Configure logging settings | Deploying Apereo CAS

The Log4J configuration file included with the Maven WAR overlay template will attempt to write the CAS server log files (not the Tomcat log files) to the root of the CAS web application directory. However, since part of our Tomcat hardening procedure includes removing write permission to this directory for the tomcat user, this will not work (and it’s not a very good place for them anyway). So, just as we moved Tomcat’s log files to /var/log/tomcat, we will move the CAS server’s log files to /var/log/cas.

Edit the file etc/cas/config/log4j2.xml in the cas-overlay-template directory on the master build server (casdev-master) and find the line that defines the cas.log.dir property (around line 9) and change its value to /var/log/cas, like this:

<Property name="cas.log.dir" >/var/log/cas</Property>

Then create the /var/log/cas directory and set the ownership and permissions appropriately:

casdev-master# mkdir /var/log/cas
casdev-master# chown tomcat.tomcat /var/log/cas
casdev-master# chmod 750 /var/log/cas

Don’t forget to run the three commands above on the individual CAS servers as well.

Adjust the log file rotation strategy (optional)

By default, the CAS log files will be rotated whenever their size reaches 10MB. On a busy server, this can result in numerous log files being created in a single day, making it more difficult to find particular events in the logs. To switch to a time-based rotation strategy in which the log files are rotated once a day, edit the etc/cas/config/log4j2.xml file again, and make the following changes:

In the RollingFile configuration for cas.log (around line 17), change the variable part of the filePattern attribute from %d{yyyy-MM-dd-HH}-%i.log to %d{yyyy-MM-dd}.log (remove the hour and sequence number from the pattern).
Remove (or comment out) the OnStartupTriggeringPolicy element (around line 21).
Remove (or comment out) the SizeBasedTriggeringPolicy element (around line 22).
Add the attributes interval="1" modulate="true" to the TimeBasedTriggeringPolicy element (around line 23).

The end result should look like this:

<RollingFile name="file" fileName="${sys:cas.log.dir}/cas.log" append="true"
             filePattern="${sys:cas.log.dir}/cas-%d{yyyy-MM-dd}.log">
    <PatternLayout pattern="%d %p [%c] - &lt;%m&gt;%n"/>
    <Policies>
        <TimeBasedTriggeringPolicy interval="1" modulate="true"/>
    </Policies>
</RollingFile>

Repeat the above changes for cas_audit.log (starting around line 26) and perfStats.log (starting around line 36).

Warning: The configuration above assumes that there will be one, and only one, log file for each day. If a file with today’s name already exists when Tomcat decides to rotate, the existing file will be overwritten.

If you decide to keep the OnStartupTriggeringPolicy (which rotates the file whenever Tomcat starts) or the SizeBasedTriggeringPolicy (which rotates the file when it reaches a specified size (10MB by default)), or add some other policy, you should make sure the filePattern you use generates unique names if called more than once a day (e.g., by keeping the %i sequence number) or you will lose log data.

References

CAS 5: Logging