What Are Tomcat Logs?
Apache Tomcat logs are essential for monitoring, debugging, and maintaining Java applications running on Tomcat.
These logs capture critical information such as server startup details, request handling, and application errors.
They help developers and system administrators troubleshoot issues, analyze traffic, and ensure application stability.
Tomcat generates multiple logs, each serving a distinct purpose:
- Tracking application activity
- Monitoring HTTP requests
- Debugging server errors
- Logging security events
Types of Log Files in Apache Tomcat
Apache Tomcat maintains several log files to track different aspects of server operations. Each log file serves a specific purpose, helping developers and administrators monitor, debug, and optimize applications.
Below is a detailed breakdown of the key log files:
1. catalina.out (Primary Log File)
- Purpose: This is the main Tomcat log file, capturing all standard output and errors from Tomcat processes.
- Content Includes:
- Server startup and shutdown messages.
- Java exceptions and errors are thrown by the application.
- Debugging and informational messages from the application code.
- Use Case:
- When an application crashes or throws an error, developers check
catalina.outfirst to locate error messages and stack traces. - System administrators use it to diagnose performance issues or failures in the Tomcat server itself.
- When an application crashes or throws an error, developers check
2. catalina.log (Tomcat Startup & Shutdown Logs)
- Purpose: Logs events related to Tomcat’s initialization and shutdown sequences.
- Content Includes:
- Server startup processes, including binding ports and loading configuration files.
- Graceful and forced shutdown logs.
- Configuration errors or issues preventing Tomcat from starting.
- Use Case:
- Helps diagnose startup failures, such as port conflicts or missing libraries.
- Useful for tracking when and why the server was stopped or restarted.
3. manager.log (Tomcat Manager Application Logs)
- Purpose: Records events related to the Tomcat Manager web application (
/manager). - Content Includes:
- Deployment and undeployment of applications through the Manager UI.
- Error messages when deploying, updating, or stopping applications.
- Authentication and access logs for users interacting with the Manager.
- Use Case:
- Developers use it to debug deployment failures.
- Administrators monitor unauthorized access attempts to the Manager web interface.
4. localhost_access_log.*.txt (HTTP Access Logs)
- Purpose: Tracks all incoming HTTP requests made to the server.
- Content Includes:
- Client IP address, HTTP request method (GET, POST, etc.), requested URL, and response status code.
- User agents and response times.
- Detailed logging of API requests and responses.
- Use Case:
- Security teams analyze access logs to detect suspicious activities (e.g., brute force attacks, and SQL injections).
- Developers use it to monitor API request patterns and optimize performance.
- Helps in tracking traffic sources and identifying slow-performing endpoints.
Additional Log Files
Depending on the configuration, Tomcat may generate additional logs:
host-manager.log– Logs actions related to managing virtual hosts.gc.log– Records Java Garbage Collection events for JVM performance analysis.stderr.log / stdout.log– Captures system errors and console outputs.
Each of these logs plays a crucial role in ensuring a smooth-running Tomcat server by providing visibility into different components.
Access Logs vs. Application Logs
Apache Tomcat generates different types of logs, each serving a distinct purpose. The two most commonly used log types are access logs and application logs. Understanding their differences is crucial for effective monitoring and troubleshooting.
Access Logs (localhost_access_log.*.txt)
- Purpose: Tracks all HTTP requests received by the Tomcat server.
- Content Includes:
- Timestamp of the request.
- Client IP address.
- HTTP method (GET, POST, etc.).
- Requested URL.
- Response status code (200, 404, 500, etc.).
- Response time and data size.
- Use Case:
- Security Monitoring – Helps detect suspicious activity like brute force attacks or unauthorized access attempts.
- Performance Analysis – Tracks slow endpoints and helps optimize API performance.
- Traffic Insights – Useful for analyzing request patterns and user behavior.
Example Log Entry:
192.168.1.1 - - [18/Feb/2025:12:45:30 +0000] "GET /index.html HTTP/1.1" 200 1024This means:
- The request came from IP 192.168.1.1.
- The request was made at 12:45:30 (UTC) on February 18, 2025.
- The HTTP method was GET, requesting /index.html.
- The response status was 200 (OK) with a response size of 1024 bytes.
Application Logs (catalina.out, catalina.log)
- Purpose: Records server-side events, including errors, exceptions, and debugging messages.
- Content Includes:
- Server startup and shutdown messages.
- Java exceptions and stack traces.
- Deployment and configuration logs.
- System-level warnings and debug information.
- Use Case:
- Troubleshooting Errors – Helps identify Java exceptions, application failures, and misconfigurations.
- Debugging – Developers use application logs to trace issues within the server runtime.
- Monitoring Server Health – Detects issues like memory leaks or crashes.
Example Log Entry:
18-Feb-2025 12:46:00 SEVERE [main] org.apache.catalina.core.StandardContext.listenerStart Error configuring application listener java.lang.NullPointerException at com.example.MyServlet.init(MyServlet.java:25)This means:
- A SEVERE error occurred at 12:46 PM (UTC) on February 18, 2025.
- The error is related to the application listener configuration.
