Tomcat is generating logs in multiple places, one in the default path "/logs" and another in the custom directory that is specified externally - linux

We are planning to rotate the log that is generated by Tomcat using Logrotate for volume maintenance. When I checked for the logs I was able to find two places in which these logs were been generated "../apache-tomcat-7.0.57/logs" and in the path that is specified in the "". I did check in the Tomcat document, from which I was able to understand that Tomcat uses the default path which is "/logs" is no path is mentioned externally in "". I was not able to find if I have missed any configuration. file:
handlers =,,,, java.util.logging.ConsoleHandler
.handlers =, java.util.logging.ConsoleHandler
# Handler specific properties.
# Describes specific configuration info for Handlers.
############################################################ = FINE = <custome path> = catalina. = FINE = <custome path> = localhost. = FINE = <custome path> = manager. = FINE = <custome path> = host-manager.
java.util.logging.ConsoleHandler.level = FINE
java.util.logging.ConsoleHandler.formatter = java.util.logging.SimpleFormatter
# Facility specific properties.
# Provides extra control for each logger.
org.apache.catalina.core.ContainerBase.[Catalina].[localhost].level = INFO
org.apache.catalina.core.ContainerBase.[Catalina].[localhost].handlers =
org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/manager].level = INFO
org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/manager].handlers =
org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/host-manager].level = INFO
org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/host-manager].handlers =
# For example, set the org.apache.catalina.util.LifecycleBase logger to log
# each component that extends LifecycleBase changing state:
#org.apache.catalina.util.LifecycleBase.level = FINE
# To see debug messages in TldLocationsCache, uncomment the following line:
#org.apache.jasper.compiler.TldLocationsCache.level = FINE
My question is why are the logs getting generated in multiple places and how to make it log in just in one directory for maintaining the same ?
By default - It'll log to ${catalina.base}/logs which is what you should see in ${catalina.base}/conf/
Additionally standard output (aka exception.printStackTrace()) goes into (by default) ${catalina.base}/logs/catalina.out
${catalina.base}/logs/catalina.out can be set to a different file by setting the environment variable CATALINA_OUT or CATALINA_OUT_CMD. So see what CATALINA_OUT_CMD does - It'll be easier to read the comments in ${catalina.home}/bin/


