex.action&permissionViolation=true Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
[18/Dec/2020:12:57:26 +1100] testuser http-nio-8090-exec-1 0:0:0:0:0:0:0:1 GET /images/icons/profilepics/default.svg HTTP/1.1 200 46ms 1206 http://localhost:8090/index.action Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
[18/Dec/2020:13:02:20 +1100] testuser http-nio-8090-exec-5 0:0:0:0:0:0:0:1 GET /rest/quickreload/latest/2129924?since=1608256850024&_=1608256758069 HTTP/1.1 200 12ms 152 http://localhost:8090/pages/viewpage.action?pageId=2129924 Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
Access log pattern
The Confluence access log uses the Apace Tomcat access log valve. The information recorded about each request is configurable.
The default pattern is:
%t %{X-AUSERNAME}o %I %h %r %s %Dms %b %{Referer}i %{User-Agent}i
This will log the date and time, username, remote logical username, remote host name (or IP), the first line of the request, the HTTP status code of the response, time taken to process the request (in milliseconds), bytes sent (excluding headers), the referer, and user agent.
See Access Log valve attributes in the Tomcat 9 documentation for more information on each of the attributes.
Change the log retention
The access log is configured to keep logs for a maximum of 30 days. You can choose to increase or decrease this limit, but be aware you'll need to allow enough disk space to accomodate the log files.
To change how long access logs are kept:
- Stop Confluence.
- Edit the
<install-directory>/conf/server.xml
file. Locate the access log valve, and change the value of
maxDays
.<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" maxDays="30" pattern="%t %{X-AUSERNAME}o %I %h %r %s %Dms %b %{Referer}i %{User-Agent}i" prefix="conf_access_log" requestAttributesEnabled="true" rotatable="true" suffix=".log" />
- Save the file, and restart Confluence.
If you're running Confluence in a cluster, you will need to repeat this process on each node. You don't need to stop the whole cluster, you can update each node in turn.
Disable access logging
To disable access logging:
- Stop Confluence.
- Edit the
<install-directory>/conf/server.xml
file. Remove the entire access log valve, shown here.
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" maxDays="30" pattern="%t %{X-AUSERNAME}o %I %h %r %s %Dms %b %{Referer}i %{User-Agent}i" prefix="conf_access_log" requestAttributesEnabled="true" rotatable="true" suffix=".log" />
Save the file, and restart Confluence.
If you're running Confluence in a cluster, you will need to repeat this process on each node. You don't need to stop the whole cluster, you can update each node in turn.
Other access log options
For a lightweight alternative access log solution, you can also choose to enable access logging in the application logs. See How to Enable User Access Logging to find out how to do this.
This option is best suited to smaller sites, as the additional log entries may cause the application log to fill up and rotate too quickly.