All docs This doc
Skip to end of metadata
Go to start of metadata

Access logs keep track of access to parts of WSO2 ESB. There are two types of access logs in WSO2 ESB:

  1. Service and REST API invocation access log: tracks when a service or REST API is invoked 
  2. Management Console access log: tracks usage of the Management Console

Service and REST API Invocations Access Log

By default, the service/API invocation access logs are disabled for performance reasons. 

If you want to enable them, change the log level from WARN to INFO for the following entry in the <ESB_HOME>/repository/conf/ configuration file.

Once enabled, the service/API invocation access logs will be written into the <ESB_HOME>/repository/logs folder with the default name of http_access_<YYYY>_<MM>_<DD>.log. For example, http_access_2016_08_20.log will be created for activity on August 20, 2016. The log is rotated on a daily basis.

You can customize the format of this access log by using the following properties in the <ESB_HOME>/repository/conf/ configuration file:

  • File location:
  • File prefix:
  • File suffix:
  • File date format: 
  • Log pattern: 
    access_log_pattern=%{X-Forwarded-For}i %h %l %u %t \"%r\" %s %b \"%{Referer}i\" \"%{User-Agent}i\"
    This default log pattern uses a modified version of the Apache combined log format. The X-Forwarded-For header is appended to the beginning of the usual combined log format to correctly identify the original node that sent the request when requests may go through a proxy such as a load balancer. The X-Forwarded-For header must be present in the incoming request for this to be logged. You can modify this property to use other log patterns as follows:

The Custom Logger supports the below attributes.


Remote IP address


Local IP address


Bytes sent, excluding HTTP headers, or '-' if zero


Bytes sent, excluding HTTP headers


Cookie value


Accept header


Accept Encoding


Transfer Encoding


Remote host name (or IP address if enableLookups for the connector is false)


Remote logical username from identd (always returns '-')


Accept Language


Keep Alive


Request method (GET, POST, etc.)


Content Encoding


Request Element


HTTP status code of the response


Accept Chatset


Date and time, in Common Log Format


Content Type


Remote user that was authenticated (if any), else '-'


Requested URL path


Local server name


Vary Header


Connection Header


Server Header

Management Console Access Log

By default, the Management Console access log is written to the <ESB_HOME>/repository/logs/http_access_management_console_<YYYY>_<MM>_<DD>.log file. It is rotated on a daily basis. 

To customize the Management Console access log, including the location where the file is written and the format, you can edit the <ESB_HOME>/repository/conf/tomcat/catalina-server.xml file. In this file, under "Valves", you can find the following access log configuration where you can modify the org.apache.catalina.valves.AccessLogValve attributes.

<Valve className="org.apache.catalina.valves.AccessLogValve" directory="${carbon.home}/repository/logs"
               prefix="http_access_management_console_" suffix=".log"
               pattern="combined" />

For more information, see AccessLogValve in the Apache Tomcat documentation.  

  • No labels