HADOOP_CONF_DIR seems to overrule SPARK_CONF_DIR for log4j configuration

Hi we're running a spark driver program in pyspark in yarn-client mode
spark version = spark 3.2.1
We have following environment variables set:
HADOOP_CONF_DIR = points to a folder containing all hadoop configuration files like hdfs-site.xml, hive-site.xml, etc. It also contains a file.
SPARK_CONF_DIR = points to a folder containing the spark-defaults file and the file
These are the contents of the file in the folder referred to by HADOOP_CONF_DIR:
log4j.appender.console.layout.ConversionPattern=%d{yy/MM/dd HH:mm:ss} %p %c{2}: %m%n
These are the contents of the file in the folder referred bo by SPARK_CONF_DIR:
# Log files location
property.basePath = ${env:LOG_PATH}
# Set everything to be logged to the console
appender.rolling.type = RollingFile = fileLogger
appender.rolling.fileName= ${basePath}/vdp-ingestion.log
appender.rolling.filePattern= ${basePath}/vdp-ingestion_%d{yyyyMMdd}.log.gz
# log in json-format -> based on LogstashJsonEventLayout
appender.rolling.layout.type = JsonTemplateLayout
appender.rolling.layout.eventTemplateUri = classpath:LogstashJsonEventLayoutV1.json
# overrule message -> by default treated as a string, however we want an object so we can use the native JSON format
# and use the underlying objects in kibana log filters
appender.rolling.layout.eventTemplateAdditionalField[0].type = EventTemplateAdditionalField
appender.rolling.layout.eventTemplateAdditionalField[0].key = message
appender.rolling.layout.eventTemplateAdditionalField[0].value = {"$resolver": "message", "fallbackKey": "message"}
appender.rolling.layout.eventTemplateAdditionalField[0].format = JSON
appender.rolling.layout.eventTemplateAdditionalField[1].type = EventTemplateAdditionalField
appender.rolling.layout.eventTemplateAdditionalField[1].key = pid
appender.rolling.layout.eventTemplateAdditionalField[1].value = {"$resolver": "pattern", "pattern": "%pid"}
appender.rolling.layout.eventTemplateAdditionalField[1].format = JSON
appender.rolling.layout.eventTemplateAdditionalField[2].type = EventTemplateAdditionalField
appender.rolling.layout.eventTemplateAdditionalField[2].key = tid
appender.rolling.layout.eventTemplateAdditionalField[2].value = {"$resolver": "pattern", "pattern": "%tid"}
appender.rolling.layout.eventTemplateAdditionalField[2].format = JSON
appender.rolling.policies.type = Policies
# RollingFileAppender rotation policy
appender.rolling.policies.size.type = SizeBasedTriggeringPolicy
appender.rolling.policies.size.size = 10MB
appender.rolling.policies.time.type = TimeBasedTriggeringPolicy
appender.rolling.policies.time.interval = 1
appender.rolling.policies.time.modulate = true
appender.rolling.strategy.type = DefaultRolloverStrategy
appender.rolling.strategy.delete.type = Delete
appender.rolling.strategy.delete.basePath = ${basePath}
appender.rolling.strategy.delete.maxDepth = 10
appender.rolling.strategy.delete.ifLastModified.type = IfLastModified
# Delete all files older than 30 days
appender.rolling.strategy.delete.ifLastModified.age = 30d
rootLogger.level = INFO
rootLogger.appenderRef.rolling.ref = fileLogger = org.apache.spark
logger.spark.level = WARN
logger.spark.additivity = false
logger.spark.appenderRef.stdout.ref = fileLogger
# Set the default spark-shell log level to WARN. When running the spark-shell, the
# log level for this class is used to overwrite the root logger's log level, so that
# the user can have different defaults for the shell and regular Spark apps.
logger.spark.repl.Main.level = WARN
logger.spark.repl.SparkIMain$exprTyper.level = INFO
logger.spark.repl.SparkILoop$SparkILoopInterpreter.level = INFO
# Settings to quiet third party logs that are too verbose = org.sparkproject.jetty
logger.jetty.level = WARN
logger.jetty.util.component.AbstractLifeCycle.level = ERROR = org.apache.parquet
logger.parquet.level = ERROR
# SPARK-9183: Settings to avoid annoying messages when looking up nonexistent UDFs in SparkSQL with Hive support = org.apache.hadoop
logger.hadoop.level = WARN
logger.hadoop.hive.metastore.RetryingHMSHandler.level = FATAL
logger.hadoop.hive.ql.exec.FunctionRegistry.level = ERROR
logger.spark.sql.level = WARN
When we start up the pyspark program it finds the file and we can see that all non root level logs are captured in json for all dependencies
However, for some reason the settings of the apply to the spark driver logs and all these are reported to the console instead. If we change the level or format in the file these settings are applied to the driver log output.
Is there any reason why spark would use the hadoop file instead of the file? Are we missing some setting here?
We also tried to provide the file to the drivers extra java options in spark-defaults:
spark.driver.extraJavaOptions -Dlog4j.configurationFile=file:/spark_conf_dir/
where spark_conf_dir = the folder referred to by SPARK_CONF_DIR
But also this didn't work. For some reason the system always applies the settings for the driver program. It seems that it overrules the settings in the file with the settings in the file.
This is on a virtual machine. If we remove the file in the HADOOP_CONF_DIR then nothing gets reported for the driver program (maybe the default error but currently nothing shows up).
If we build up a docker instead with the same program but from a base python image with pyspark we don't have this issue. Then the log output of the driver program and dependent spark packages are delivered in the log file in json format.
I would expect that providing -Dlog4j.configurationFile=file:/spark_conf_dir/ in the spark.driver.extraJavaOptions would solve the issue.
Or that SPARK_CONF_DIR would take precedence over HADOOP_CONF_DIR for the log4j configuration.