The issue is a NullPointerException in MyServlet.java at line 25.
A Quick Comparison Between Access Logs and Application Logs
| Feature | Access Logs (localhost_access_log.*.txt) | Application Logs (catalina.out, catalina.log) |
|---|---|---|
| Purpose | Tracks HTTP requests | Captures server events & errors |
| Content | Client IP, HTTP method, URL, response status | Exceptions, stack traces, server startup/shutdown info |
| Focus | User activity & API requests | System health & application debugging |
| Use Case | Security analysis, traffic monitoring, performance tuning | Troubleshooting, debugging, identifying errors |
| Format | One-line per request (structured) | Multi-line logs with stack traces (unstructured) |
Both log types are essential for maintaining a stable Tomcat environment:
- Access logs help with traffic monitoring, security analysis, and performance optimization.
- Application logs assist in debugging, troubleshooting, and ensuring system stability.
Where Can I Find Tomcat Log Files?
Apache Tomcat stores its log files in predefined locations based on the operating system and configuration settings. Knowing where these logs are stored is essential for troubleshooting, monitoring, and debugging.
Default Log File Locations
| Operating System | Default Log Directory |
|---|---|
| Linux/macOS | $CATALINA_HOME/logs/ or $CATALINA_BASE/logs/ |
| Windows | C:\tomcat\logs\ or %CATALINA_HOME%\logs\ |
Understanding CATALINA_HOME and CATALINA_BASE
Tomcat’s log storage is influenced by two key environment variables:
CATALINA_HOME
- Points to the main Tomcat installation directory.
- Contains default configuration (
confdirectory) and binaries. - Logs may be written to
$CATALINA_HOME/logs/if no separate instance directory is used.
CATALINA_BASE
- Defines the instance-specific directory when running multiple Tomcat instances.
- Logs are stored in
$CATALINA_BASE/logs/, keeping logs separate for different instances. - If multiple instances of Tomcat are running, logs will typically be found under
$CATALINA_BASE/logs/rather than$CATALINA_HOME/logs/.
Default Storage Location for Access Logs
Access logs (localhost_access_log.*.txt) are typically stored in:
$CATALINA_BASE/logs/This location can be configured within the server.xml file under the AccessLogValve component:
<Valve className="org.apache.catalina.valves.AccessLogValve"
directory="logs"
prefix="localhost_access_log."
suffix=".txt"
pattern="%h %l %u %t \"%r\" %s %b" />Key Configurations
directory="logs"→ Ensures logs are saved in$CATALINA_BASE/logs/.prefix="localhost_access_log."→ Defines the log file naming convention.pattern="%h %l %u %t \"%r\" %s %b"→ Specifies the log format, including client IP, request, and response code.
What Are Tomcat Access Logs?
Access logs record details of every HTTP request that reaches the Tomcat server. These logs help identify user behavior, request trends, and potential security threats.
Each log entry follows a standard format, such as:
127.0.0.1 - - [18/Feb/2025:10:30:00 +0000] "GET /index.html HTTP/1.1" 200 1024Breaking Down an Access Log Entry
| Field | Description |
|---|---|
127.0.0.1 | Client IP address (request source) |
- - | Reserved for identity and authentication (unused) |
[18/Feb/2025:10:30:00 +0000] | Timestamp of the request |
"GET /index.html HTTP/1.1" | HTTP method, requested resource, and protocol |
200 | HTTP response status code (e.g., 200 = OK, 404 = Not Found) |
1024 | Response size in bytes |
Access logs are stored in $CATALINA_BASE/logs/ by default, unless specified otherwise in the Tomcat configuration.
How Can You Customize Log Storage and Format in Tomcat?
Tomcat provides several options for controlling where logs are stored, how they are named, and the level of detail they capture. By modifying server.xml and logging.properties, you can customize log storage, formatting, and verbosity to fit your needs.
Configuring Access Logs in server.xml
Tomcat’s AccessLogValve component allows customization of access logs, including storage location, naming conventions, and log format. You can modify these settings in the server.xml configuration file.
Example Configuration for Access Logs:
<Valve className="org.apache.catalina.valves.AccessLogValve"
directory="logs"
prefix="localhost_access_log"
suffix=".txt"
pattern="%h %l %u %t \"%r\" %s %b" />What Each Setting Does
directory="logs"→ Defines where log files are stored.prefix="localhost_access_log"→ Sets the prefix for log file names.suffix=".txt"→ Specifies the file extension.pattern="%h %l %u %t \"%r\" %s %b"→ Controls the log entry format.
This configuration ensures that access logs are saved as plain text in the specified log directory with a structured format.
