Tomcat on elastic beanstak: How to change server.xml to elastic beanstalk to turn off command line argument logging?

Question

Tomcat on elastic beanstak: How to change server.xml to elastic beanstalk to turn off command line argument logging?

I have a tomcat app on AWS Elastic beanstalk as recommended here I am using Environment properties to establish jdbc connection to database, this option includes user and password for database. The fact is that tomcat logger logs all parameters at startup, it looks something like this.

INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -DJDBC_CONNECTION_STRING=jdbc:mysql:///localhost:3306/mydatabase?user=me&password=mypassword

I don't want this sensitive data to be in the instance logs. How can I tell Tomcat not to log command line arguments? {or any other safe solution to the problem}

Update: So it seems that removing the line from Tomcats server.xml does the trick on my local tomcat (Thanks Kirill )

But how do I set it up on a stretchy beanstalk? I tried to create a script folder in .ebextensions with change, but it didn't work for me, the arguments are still being logged. But I'm not sure if I'm using windows and am not very good at linux scripting. Can anyone help me create this script correctly? how can I check if a script is running on an elastic beanstitch instance and if the server.xml file has changed?

+3

java tomcat amazon-web-services apache-commons-logging amazon-elastic-beanstalk

Meltzer May 17 '17 at 11:54

source to share

1 answer

Yoav aharoni · Answer 1 · 2017-09-19T05:04:44+0000

Another option that comes to mind is to run Elastic beanstalk with configuration Java

and use a Spring Boot application (or other native Tomcat deployment) instead of using config Tomcat

and war. This gives you complete control over the application bootstrap.

Tomcat on elastic beanstak: How to change server.xml to elastic beanstalk to turn off command line argument logging?

More articles: