Last9 Last9

Feb 18th, ‘25 / 9 min read

Tomcat Logs: Locations, Types, Configuration, and Best Practices

Learn about Tomcat logs: their locations, types, configuration, and best practices to optimize performance and troubleshoot efficiently.

Tomcat Logs: Locations, Types, Configuration, and Best Practices

What Are Tomcat Logs?

Apache Tomcat logs are essential for monitoring, debugging, and maintaining Java applications running on Tomcat.

These logs capture critical information such as server startup details, request handling, and application errors.

They help developers and system administrators troubleshoot issues, analyze traffic, and ensure application stability.

Tomcat generates multiple logs, each serving a distinct purpose:

  • Tracking application activity
  • Monitoring HTTP requests
  • Debugging server errors
  • Logging security events
💡
For a deeper dive into log management, check out our guide on understanding syslog formats to enhance your Tomcat logging setup. Read more here.

Types of Log Files in Apache Tomcat

Apache Tomcat maintains several log files to track different aspects of server operations. Each log file serves a specific purpose, helping developers and administrators monitor, debug, and optimize applications.

Below is a detailed breakdown of the key log files:

1. catalina.out (Primary Log File)

  • Purpose: This is the main Tomcat log file, capturing all standard output and errors from Tomcat processes.
  • Content Includes:
    • Server startup and shutdown messages.
    • Java exceptions and errors are thrown by the application.
    • Debugging and informational messages from the application code.
  • Use Case:
    • When an application crashes or throws an error, developers check catalina.out first to locate error messages and stack traces.
    • System administrators use it to diagnose performance issues or failures in the Tomcat server itself.

2. catalina.log (Tomcat Startup & Shutdown Logs)

  • Purpose: Logs events related to Tomcat’s initialization and shutdown sequences.
  • Content Includes:
    • Server startup processes, including binding ports and loading configuration files.
    • Graceful and forced shutdown logs.
    • Configuration errors or issues preventing Tomcat from starting.
  • Use Case:
    • Helps diagnose startup failures, such as port conflicts or missing libraries.
    • Useful for tracking when and why the server was stopped or restarted.

3. manager.log (Tomcat Manager Application Logs)

  • Purpose: Records events related to the Tomcat Manager web application (/manager).
  • Content Includes:
    • Deployment and undeployment of applications through the Manager UI.
    • Error messages when deploying, updating, or stopping applications.
    • Authentication and access logs for users interacting with the Manager.
  • Use Case:
    • Developers use it to debug deployment failures.
    • Administrators monitor unauthorized access attempts to the Manager web interface.

4. localhost_access_log.*.txt (HTTP Access Logs)

  • Purpose: Tracks all incoming HTTP requests made to the server.
  • Content Includes:
    • Client IP address, HTTP request method (GET, POST, etc.), requested URL, and response status code.
    • User agents and response times.
    • Detailed logging of API requests and responses.
  • Use Case:
    • Security teams analyze access logs to detect suspicious activities (e.g., brute force attacks, and SQL injections).
    • Developers use it to monitor API request patterns and optimize performance.
    • Helps in tracking traffic sources and identifying slow-performing endpoints.

Additional Log Files

Depending on the configuration, Tomcat may generate additional logs:

  • host-manager.log – Logs actions related to managing virtual hosts.
  • gc.log – Records Java Garbage Collection events for JVM performance analysis.
  • stderr.log / stdout.log – Captures system errors and console outputs.

Each of these logs plays a crucial role in ensuring a smooth-running Tomcat server by providing visibility into different components.

💡
To ensure your Tomcat logs are properly managed, explore our best practices for log retention. Read more here.

Access Logs vs. Application Logs

Apache Tomcat generates different types of logs, each serving a distinct purpose. The two most commonly used log types are access logs and application logs. Understanding their differences is crucial for effective monitoring and troubleshooting.

Access Logs (localhost_access_log.*.txt)

  • Purpose: Tracks all HTTP requests received by the Tomcat server.
  • Content Includes:
    • Timestamp of the request.
    • Client IP address.
    • HTTP method (GET, POST, etc.).
    • Requested URL.
    • Response status code (200, 404, 500, etc.).
    • Response time and data size.
  • Use Case:
    • Security Monitoring – Helps detect suspicious activity like brute force attacks or unauthorized access attempts.
    • Performance Analysis – Tracks slow endpoints and helps optimize API performance.
    • Traffic Insights – Useful for analyzing request patterns and user behavior.

