ibspoof/Solr_Tomcat_Config_LogRequests.xml

## logrotate_conf

/var/log/tomcat/catalina.out {
  copytruncate
  daily
  rotate 14
  compress
  missingok
}

<Valve className="org.apache.catalina.valves.AccessLogValve rotatable=false/>

## show_top_queries.bash
#!/bin/bash

SORT_BY=$1
LOG_FILE=$2
URL_DECODE=1

case "$SORT_BY" in
'time')
SORT_COLUMN=10
;;
'payload')
SORT_COLUMN=9
;;
*)
echo "Usage: $0 [time|payload] [LOG_FILE]"
;;

esac

if [ "x$SORT_COLUMN" == "x" ]; then
    exit 1;
fi

if [ "x$3" != "x" ]; then
    URL_DECODE=false;
fi

if [ "$URL_DECODE" == 1 ]; then
    cat "$LOG_FILE" | grep -v ".js" | sort -nrk${SORT_COLUMN},${SORT_COLUMN} | sort -uk6,6 | sort -nrk${SORT_COLUMN},${SORT_COLUMN} | perl -pe 's/\+/ /g; s/%([0-9a-f]{2})/chr(hex($1))/eig'
else
    cat "$LOG_FILE" | grep -v ".js" | sort -nrk${SORT_COLUMN},${SORT_COLUMN} | sort -uk6,6 | sort -nrk${SORT_COLUMN},${SORT_COLUMN}
fi

## Solr_Tomcat_Config_LogRequests.xml
# File location /usr/share/dse/resources/tomcat/conf/server.xml or /dse/resources/tomcat/conf/server.xml

# Find
<Host name="localhost"  appBase="../solr/web"...

#insert below XML node
    <Valve className="org.apache.catalina.valves.AccessLogValve" directory="/tmp/"
               prefix="solr_access." suffix=".log" pattern="%h %u %t &quot;%r&quot; %s %B %D %v"
               resolveHosts="false" rotatable="true" fileDateFormat="yyyy-MM-dd"/>

</Host>

# See: https://tomcat.apache.org/tomcat-5.5-doc/config/valve.html for all settings and available patterns

# Log will rotate daily based on the fileDateFormat config. To rotate hourly change to fileDateFormat="yyyy-MM-dd.HH"
# If wanted to rotate on size set rotatable="false" and use system's logrotate service to manage files.

# example log
# tail -f /tmp/solr_access.2016-07-06.log
# 10.10.11.1 - [06/Jul/2016:18:37:18 +0000] 'GET /solr/test.users/select?q=*%3A*&wt=json HTTP/1.1' 200 152 97 10.10.11.10
# ClientIP User Timestamp                    RequestURI                                            ResponseCode Bytes ResponseTimeMs HostIP

	/var/log/tomcat/catalina.out {
	copytruncate
	daily
	rotate 14
	compress
	missingok
	}

	<Valve className="org.apache.catalina.valves.AccessLogValve rotatable=false/>
	#!/bin/bash

	SORT_BY=$1
	LOG_FILE=$2
	URL_DECODE=1

	case "$SORT_BY" in
	'time')
	SORT_COLUMN=10
	;;
	'payload')
	SORT_COLUMN=9
	;;
	*)
	echo "Usage: $0 [time\|payload] [LOG_FILE]"
	;;

	esac

	if [ "x$SORT_COLUMN" == "x" ]; then
	exit 1;
	fi

	if [ "x$3" != "x" ]; then
	URL_DECODE=false;
	fi

	if [ "$URL_DECODE" == 1 ]; then
	cat "$LOG_FILE" \| grep -v ".js" \| sort -nrk${SORT_COLUMN},${SORT_COLUMN} \| sort -uk6,6 \| sort -nrk${SORT_COLUMN},${SORT_COLUMN} \| perl -pe 's/\+/ /g; s/%([0-9a-f]{2})/chr(hex($1))/eig'
	else
	cat "$LOG_FILE" \| grep -v ".js" \| sort -nrk${SORT_COLUMN},${SORT_COLUMN} \| sort -uk6,6 \| sort -nrk${SORT_COLUMN},${SORT_COLUMN}
	fi
	# File location /usr/share/dse/resources/tomcat/conf/server.xml or /dse/resources/tomcat/conf/server.xml

	# Find
	<Host name="localhost" appBase="../solr/web"...

	#insert below XML node
	<Valve className="org.apache.catalina.valves.AccessLogValve" directory="/tmp/"
	prefix="solr_access." suffix=".log" pattern="%h %u %t "%r" %s %B %D %v"
	resolveHosts="false" rotatable="true" fileDateFormat="yyyy-MM-dd"/>

	</Host>

	# See: https://tomcat.apache.org/tomcat-5.5-doc/config/valve.html for all settings and available patterns

	# Log will rotate daily based on the fileDateFormat config. To rotate hourly change to fileDateFormat="yyyy-MM-dd.HH"
	# If wanted to rotate on size set rotatable="false" and use system's logrotate service to manage files.

	# example log
	# tail -f /tmp/solr_access.2016-07-06.log
	# 10.10.11.1 - [06/Jul/2016:18:37:18 +0000] 'GET /solr/test.users/select?q=%3A&wt=json HTTP/1.1' 200 152 97 10.10.11.10
	# ClientIP User Timestamp RequestURI ResponseCode Bytes ResponseTimeMs HostIP