Suppress INFO-log in Spark by changing file

I read that to suppress the plethora of INFO-log messages in Spark I need to change the line
log4j.rootCategory=INFO, console
log4j.rootCategory=ERROR, console
in my, which in my case I found in
Yet the structure of my file seems to be different to what I found from other users:
# Set everything to be logged to the console
rootLogger.level = error
rootLogger.appenderRef.stdout.ref = console
# In the pattern layout configuration below, we specify an explicit `%ex` conversion
# pattern for logging Throwables. If this was omitted, then (by default) Log4J would
# implicitly add an `%xEx` conversion pattern which logs stacktraces with additional
# class packaging information. That extra information can sometimes add a substantial
# performance overhead, so we disable it in our default logging config.
# For more information, see SPARK-39361.
appender.console.type = Console = console = SYSTEM_ERR
appender.console.layout.type = PatternLayout
appender.console.layout.pattern = %d{yy/MM/dd HH:mm:ss} %p %c{1}: %m%n%ex
# Set the default spark-shell/spark-sql log level to WARN. When running the
# spark-shell/spark-sql, the log level for these classes is used to overwrite
# the root logger's log level, so that the user can have different defaults
# for the shell and regular Spark apps. = org.apache.spark.repl.Main
logger.repl.level = warn = org.apache.spark.sql.hive.thriftserver.SparkSQLCLIDriver
logger.thriftserver.level = warn
# Settings to quiet third party logs that are too verbose = org.sparkproject.jetty
logger.jetty1.level = warn = org.sparkproject.jetty.util.component.AbstractLifeCycle
logger.jetty2.level = error = org.apache.spark.repl.SparkIMain$exprTyper
logger.replexprTyper.level = info = org.apache.spark.repl.SparkILoop$SparkILoopInterpreter
logger.replSparkILoopInterpreter.level = info = org.apache.parquet
logger.parquet1.level = error = parquet
logger.parquet2.level = error
# SPARK-9183: Settings to avoid annoying messages when looking up nonexistent UDFs in SparkSQL with Hive support = org.apache.hadoop.hive.metastore.RetryingHMSHandler
logger.RetryingHMSHandler.level = fatal = org.apache.hadoop.hive.ql.exec.FunctionRegistry
logger.FunctionRegistry.level = error
# For deploying Spark ThriftServer
# SPARK-34128: Suppress undesirable TTransportException warnings involved in THRIFT-4805
appender.console.filter.1.type = RegexFilter
appender.console.filter.1.regex = .*Thrift error occurred during processing of message.*
appender.console.filter.1.onMatch = deny
appender.console.filter.1.onMismatch = neutral
So I simply added said line into the script. This does still not change anything.
When I type into my mac terminal spark-submit, right at the beginning of the following output, I read:
Using Spark's default log4j profile: org/apache/spark/
Unfortunately I have no idea where that "org"-folder even is. This is confusing because , as stated above, my properties folder is entirely elsewhere.
I further learnt here that I should add
--conf spark.driver.extraJavaOptions=-Dlog4j.configuration=file:///usr/local/Cellar/apache-spark/3.3.0/libexec/conf/
to my spark-submit. In whole that'd be in my case:
spark-submit --conf
Yet that does not do anything. Script works, but the INFO-logging is still there. What am I doing wrong?
This answer has been helpful for me while I was running Spark in local mode, with the only difference being that it is

SonarQube( SAST SCAN) log injection hotspot issue

I have written code to add logs using logging module in python. I tried running code through Sonarqube, It is showing following error .
Make sure that this logger's configuration is safe.
python code:
from logging.config import fileConfig
import logging
#this is the Alembic Config object, which provides
# access to the values within the .ini file in use.
config = context.config
# Interpret the config file for Python logging.
# This line sets up loggers basically.
logger = logging.getLogger("alembic.env")
class DefaultConfig:
DEBUG = False
Please help to resolve this hotspot. And one more question I have, Is it mandatory to look into low priority hotspots.