Example Log Entry:

192.168.1.1 - - [18/Feb/2025:12:45:30 +0000] "GET /index.html HTTP/1.1" 200 1024

This means:

  • The request came from IP 192.168.1.1.
  • The request was made at 12:45:30 (UTC) on February 18, 2025.
  • The HTTP method was GET, requesting /index.html.
  • The response status was 200 (OK) with a response size of 1024 bytes.

Application Logs (catalina.out, catalina.log)

  • Purpose: Records server-side events, including errors, exceptions, and debugging messages.
  • Content Includes:
    • Server startup and shutdown messages.
    • Java exceptions and stack traces.
    • Deployment and configuration logs.
    • System-level warnings and debug information.
  • Use Case:
    • Troubleshooting Errors – Helps identify Java exceptions, application failures, and misconfigurations.
    • Debugging – Developers use application logs to trace issues within the server runtime.
    • Monitoring Server Health – Detects issues like memory leaks or crashes.

Example Log Entry:

18-Feb-2025 12:46:00 SEVERE [main] org.apache.catalina.core.StandardContext.listenerStart Error configuring application listener java.lang.NullPointerException at com.example.MyServlet.init(MyServlet.java:25)

This means:

  • A SEVERE error occurred at 12:46 PM (UTC) on February 18, 2025.
  • The error is related to the application listener configuration.

The issue is a NullPointerException in MyServlet.java at line 25.

A Quick Comparison Between Access Logs and Application Logs

FeatureAccess Logs (localhost_access_log.*.txt)Application Logs (catalina.out, catalina.log)
PurposeTracks HTTP requestsCaptures server events & errors
ContentClient IP, HTTP method, URL, response statusExceptions, stack traces, server startup/shutdown info
FocusUser activity & API requestsSystem health & application debugging
Use CaseSecurity analysis, traffic monitoring, performance tuningTroubleshooting, debugging, identifying errors
FormatOne-line per request (structured)Multi-line logs with stack traces (unstructured)

Both log types are essential for maintaining a stable Tomcat environment:

  • Access logs help with traffic monitoring, security analysis, and performance optimization.
  • Application logs assist in debugging, troubleshooting, and ensuring system stability.
💡
To better understand how log levels impact your Tomcat logs, check out our answers to the most common questions about log levels. Read more here.

Where Can I Find Tomcat Log Files?

Apache Tomcat stores its log files in predefined locations based on the operating system and configuration settings. Knowing where these logs are stored is essential for troubleshooting, monitoring, and debugging.

Default Log File Locations

Operating SystemDefault Log Directory
Linux/macOS$CATALINA_HOME/logs/ or $CATALINA_BASE/logs/
WindowsC:\tomcat\logs\ or %CATALINA_HOME%\logs\

Understanding CATALINA_HOME and CATALINA_BASE

Tomcat’s log storage is influenced by two key environment variables:

CATALINA_HOME

  • Points to the main Tomcat installation directory.
  • Contains default configuration (conf directory) and binaries.
  • Logs may be written to $CATALINA_HOME/logs/ if no separate instance directory is used.

CATALINA_BASE

  • Defines the instance-specific directory when running multiple Tomcat instances.
  • Logs are stored in $CATALINA_BASE/logs/, keeping logs separate for different instances.
  • If multiple instances of Tomcat are running, logs will typically be found under $CATALINA_BASE/logs/ rather than $CATALINA_HOME/logs/.

Default Storage Location for Access Logs

Access logs (localhost_access_log.*.txt) are typically stored in:

$CATALINA_BASE/logs/

This location can be configured within the server.xml file under the AccessLogValve component:

<Valve className="org.apache.catalina.valves.AccessLogValve" 
       directory="logs" 
       prefix="localhost_access_log." 
       suffix=".txt" 
       pattern="%h %l %u %t \"%r\" %s %b" />

Key Configurations

  • directory="logs" → Ensures logs are saved in $CATALINA_BASE/logs/.
  • prefix="localhost_access_log." → Defines the log file naming convention.
  • pattern="%h %l %u %t \"%r\" %s %b" → Specifies the log format, including client IP, request, and response code.

