How to enable access logs in WildFly / JBoss

In the context of Web servers, Access Logs refer to the records or files that store a detailed history of all requests made to the Web server. WildFly uses Undertow as Web Server therefore in this tutorial we will learn how to enable tracing Access Logs to monitor incoming HTTP Requests

Monitoring HTTP Requests

There are two main strategies that you can use to monitor and troubleshoot incoming HTTP requests:

  • You can enable the HTTP Request dump
  • You can enable Access logs

Let’s see how to configure both options.

Enabling HTTP Request Dump

WildFly uses Undertow as Web server, which has deprecated the element Valve used in former Tomcat Web Server. You can still monitor HTTP logging by adding a Filter to your configuration as in this example:

<host name="default-host" >
     <filter-ref name="http-dumper"/>
    <filter name="http-dumper" class-name="io.undertow.server.handlers.RequestDumpingHandler" module="io.undertow.core" />

You can add the Filter to your configuration using the following CLI command:

/subsystem=undertow/configuration=filter/custom-filter=http-dumper:add(class-name="io.undertow.server.handlers.RequestDumpingHandler",  module="io.undertow.core")

The RequestDumpingHandler filter will produce a verbose output, therefore it’s recommended not to use it in production to avoid performance issues.

Enabling Access logs

By enabling Access Logs in WildFly, you will have a record of all incoming HTTP Request either on the Console or in an Access Log File. You can also customize the format of these logs which you can than share with other monitoring tools.

Firstly, to enable Access Logs on your server, you have to enable the access-log setting of your Host as follows:

/subsystem=undertow/server=default-server/host=default-host/setting=access-log:add(pattern="%h %l %u %t \"%r\" %s %b \"%{i,Referer}\" \"%{i,User-Agent}\" Cookie: \"%{i,COOKIE}\" Set-Cookie: \"%{o,SET-COOKIE}\" SessionID: %S Thread: \"%I\" TimeTaken: %T")

Optionally, you can set the record-request-start-time attribute to true for the listener. This attribute will include the request time in the Access log:


This reflects in the following configuration:

<host name="default-host" alias="localhost">
    <location name="/" handler="welcome-content"/>
    <access-log pattern="%h %l %u %t &quot;%r&quot; %s %b &quot;%{i,Referer}&quot; &quot;%{i,User-Agent}&quot; Cookie: &quot;%{i,COOKIE}&quot; Set-Cookie: &quot;%{o,SET-COOKIE}&quot; SessionID: %S Thread: &quot;%I&quot; TimeTaken: %T"/>
    <http-invoker security-realm="ApplicationRealm"/>

Please notice that you need to use escape sequences to configure special characters such as double quotes (&quot;). Another common escape sequence is the Tab character which you can escape with &#x9;

As you can see, now Undertow writes access logs in a file named access_log.log, in the configuration/log folder:

~/jboss/wildfly-15.0.0.Final/standalone/log: ls -al
-rw-rw-r--. 1 wildfly wildfly  62997 Jan 17 10:39 access_log.log
-rw-rw-r--. 1 wildfly wildfly      0 Dec 17 15:59 audit.log
-rw-rw-r--. 1 wildfly wildfly 589363 Jan 17 10:38 server.log

How to Rotate Access Logs

Out of the box, the Access Log has no built-in capabilities to rotate on a time or size basis. On the other hand, the Logging subsystem is capable of rotating Logs using Handlers such as the Periodic Size Rotating Handler.

Therefore, we can Rotate Access logs by enabling them to use the (logging) server-log mechanism. Then, we can define the Rotating policy in the Periodic Handler attributes.

For example:

/subsystem=undertow/server=default-server/host=default-host/setting=access-log:write-attribute(name="use-server-log", value="true")
/subsystem=logging/periodic-size-rotating-file-handler=ACCESS_LOG:add(autoflush=true, append=true, named-formatter=ACCESS_LOG_FORMATTER, file={relative-to="jboss.server.log.dir", path="access_log.log"}, rotate-size=100m, suffix=".yyyy-MM-dd", max-backup-index=5)
/subsystem=logging/logger=io.undertow.accesslog:add(handlers=[ACCESS_LOG], use-parent-handlers=false)

The above example, enables Rotation of Access Logs every 100 MB of Data or on a daily basis, with a maximum number of 5 Backup copies.

Emitting Access Logs in JSON Format

Many log management and analysis tools (Elasticsearch, Logstash, Splunk etc) support JSON log formats. Therefore you may need to configure Access Log format as JSON.

Firstly, make sure you have enabled the access-log setting (See section “Enabling Access logs“)

Then, make sure you have also set the attribute “use-server-log” to true so that the Logging Subsystem will be able to handle the Access Log:

subsystem=undertow/server=default-server/host=default-host/setting=access-log:write-attribute(name="use-server-log", value="true")

Finally, configure the logging subsystem to use the json-formatter for the access.json file that will be written in the jboss.server.log.dir:

/subsystem=logging/file-handler=access-json:add(autoflush=true, named-formatter=json, append=true, file={relative-to=jboss.server.log.dir, path=access.json})
/subsystem=logging/logger=io.undertow.accesslog:add(use-parent-handlers=false, handlers=[access-json])

You can then expect to see the Access Logs in JSON format:

wildfly access logs configuration step-by-step

JBoss AS 7 / JBoss EAP 6 users

To enable HTTP logging, you need to go to the deploy/jbossweb-tomcat55.sar directory. There you will see the server.xml file, to which you’ll need to add the following valve definition:

<Valve className="org.apache.catalina.valves.FastCommonAccessLogValve"
           prefix="localhost_access_log." suffix=".log"
           pattern="common" directory="${jboss.server.home.dir}/log"
           resolveHosts="false" />

A Valve element represents a component that will be inserted into the request processing pipeline for the associated Catalina container. The Access Log Valve creates log files in the same format as those created by standard web servers. These logs can later be analyzed by standard log analysis tools to track page hit counts, user session activity, and so on. The files produces by this Valve are rolled over nightly at midnight.

Once you’ve restarted the server, Tomcat will create an access log.


In conclusion, understanding and configuring access logs in WildFly is a pivotal aspect of maintaining, monitoring, and optimizing the performance and security of your server. By delving into this tutorial, you have acquired the knowledge and skills necessary to harness the power of access logs.