Managing and Analyzing Tomcat Logs
Common File Names and Formats
Tomcat’s log files follow a predictable naming structure:
| Log File Name | Purpose |
|---|---|
catalina.<date>.log | General server events and errors |
localhost.<date>.log | Logs for the webapps hosted on Tomcat |
manager.<date>.log | Events related to the Tomcat Manager app |
localhost_access_log.*.txt | HTTP request logs (access logs) |
Analyzing Tomcat Logs Using Command-Line Tools
You can filter and analyze logs efficiently using standard Linux utilities:
- Find errors in
catalina.out:
grep 'ERROR' catalina.out | less- Extract HTTP status codes from access logs:
awk '{print $9}' localhost_access_log.* | sort | uniq -c- Track frequent client IPs:
awk '{print $1}' localhost_access_log.* | sort | uniq -c | sort -nr | headFor Windows, use PowerShell:
Select-String -Path logs\catalina.out -Pattern "ERROR"How to Customize Tomcat Logging Configuration
Tomcat uses java.util.logging (JULI) for logging, with settings managed in:
$CATALINA_BASE/conf/logging.propertiesTo customize log behavior, modify the logging.properties file. For example, to change the default log file size limit:
java.util.logging.FileHandler.limit = 5000000
java.util.logging.FileHandler.count = 5Key Configurations
- Sets a 5MB limit per log file.
- Maintains a maximum of 5 log files in rotation.
3 Best Advanced Logging Techniques You Should Know
1. Replacing Java Util Logging with Log4j
By default, Tomcat uses java.util.logging (JULI), but Log4j provides better filtering, structured logging, and external log management.
Steps to switch to Log4j:
- Remove or rename
conf/logging.properties. - Add Log4j JAR files to
$CATALINA_HOME/lib/. - Create
log4j.propertiesinside$CATALINA_BASE/conf/. - Restart Tomcat to apply changes.
Example log4j.properties file:
log4j.rootLogger=INFO, file, stdout
log4j.appender.stdout=org.apache.log4j.ConsoleAppender
log4j.appender.file=org.apache.log4j.FileAppender
log4j.appender.file.File=logs/tomcat.log2. Log Rotation to Prevent Large Log Files
On Linux, use logrotate to manage Tomcat logs automatically:
- Create a
logrotateconfig file:
sudo nano /etc/logrotate.d/tomcat- Add rotation rules:
/opt/tomcat/logs/*.log {
daily
rotate 7
compress
missingok
notifempty
}- Save and exit (
CTRL + X, thenY). - Test with:
logrotate -d /etc/logrotate.d/tomcatFor Windows:
- Use PowerShell scripts or configure log rotation in
logging.properties.
3. Implementing Log Monitoring and Alerts
To track anomalies and detect issues in real-time, integrate Tomcat logs with open-source log monitoring tools such as:
- Last9 – Modern observability platform for real-time log monitoring and insights.
- ELK Stack (Elasticsearch, Logstash, Kibana) – Centralized log management and visualization.
- Prometheus & Grafana – Monitors log metrics and generate dashboards.
- Graylog – Provides structured logging and search capabilities.
Example Last9 LogStream Config for Tomcat Logs
Last9 provides real-time monitoring, alerting, and anomaly detection using structured log ingestion.
sources:
- name: tomcat-logs
type: file
config:
path: "/opt/tomcat/logs/catalina.out"
read_from: beginning
transforms:
- name: parse_logs
type: grok
config:
pattern: "%{TIMESTAMP_ISO8601:timestamp} %{LOGLEVEL:level} %{GREEDYDATA:msg}"
sinks:
- name: last9-ingestion
type: http
config:
url: "https://api.last9.io/logs"
headers:
Authorization: "Bearer YOUR_API_KEY"This configuration:
- Reads Tomcat logs from
catalina.out. - Parses logs to extract timestamps, log levels, and messages.
- Sends structured logs to Last9 for real-time monitoring and alerting.
Using juli for Logging
Tomcat's built-in logging system, JULI (Java Util Logging Implementation), allows fine-grained logging configuration.
- It is an extension of java.util.logging and is used for both servlet applications and core application server processes.
- If a more advanced logging framework is needed, Log4j or SLF4J can be integrated into Tomcat’s logging configuration.
How to Adjust Logging Levels and Handlers in logging.properties
The logging.properties file lets you configure log levels, file rotation, and handlers to better manage log output.
Example Configuration for Logging Levels and File Handling:
java.util.logging.ConsoleHandler.level = INFO
java.util.logging.FileHandler.pattern = logs/tomcat.%u.%g.log
java.util.logging.FileHandler.limit = 10000000Breaking Down the Configuration
ConsoleHandler.level = INFO→ Controls log verbosity (INFO,WARNING,SEVERE).FileHandler.pattern = logs/tomcat.%u.%g.log→ Defines how log files are named.FileHandler.limit = 10000000→ Sets a file size limit to prevent excessive growth.
Best Practices for Managing Tomcat Logs
- Store logs in
$CATALINA_BASE/logs/for multiple instances. - Use structured log formats (JSON) for better parsing.
- Rotate logs to prevent excessive file growth.
- Monitor logs using open-source tools like ELK Stack or managed solutions like Last9.
- Integrate Log4j or external loggers for more advanced log message handling.
- Ensure logs capture key metrics without excessive verbosity.
Conclusion
Managing Tomcat logs effectively makes troubleshooting easier, improves performance, and strengthens security.
Knowing where logs are stored, customizing configurations, and using monitoring tools like ELK Stack or Last9 can save time and effort. Simple steps like log rotation, structured formatting, and integrating Log4j can go a long way in keeping logs manageable and useful.