What Are Tomcat Access Logs?

Access logs record details of every HTTP request that reaches the Tomcat server. These logs help identify user behavior, request trends, and potential security threats.

Each log entry follows a standard format, such as:

127.0.0.1 - - [18/Feb/2025:10:30:00 +0000] "GET /index.html HTTP/1.1" 200 1024

Breaking Down an Access Log Entry

FieldDescription
127.0.0.1Client IP address (request source)
- -Reserved for identity and authentication (unused)
[18/Feb/2025:10:30:00 +0000]Timestamp of the request
"GET /index.html HTTP/1.1"HTTP method, requested resource, and protocol
200HTTP response status code (e.g., 200 = OK, 404 = Not Found)
1024Response size in bytes

Access logs are stored in $CATALINA_BASE/logs/ by default, unless specified otherwise in the Tomcat configuration.

💡
For real-time insights into your Tomcat logs, learn how to monitor error logs as they happen. Read more here.

How Can You Customize Log Storage and Format in Tomcat?

Tomcat provides several options for controlling where logs are stored, how they are named, and the level of detail they capture. By modifying server.xml and logging.properties, you can customize log storage, formatting, and verbosity to fit your needs.

Configuring Access Logs in server.xml

Tomcat’s AccessLogValve component allows customization of access logs, including storage location, naming conventions, and log format. You can modify these settings in the server.xml configuration file.

Example Configuration for Access Logs:

<Valve className="org.apache.catalina.valves.AccessLogValve"
       directory="logs"
       prefix="localhost_access_log"
       suffix=".txt"
       pattern="%h %l %u %t \"%r\" %s %b" />

What Each Setting Does

  • directory="logs" → Defines where log files are stored.
  • prefix="localhost_access_log" → Sets the prefix for log file names.
  • suffix=".txt" → Specifies the file extension.
  • pattern="%h %l %u %t \"%r\" %s %b" → Controls the log entry format.

This configuration ensures that access logs are saved as plain text in the specified log directory with a structured format.

Managing and Analyzing Tomcat Logs

Common File Names and Formats

Tomcat’s log files follow a predictable naming structure:

Log File NamePurpose
catalina.<date>.logGeneral server events and errors
localhost.<date>.logLogs for the webapps hosted on Tomcat
manager.<date>.logEvents related to the Tomcat Manager app
localhost_access_log.*.txtHTTP request logs (access logs)

Analyzing Tomcat Logs Using Command-Line Tools

You can filter and analyze logs efficiently using standard Linux utilities:

  • Find errors in catalina.out:
grep 'ERROR' catalina.out | less
  • Extract HTTP status codes from access logs:
awk '{print $9}' localhost_access_log.* | sort | uniq -c
  • Track frequent client IPs:
awk '{print $1}' localhost_access_log.* | sort | uniq -c | sort -nr | head

For Windows, use PowerShell:

Select-String -Path logs\catalina.out -Pattern "ERROR"
💡
To enhance your Tomcat log analysis, dive into the basics of log parsing and how it can streamline troubleshooting. Read more here.

How to Customize Tomcat Logging Configuration

Tomcat uses java.util.logging (JULI) for logging, with settings managed in:

$CATALINA_BASE/conf/logging.properties

To customize log behavior, modify the logging.properties file. For example, to change the default log file size limit:

java.util.logging.FileHandler.limit = 5000000 
java.util.logging.FileHandler.count = 5

Key Configurations

  • Sets a 5MB limit per log file.
  • Maintains a maximum of 5 log files in rotation.

3 Best Advanced Logging Techniques You Should Know

1. Replacing Java Util Logging with Log4j

By default, Tomcat uses java.util.logging (JULI), but Log4j provides better filtering, structured logging, and external log management.

Steps to switch to Log4j:

  1. Remove or rename conf/logging.properties.
  2. Add Log4j JAR files to $CATALINA_HOME/lib/.
  3. Create log4j.properties inside $CATALINA_BASE/conf/.
  4. Restart Tomcat to apply changes.

