JBoss logging


We run a webapp on JBoss AS and i am looking into a way of logging all users who logon to our webserver. At the moment the logs only show failed attempts but i would like to view all attempts so we can monitor if users have issues.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Your going to have to go into a lot more detail... what security/login method are you using?
first try to put org.jboss.security to DEBUG level in jboss-log4j.xml file.
then check which class printouts  a user names and define debug level only for this class.
damiancoughlanAuthor Commented:
we are using j_security_check if that helps J4M3S_UK.
i have tried setting the level to debug in log4j.xml but cannot see if output in the log ramazanych.
any ideas?
Become a Certified Penetration Testing Engineer

This CPTE Certified Penetration Testing Engineer course covers everything you need to know about becoming a Certified Penetration Testing Engineer. Career Path: Professional roles include Ethical Hackers, Security Consultants, System Administrators, and Chief Security Officers.

This page describes how to setup the desired log4j debug level... :) http://www.jboss.org/developers/guides/logging
damiancoughlanAuthor Commented:
J4M3S_UK i have tried setting up logging on this but cannot get it working. Do you know of a more detailed guide as i am new to jboss?
I've just had a look through our configuration... you need to be modifying jboss-x.x.x\server\default\conf\log4j.xml

Add the following entry...

<category name="org.jboss.security">
    <priority value="DEBUG"/>

That will get you debugging output from JAAS.

If you need more logging you will need to extend the class that is doing the authentication. Take a look at conf\login-config.xml. You need to see which class is being used for authentication, extend it to add the debug output, then reference it in that xml file.

Attach your log4j.xml and login-config.xml files here if you are still having trouble...

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Java App Servers

From novice to tech pro — start learning today.