Access logging Formatting

Gaven Ray August 15, 2024

We run Jira and Confluence in Docker containers and our security team would like us to better document user access in the access logs. 

Currently it is pulling the defaults from Atlassian. The format Cyber would like is the following:

^[[nspaces:clientip]]\s++[[nspaces:ident]]\s++[[nspaces:user]]\s++[[sbstring:req_time]]\s++[[access-request]]\s++[[nspaces:status]]\s++[[nspaces:bytes]](?:\s++"(?<referer>[[bc_domain:referer_]]?+[^"]*+)"(?:\s++[[qstring:useragent]](?:\s++[[qstring:cookie]])?+)?+)?[[all:other]]

Trying the following in Confluence's server.xml:

%a %l %{X-AUSERNAME}o %I %h %r %s %Dms %b %{Referer}i %{User-Agent}i

and the following in Jira's server.xml:

"%a %{jira.request.id}r %{jira.request.username}r %t "%m %U%q %H" %s %b %D "%{Referer}i" "%{User-Agent}i" "%{jira.request.assession.id}r""

It is pulling the format we would like more or less. The issue I am getting currently it is pulling the IP of the apache proxy server not the IP of the user which is what we want.

Is there a setting either for Docker or the server.xml files that will pull the user ip address?

I am using settings from 

https://confluence.atlassian.com/conf719/configure-access-logs-1157467716.html and 

https://tomcat.apache.org/tomcat-9.0-doc/config/valve.html#Access_Log_Valve

0 answers

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
SERVER
TAGS
AUG Leaders

Atlassian Community Events