Example log4j.properties file:

log4j.rootLogger=INFO, file, stdout
log4j.appender.stdout=org.apache.log4j.ConsoleAppender
log4j.appender.file=org.apache.log4j.FileAppender
log4j.appender.file.File=logs/tomcat.log

2. Log Rotation to Prevent Large Log Files

On Linux, use logrotate to manage Tomcat logs automatically:

  1. Create a logrotate config file:
sudo nano /etc/logrotate.d/tomcat
  1. Add rotation rules:
/opt/tomcat/logs/*.log {
    daily
    rotate 7
    compress
    missingok
    notifempty
}
  1. Save and exit (CTRL + X, then Y).
  2. Test with:
logrotate -d /etc/logrotate.d/tomcat

For Windows:

  • Use PowerShell scripts or configure log rotation in logging.properties.
💡
To better understand the syslog levels and how they relate to your Tomcat logs, check out our guide. Read more here.

3. Implementing Log Monitoring and Alerts

To track anomalies and detect issues in real-time, integrate Tomcat logs with open-source log monitoring tools such as:

Example Last9 LogStream Config for Tomcat Logs

Last9 provides real-time monitoring, alerting, and anomaly detection using structured log ingestion.

sources:
  - name: tomcat-logs
    type: file
    config:
      path: "/opt/tomcat/logs/catalina.out"
      read_from: beginning

transforms:
  - name: parse_logs
    type: grok
    config:
      pattern: "%{TIMESTAMP_ISO8601:timestamp} %{LOGLEVEL:level} %{GREEDYDATA:msg}"

sinks:
  - name: last9-ingestion
    type: http
    config:
      url: "https://api.last9.io/logs"
      headers:
        Authorization: "Bearer YOUR_API_KEY"

This configuration:

  • Reads Tomcat logs from catalina.out.
  • Parses logs to extract timestamps, log levels, and messages.
  • Sends structured logs to Last9 for real-time monitoring and alerting.

Using juli for Logging

Tomcat's built-in logging system, JULI (Java Util Logging Implementation), allows fine-grained logging configuration.

  • It is an extension of java.util.logging and is used for both servlet applications and core application server processes.
  • If a more advanced logging framework is needed, Log4j or SLF4J can be integrated into Tomcat’s logging configuration.

How to Adjust Logging Levels and Handlers in logging.properties

The logging.properties file lets you configure log levels, file rotation, and handlers to better manage log output.

Example Configuration for Logging Levels and File Handling:

java.util.logging.ConsoleHandler.level = INFO
java.util.logging.FileHandler.pattern = logs/tomcat.%u.%g.log
java.util.logging.FileHandler.limit = 10000000

Breaking Down the Configuration

  • ConsoleHandler.level = INFO → Controls log verbosity (INFO, WARNING, SEVERE).
  • FileHandler.pattern = logs/tomcat.%u.%g.log → Defines how log files are named.
  • FileHandler.limit = 10000000 → Sets a file size limit to prevent excessive growth.

Best Practices for Managing Tomcat Logs

  • Store logs in $CATALINA_BASE/logs/ for multiple instances.
  • Use structured log formats (JSON) for better parsing.
  • Rotate logs to prevent excessive file growth.
  • Monitor logs using open-source tools like ELK Stack or managed solutions like Last9.
  • Integrate Log4j or external loggers for more advanced log message handling.
  • Ensure logs capture key metrics without excessive verbosity.

Conclusion

Managing Tomcat logs effectively makes troubleshooting easier, improves performance, and strengthens security.

Knowing where logs are stored, customizing configurations, and using monitoring tools like ELK Stack or Last9 can save time and effort. Simple steps like log rotation, structured formatting, and integrating Log4j can go a long way in keeping logs manageable and useful.

💡
And if you ever need more insights or have specific use cases to discuss, our Discord community is always open. Join our dedicated channel to connect with other developers and dive deeper into Tomcat logging and best practices.

Contents


Newsletter

Stay updated on the latest from Last9.

Authors
Anjali Udasi

Anjali Udasi

Helping to make the tech a little less intimidating. I love breaking down complex concepts into easy-to-understand terms.

Topics