Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I have read that as a good security practice it is good to enable usage logs to identify source of attacks etc.
This can happen using AccessLogValve.
My question is if anyone has experience in using this and if it has any affect on performance in production
environments.
Thanks
Yes, there are performance indications.
How much of an impact it has depends on the volumetrics your site supports. If you have thousands of requests per minute, then it’s probably not a great idea.
Some issues with earlier versions have been discussed on Tomcat mailing lists
Tomcat also introduced a FastCommonAccessLogValve in 5.5 but it seems to be deprecated from 6 onwards.
What you can do instead is to Filter the request patterns or IP addresses which you wish to log (if such a use case is possible) and then only log those. This is not using the inbuilt Valve but a custom Filter. Try whatever works for you