How to use two databases: Postgres and Snowflake with alembic and sqlachemy?

I want to use two databases: Postgres and Snowflake using alembic migration tool in a single fastapi app.
Able to perform alembic migrations and alembic upgrade if using single database i.e. Postgres but on using multiple databases alembic is creating problems.
Tried using snowflake database independently on a different app with only snowflake as a database. It is working perfectly fine with revisions and alembic upgrade but not working on a single app with two databases.
Here is my directory structure as suggested in few articles:
Here is my alembic.ini file generated for postgres, but I manipulated it to support snowflake:
# A generic, single database configuration.
# path to migration scripts
script_location = db-migration
# path to and migration scripts for schema1
script_location = snowflake-db-migration
# template used to generate migration files
# file_template = %%(rev)s_%%(slug)s
# sys.path path, will be prepended to sys.path if present.
# defaults to the current working directory.
prepend_sys_path = .
# timezone to use when rendering the date
# within the migration file as well as the filename.
# string value is passed to
# leave blank for localtime
# timezone =
# max length of characters to apply to the
# "slug" field
# truncate_slug_length = 40
# set to 'true' to run the environment during
# the 'revision' command, regardless of autogenerate
# revision_environment = false
# set to 'true' to allow .pyc and .pyo files without
# a source .py file to be detected as revisions in the
# versions/ directory
# sourceless = false
# version location specification; this defaults
# to db-migration/versions. When using multiple version
# directories, initial revisions must be specified with --version-path
# version_locations = %(here)s/bar %(here)s/bat db-migration/versions
# the output encoding used when revision files
# are written from
# output_encoding = utf-8
#sqlalchemy.url = driver://user:pass#localhost/dbname
# post_write_hooks defines scripts or Python functions that are run
# on newly generated revision scripts. See the documentation for further
# detail and examples
# format using "black" - use the console_scripts runner, against the "black" entrypoint
# hooks = black
# black.type = console_scripts
# black.entrypoint = black
# black.options = -l 79 REVISION_SCRIPT_FILENAME
# Logging configuration
keys = root,sqlalchemy,alembic
keys = console
keys = generic
level = WARN
handlers = console
qualname =
level = WARN
handlers =
qualname = sqlalchemy.engine
level = INFO
handlers =
qualname = alembic
class = StreamHandler
args = (sys.stderr,)
level = NOTSET
formatter = generic
format = %(levelname)-5.5s [%(name)s] %(message)s
datefmt = %H:%M:%S
Above file is able to create revision scripts inside versions/ folder of snowflake-db-migration. But not able to run the generated revision using(throwing errors):
alembic upgrade head
How to convert this .ini file to support multi-database .ini file?
Tried using command:
alembic init --template multidb snowflake-db-migration
But not sure how to integrate changes here.
Also don't want to hardcode sqlalchemy.url variable in .ini file as required to use snowflake variables from a .toml file which contains all environment variables.
There are few answers but none of them are accepted and exactly similar to my use case.

Registry tab does not work

I have installed gitlab on AWS server and it is working as expected.
But when I click on "Registry" tab, I am shown page not found error (500)
The relevant part from /etc/gitlab/gitlab.rb
gitlab_rails['gitlab_default_projects_features_container_registry'] = true
# registry_external_url ''
registry_external_url ''
# Settings used by GitLab application
gitlab_rails['registry_enabled'] = true
gitlab_rails['registry_host'] = ""
gitlab_rails['registry_port'] = "5005"
gitlab_rails['registry_api_url'] = "http://localhost:5000"
gitlab_rails['registry_key_path'] = "/var/opt/gitlab/gitlab-rails/certificate.key"
gitlab_rails['registry_path'] = "/var/opt/gitlab/gitlab-rails/shared/registry"
gitlab_rails['registry_issuer'] = "omnibus-gitlab-issuer"
# Settings used by Registry application
registry['enable'] = true
registry['username'] = "registry"
registry['group'] = "registry"
registry['uid'] = nil
registry['gid'] = nil
registry['dir'] = "/var/opt/gitlab/registry"
registry['log_directory'] = "/var/log/gitlab/registry"
registry['log_level'] = "info"
registry['rootcertbundle'] = "/var/opt/gitlab/registry/certificate.crt"
registry['storage_delete_enabled'] = true
As per the logs below, I need gitlab-registry.key file in the correct location. What is this file and how do I generate one?
tail /var/log/gitlab/gitlab-rails/production.log
Started GET "/root/test/container_registry" for at 2016-10-24 08:29:27 +0000
Processing by Projects::ContainerRegistryController#index as HTML
Parameters: {"namespace_id"=>"root", "project_id"=>"test"}
Completed 500 Internal Server Error in 23ms (ActiveRecord: 3.5ms)
Errno::ENOENT (No such file or directory # rb_sysopen - /var/opt/gitlab/gitlab-rails/etc/gitlab-registry.key):
lib/json_web_token/rsa_token.rb:20:in `read'
lib/json_web_token/rsa_token.rb:20:in `key_data'
lib/json_web_token/rsa_token.rb:24:in `key'
lib/json_web_token/rsa_token.rb:28:in `public_key'
lib/json_web_token/rsa_token.rb:33:in `kid'
lib/json_web_token/rsa_token.rb:12:in `encoded'
app/services/auth/container_registry_authentication_service.rb:30:in `full_access_token'
app/models/project.rb:421:in `container_registry_repository'
app/controllers/projects/container_registry_controller.rb:28:in `container_registry_repository'
app/controllers/projects/container_registry_controller.rb:8:in `index'
lib/gitlab/request_profiler/middleware.rb:15:in `call'
lib/gitlab/middleware/go.rb:16:in `call'
Update 2
I guess I need to generate a certificate as explained here...
Check the GitLab server log (since it is an error 500. Example of such logs: issue 23019)
There is an issue pending with GitLab 8.13: 23575: No way to enable container registry, with a merge request 7037: Fix typo in project settings that prevents users from enabling container registry.
They might be related with your issue.
Issue 23339 mentions also "sorting out self signed certs problem (my registry is under different domain than gitlab itself)": that should not be the case here.
Issue 23181 (Pushing to Registry Still Frequently Encounters unauthorized: authentication required) suggests that the error is gone ofr docker 1.11+ (so it depends on which version of docker you are using on AWS)
Regarding gitlab-registry.key mentioned by the OP's edit, it should be created by a simple reconfigure, if declared properly.
So double-check:
It turns out it was a typo on my part.
The config key is registry_nginx["ssl_certificate"] not registry_nginx[ssl_certificate].
1218 and merge request 3787 which show how this feature was added.
Try to set only few of the registry settings like :
registry_external_url ''
Don't set the gitlab_rail['registry'] and registry['xxxxx'] if you want to keep the default values, and don't set values if you don't know what you are modifying.
About the certificates, check at the very bottom of the gitlab.rb file, and here you can set your certificates for the registry:
registry_nginx['ssl_certificate'] = "/path/to/my/cert.crt"
registry_nginx['ssl_certificate_key'] = "/path/to/my/key.key"
Also check the output of this commands to make a check of your GitLab instance:
sudo gitlab-rake gitlab:check
Just like deporclick did, Set your certificates for the registry as:
registry_nginx['ssl_certificate'] = "/path/to/my/cert.crt"
registry_nginx['ssl_certificate_key'] = "/path/to/my/key.key"
